Commit bef5d1c7 authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

mac80211: split ieee80211_drop_unencrypted

Currently, ieee80211_drop_unencrypted is called
from management and data frame context, and the
different contexts pass different frames. This
could lead to it processing an 802.3 frame as an
802.11 frame when MFP is enabled.

Move the MFP part of ieee80211_drop_unencrypted
into a new function that is only called for mgmt
frames.

Cc: Jouni Malinen <j@w1.fi>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 04662360
...@@ -1397,6 +1397,21 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) ...@@ -1397,6 +1397,21 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
ieee80211_is_data(fc) && ieee80211_is_data(fc) &&
(rx->key || rx->sdata->drop_unencrypted))) (rx->key || rx->sdata->drop_unencrypted)))
return -EACCES; return -EACCES;
return 0;
}
static int
ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
{
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
__le16 fc = hdr->frame_control;
int res;
res = ieee80211_drop_unencrypted(rx, fc);
if (unlikely(res))
return res;
if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
rx->key)) rx->key))
...@@ -1872,7 +1887,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) ...@@ -1872,7 +1887,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
if (!(rx->flags & IEEE80211_RX_RA_MATCH)) if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
if (ieee80211_drop_unencrypted(rx, mgmt->frame_control)) if (ieee80211_drop_unencrypted_mgmt(rx))
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
switch (mgmt->u.action.category) { switch (mgmt->u.action.category) {
...@@ -2014,14 +2029,13 @@ static ieee80211_rx_result debug_noinline ...@@ -2014,14 +2029,13 @@ static ieee80211_rx_result debug_noinline
ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
{ {
struct ieee80211_sub_if_data *sdata = rx->sdata; struct ieee80211_sub_if_data *sdata = rx->sdata;
struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
ieee80211_rx_result rxs; ieee80211_rx_result rxs;
if (!(rx->flags & IEEE80211_RX_RA_MATCH)) if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_DROP_MONITOR; return RX_DROP_MONITOR;
if (ieee80211_drop_unencrypted(rx, mgmt->frame_control)) if (ieee80211_drop_unencrypted_mgmt(rx))
return RX_DROP_MONITOR; return RX_DROP_UNUSABLE;
rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb); rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb);
if (rxs != RX_CONTINUE) if (rxs != RX_CONTINUE)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment