diff options
Diffstat (limited to 'package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch')
| -rw-r--r-- | package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch b/package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch deleted file mode 100644 index 1b5084c37d..0000000000 --- a/package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Johannes Berg <johannes.berg@intel.com> -Date: Tue, 11 May 2021 20:02:46 +0200 -Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers - -With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs -since A-MSDUs are only supported if we know that they are, and -the only practical way for that is HT support which doesn't -support old ciphers. - -However, we would normally accept them anyway. Since we check -the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in -the QoS header is not protected in TKIP (or WEP), this enables -attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs -completely with old ciphers. - -Cc: stable@vger.kernel.org -Signed-off-by: Johannes Berg <johannes.berg@intel.com> ---- - ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -6,7 +6,7 @@ - * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net> - * Copyright 2013-2014 Intel Mobile Communications GmbH - * Copyright(c) 2015 - 2017 Intel Deutschland GmbH -- * Copyright (C) 2018-2020 Intel Corporation -+ * Copyright (C) 2018-2021 Intel Corporation - */ - - #include <linux/jiffies.h> -@@ -2753,6 +2753,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx - if (is_multicast_ether_addr(hdr->addr1)) - return RX_DROP_UNUSABLE; - -+ if (rx->key) { -+ /* -+ * We should not receive A-MSDUs on pre-HT connections, -+ * and HT connections cannot use old ciphers. Thus drop -+ * them, as in those cases we couldn't even have SPP -+ * A-MSDUs or such. -+ */ -+ switch (rx->key->conf.cipher) { -+ case WLAN_CIPHER_SUITE_WEP40: -+ case WLAN_CIPHER_SUITE_WEP104: -+ case WLAN_CIPHER_SUITE_TKIP: -+ return RX_DROP_UNUSABLE; -+ default: -+ break; -+ } -+ } -+ - return __ieee80211_rx_h_amsdu(rx, 0); - } - |