1 From: Johannes Berg <johannes.berg@intel.com>
2 Date: Tue, 11 May 2021 20:02:46 +0200
3 Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers
5 With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
6 since A-MSDUs are only supported if we know that they are, and
7 the only practical way for that is HT support which doesn't
10 However, we would normally accept them anyway. Since we check
11 the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
12 the QoS header is not protected in TKIP (or WEP), this enables
13 attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
14 completely with old ciphers.
16 Cc: stable@vger.kernel.org
17 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 --- a/net/mac80211/rx.c
21 +++ b/net/mac80211/rx.c
23 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net>
24 * Copyright 2013-2014 Intel Mobile Communications GmbH
25 * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
26 - * Copyright (C) 2018-2020 Intel Corporation
27 + * Copyright (C) 2018-2021 Intel Corporation
30 #include <linux/jiffies.h>
31 @@ -2753,6 +2753,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx
32 if (is_multicast_ether_addr(hdr->addr1))
33 return RX_DROP_UNUSABLE;
37 + * We should not receive A-MSDUs on pre-HT connections,
38 + * and HT connections cannot use old ciphers. Thus drop
39 + * them, as in those cases we couldn't even have SPP
42 + switch (rx->key->conf.cipher) {
43 + case WLAN_CIPHER_SUITE_WEP40:
44 + case WLAN_CIPHER_SUITE_WEP104:
45 + case WLAN_CIPHER_SUITE_TKIP:
46 + return RX_DROP_UNUSABLE;
52 return __ieee80211_rx_h_amsdu(rx, 0);
projects / openwrt / staging / zorun.git / blob