From: Stanislaw Gruszka <sgruszka@redhat.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org,
Christian Lamparter <chunkeey@googlemail.com>,
Luciano Coelho <coelho@ti.com>, Arik Nemtsov <arik@wizery.com>
Subject: Re: [RFC] mac80211: validate key before MIC verify
Date: Fri, 21 Sep 2012 15:07:11 +0200 [thread overview]
Message-ID: <20120921130711.GC3100@redhat.com> (raw)
In-Reply-To: <1348232380.4160.7.camel@jlt4.sipsolutions.net>
On Fri, Sep 21, 2012 at 02:59:40PM +0200, Johannes Berg wrote:
> On Fri, 2012-09-21 at 14:41 +0200, Stanislaw Gruszka wrote:
>
> > --- a/net/mac80211/wpa.c
> > +++ b/net/mac80211/wpa.c
> > @@ -97,6 +97,14 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
> > return RX_CONTINUE;
> >
> > /*
> > + * Some hardware seems to generate Michael MIC failure reports; even
> > + * though, the frame was not encrypted with TKIP and therefore has no
> > + * MIC. Ignore the flag them to avoid triggering countermeasures.
> > + */
> > + if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP)
> > + return RX_CONTINUE;
> > +
> > + /*
> > * No way to verify the MIC if the hardware stripped it or
> > * the IV with the key index. In this case we have solely rely
> > * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
>
> Hm, this doesn't seem _quite_ right, but I'm not sure: it seems that
> previously it was possible that we don't have a key pointer but the
> driver set all of RX_FLAG_MMIC_STRIPPED, RX_FLAG_IV_STRIPPED and
> RX_FLAG_MMIC_ERROR, in which case after your change the frame will be
> accepted rather than rejected.
I wanted to cleanup stuff, but yeah, that seem to be wrong. I guess
I can just add check before rx->key->u.tkip.rx usage to fix the
problem. Eventually fix flags setting in driver.
Stanislaw
prev parent reply other threads:[~2012-09-21 13:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-21 12:41 [RFC] mac80211: validate key before MIC verify Stanislaw Gruszka
2012-09-21 12:59 ` Johannes Berg
2012-09-21 13:07 ` Stanislaw Gruszka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120921130711.GC3100@redhat.com \
--to=sgruszka@redhat.com \
--cc=arik@wizery.com \
--cc=chunkeey@googlemail.com \
--cc=coelho@ti.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.