• Johannes Berg's avatar
    mac80211: fix TKIP replay vulnerability · 34459512
    Johannes Berg authored
    Unlike CCMP, the presence or absence of the QoS
    field doesn't change the encryption, only the
    TID is used. When no QoS field is present, zero
    is used as the TID value. This means that it is
    possible for an attacker to take a QoS packet
    with TID 0 and replay it as a non-QoS packet.
    
    Unfortunately, mac80211 uses different IVs for
    checking the validity of the packet's TKIP IV
    when it checks TID 0 and when it checks non-QoS
    packets. This means it is vulnerable to this
    replay attack.
    
    To fix this, use the same replay counter for
    TID 0 and non-QoS packets by overriding the
    rx->queue value to 0 if it is 16 (non-QoS).
    
    This is a minimal fix for now. I caused this
    issue in
    
    commit 1411f9b5
    Author: Johannes Berg <johannes@sipsolutions.net>
    Date:   Thu Jul 10 10:11:02 2008 +0200
    
        mac80211: fix RX sequence number check
    
    while fixing a sequence number issue (there,
    a separate counter needs to be used).
    
    Cc: stable@kernel.org
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    34459512
wpa.c 15.6 KB