Commit e54faf29 authored by Johannes Berg's avatar Johannes Berg

mac80211: allow transmitting deauth with tainted key

When we had a connection for WoWLAN and after resume it
needed to be disconnected, the previous commit enabled
sending a deauth frame to the AP. This frame would not
go through on MFP-enabled networks as the key for it is
marked tainted before the frame is transmitted.

Allow a tainted key to be used for deauth frames. Worst
case, we'll use a wrong key because the PTK was rekeyed
while suspended, but more likely the PTK is still fine
and the taint flag really only applies to the GTK(s).
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 2ca813ad
...@@ -594,7 +594,8 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) ...@@ -594,7 +594,8 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
break; break;
} }
if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED)) if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
!ieee80211_is_deauth(hdr->frame_control)))
return TX_DROP; return TX_DROP;
if (!skip_hw && tx->key && if (!skip_hw && tx->key &&
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment