From: Alon Giladi Date: Mon, 19 Jun 2023 15:37:38 +0000 (+0300) Subject: wifi: mac80211: drop unprotected robust mgmt before 4-way-HS X-Git-Tag: v6.6.7~2536^2~28^2~53 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7339e0f2e1bcb732b922a1c40a01b6002bec1ee5;p=platform%2Fkernel%2Flinux-starfive.git wifi: mac80211: drop unprotected robust mgmt before 4-way-HS When MFP is used, drop unprotected robust management frames also before the 4-way handshake has been completed, i.e. no key has been installed yet. Signed-off-by: Alon Giladi Signed-off-by: Gregory Greenman Link: https://lore.kernel.org/r/20230619183718.cfbefddccd0c.Ife369dbb61c87e311ce15739d5b2b4763bfdfbae@changeid Signed-off-by: Johannes Berg --- diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 6ebec32..1d2e7a6 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2418,13 +2418,20 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) { if (unlikely(!ieee80211_has_protected(fc) && - ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && - rx->key)) { + ieee80211_is_unicast_robust_mgmt_frame(rx->skb))) { if (ieee80211_is_deauth(fc) || - ieee80211_is_disassoc(fc)) + ieee80211_is_disassoc(fc)) { + /* + * Permit unprotected deauth/disassoc frames + * during 4-way-HS (key is installed after HS). + */ + if (!rx->key) + return 0; + cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, rx->skb->data, rx->skb->len); + } return -EACCES; } /* BIP does not use Protected field, so need to check MMIE */