Commit f2ca3ea4 authored by Jouni Malinen's avatar Jouni Malinen Committed by John W. Linville
Browse files

mac80211: MFP - Drop unprotected Action frames prior key setup 



When management frame protection (IEEE 802.11w) is used, unprotected
Robust Action frames are not allowed prior to key configuration.
However, unprotected Deauthentication and Disassociation frames are
allowed at that point, but not after key configuration.

Make ieee80211_drop_unencrypted() handle the special cases for MFP by
separating the basic Data frame case from Management frame processing
and handle the Management frames only if MFP has been negotiated. In
addition, do not use sdata->drop_unencrypted for Management frames
since the decision on whether to accept the frame depends on the key
being configured.

Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 0c7c10c7

net/mac80211/rx.c

+19 −9
Original line number Diff line number Diff line
@@ -1221,17 +1221,27 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) 
	/* Drop unencrypted frames if key is set. */

	if (unlikely(!ieee80211_has_protected(fc) &&

		     !ieee80211_is_nullfunc(fc) &&

		     (!ieee80211_is_mgmt(fc) ||

		      (ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&

		       rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP))) &&

		     ieee80211_is_data(fc) &&

		     (rx->key || rx->sdata->drop_unencrypted)))

		return -EACCES;

	if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {

		if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&

			     rx->key))

			return -EACCES;

		/* BIP does not use Protected field, so need to check MMIE */

	if (unlikely(rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP) &&

		     ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&

		     ieee80211_get_mmie_keyidx(rx->skb) < 0 &&

		     (rx->key || rx->sdata->drop_unencrypted)))

		if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb)

			     && ieee80211_get_mmie_keyidx(rx->skb) < 0 &&

			     rx->key))

			return -EACCES;

		/*

		 * When using MFP, Action frames are not allowed prior to

		 * having configured keys.

		 */

		if (unlikely(ieee80211_is_action(fc) && !rx->key &&

			     ieee80211_is_robust_mgmt_frame(

				     (struct ieee80211_hdr *) rx->skb->data)))

			return -EACCES;

	}



	return 0;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE