projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df3ca9d) | patch
mac80211: check defrag PN against current frame
authorJohannes Berg <johannes.berg@intel.com>
Mon, 31 May 2021 20:31:32 +0000 (22:31 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 3 Jun 2021 06:36:14 +0000 (08:36 +0200)
commita9b57952fed41556c950a92123086724eaf11919
tree953cd517208cc12b64ac9864e2794c6ad57b381ftree | snapshot (tar.gz zip)
parentdf3ca9d4ed64b1abcb94dad3c0bf22aedac07320commit | diff
mac80211: check defrag PN against current frame

commit bf30ca922a0c0176007e074b0acc77ed345e9990 upstream.

As pointed out by Mathy Vanhoef, we implement the RX PN check
on fragmented frames incorrectly - we check against the last
received PN prior to the new frame, rather than to the one in
this frame itself.

Prior patches addressed the security issue here, but in order
to be able to reason better about the code, fix it to really
compare against the current frame's PN, not the last stored
one.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210511200110.bfbc340ff071.Id0b690e581da7d03d76df90bb0e3fd55930bc8a0@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/mac80211/ieee80211_i.h diff | blob | blame | history
net/mac80211/rx.c diff | blob | blame | history
net/mac80211/wpa.c diff | blob | blame | history