Linux wireless drivers development
 help / color / mirror / Atom feed
From: Johannes Berg <johannes@sipsolutions.net>
To: Jouni Malinen <j@w1.fi>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
	Michael Wu <flamingice@sourmilk.net>,
	"John W. Linville" <linville@tuxdriver.com>
Subject: Re: mac80211: unencrypted packet vulnerability
Date: Tue, 27 Nov 2007 14:12:17 +0100	[thread overview]
Message-ID: <1196169138.6058.7.camel@johannes.berg> (raw)
In-Reply-To: <20071127040536.GF5698@jm.kir.nu>

[-- Attachment #1: Type: text/plain, Size: 1398 bytes --]


> > The reason is that ieee80211_rx_h_drop_unencrypted() drops unencrypted
> > frames, but only if "sdata->drop_unencrypted" is set which never
> > happens!
> 
> Hmm.. What happened to the original code that had (rx->key ||
> rx->sdata->drop_unencrypted)?

Hmm. Yes, that'd help. Seems that got lost at some point. I'll take a
look and fix it up.

> I thought it did.. By the use of rx->key here, not by use of
> drop_unencrypted. Anyway, like I said, drop_unencrypted is an extra
> layer of security, so having possibility of using it may be nice safety
> net should something else go wrong in the RX logic.
> 
> > Considering the AP case, on the other hand, hostapd will need to be able
> > to set the setting since we don't actually look into the beacon it tells
> > us to transmit. But hostapd on the other hand doesn't even invoke the
> > iwauth ioctl! I have to admit to being rather confused.
> 
> The Devicescape version of hostapd did.. I do not remember why this was
> not merged, but I would assume it was just something that I never got to
> and since it was using a private ioctl for setting the parameter that
> option already disappeared. Sure, it would be reasonable to add support
> for it now that the parameter is available with WE-18.

I think I did a patch already. I need to review all my patches and post
those that are appropriate.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

      reply	other threads:[~2007-11-27 13:12 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-21 23:01 mac80211: unencrypted packet vulnerability Johannes Berg
2007-11-26 15:37 ` Dan Williams
2007-11-27  3:55   ` Jouni Malinen
2007-11-27  4:05 ` Jouni Malinen
2007-11-27 13:12   ` Johannes Berg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1196169138.6058.7.camel@johannes.berg \
    --to=johannes@sipsolutions.net \
    --cc=flamingice@sourmilk.net \
    --cc=j@w1.fi \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox