+++ /dev/null
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:46 +0200
-Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers
-
-With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
-since A-MSDUs are only supported if we know that they are, and
-the only practical way for that is HT support which doesn't
-support old ciphers.
-
-However, we would normally accept them anyway. Since we check
-the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
-the QoS header is not protected in TKIP (or WEP), this enables
-attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
-completely with old ciphers.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -6,7 +6,7 @@
- * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net>
- * Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
- */
-
- #include <linux/jiffies.h>
-@@ -2753,6 +2753,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx
- if (is_multicast_ether_addr(hdr->addr1))
- return RX_DROP_UNUSABLE;
-
-+ if (rx->key) {
-+ /*
-+ * We should not receive A-MSDUs on pre-HT connections,
-+ * and HT connections cannot use old ciphers. Thus drop
-+ * them, as in those cases we couldn't even have SPP
-+ * A-MSDUs or such.
-+ */
-+ switch (rx->key->conf.cipher) {
-+ case WLAN_CIPHER_SUITE_WEP40:
-+ case WLAN_CIPHER_SUITE_WEP104:
-+ case WLAN_CIPHER_SUITE_TKIP:
-+ return RX_DROP_UNUSABLE;
-+ default:
-+ break;
-+ }
-+ }
-+
- return __ieee80211_rx_h_amsdu(rx, 0);
- }
-
projects / openwrt / staging / adrian.git / blobdiff