Commit 8312512e authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
Browse files

mac80211: drop unencrypted frames if encryption is expected 



This patch fixes a regression I (most likely) introduced, namely that
unencrypted frames are right now accepted even if we have a key for that
specific sender. That has very bad security implications.

Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 8b393f1d

net/mac80211/rx.c

+1 −1
Original line number Diff line number Diff line
@@ -997,7 +997,7 @@ ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx) 
	if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&

		     (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&

		     (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&

		     rx->sdata->drop_unencrypted &&

		     (rx->key || rx->sdata->drop_unencrypted) &&

		     (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) {

		if (net_ratelimit())

			printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "

CRA Git | Maintained and supported by SUSTech CRA and CCSE