mac80211: backport fix for dealing with stripped IV on rx

[openwrt/openwrt.git] / package / kernel / mac80211 / patches / subsys / 307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch

diff --git a/package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch b/package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
new file mode 100644 (file)
index 0000000..7b662ac
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
@@ -0,0 +1,26 @@
+From: Xing Song <xing.song@mediatek.com>
+Date: Mon, 1 Nov 2021 10:46:57 +0800
+Subject: [PATCH] mac80211: do not access the IV when it was stripped
+
+ieee80211_get_keyid() will return false value if IV has been stripped,
+such as return 0 for IP/ARP frames due to LLC header, and return -EINVAL
+for disassociation frames due to its length... etc. Don't try to access
+it if it's not present.
+
+Signed-off-by: Xing Song <xing.song@mediatek.com>
+Link: https://lore.kernel.org/r/20211101024657.143026-1-xing.song@mediatek.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -1952,7 +1952,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_
+               int keyid = rx->sta->ptk_idx;
+               sta_ptk = rcu_dereference(rx->sta->ptk[keyid]);
+ 
+-              if (ieee80211_has_protected(fc)) {
++              if (ieee80211_has_protected(fc) &&
++                  !(status->flag & RX_FLAG_IV_STRIPPED)) {
+                       cs = rx->sta->cipher_scheme;
+                       keyid = ieee80211_get_keyid(rx->skb, cs);
+