From: Stanislaw Gruszka <sgruszka@redhat.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org,
Christian Lamparter <chunkeey@googlemail.com>,
Luciano Coelho <coelho@ti.com>, Arik Nemtsov <arik@wizery.com>
Subject: Re: [RFC] mac80211: validate key before MIC verify
Date: Fri, 21 Sep 2012 15:07:11 +0200 [thread overview]
Message-ID: <20120921130711.GC3100@redhat.com> (raw)
In-Reply-To: <1348232380.4160.7.camel@jlt4.sipsolutions.net>
On Fri, Sep 21, 2012 at 02:59:40PM +0200, Johannes Berg wrote:
> On Fri, 2012-09-21 at 14:41 +0200, Stanislaw Gruszka wrote:
>
> > --- a/net/mac80211/wpa.c
> > +++ b/net/mac80211/wpa.c
> > @@ -97,6 +97,14 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
> > return RX_CONTINUE;
> >
> > /*
> > + * Some hardware seems to generate Michael MIC failure reports; even
> > + * though, the frame was not encrypted with TKIP and therefore has no
> > + * MIC. Ignore the flag them to avoid triggering countermeasures.
> > + */
> > + if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP)
> > + return RX_CONTINUE;
> > +
> > + /*
> > * No way to verify the MIC if the hardware stripped it or
> > * the IV with the key index. In this case we have solely rely
> > * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
>
> Hm, this doesn't seem _quite_ right, but I'm not sure: it seems that
> previously it was possible that we don't have a key pointer but the
> driver set all of RX_FLAG_MMIC_STRIPPED, RX_FLAG_IV_STRIPPED and
> RX_FLAG_MMIC_ERROR, in which case after your change the frame will be
> accepted rather than rejected.
I wanted to cleanup stuff, but yeah, that seem to be wrong. I guess
I can just add check before rx->key->u.tkip.rx usage to fix the
problem. Eventually fix flags setting in driver.
Stanislaw
prev parent reply other threads:[~2012-09-21 13:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-21 12:41 [RFC] mac80211: validate key before MIC verify Stanislaw Gruszka
2012-09-21 12:59 ` Johannes Berg
2012-09-21 13:07 ` Stanislaw Gruszka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120921130711.GC3100@redhat.com \
--to=sgruszka@redhat.com \
--cc=arik@wizery.com \
--cc=chunkeey@googlemail.com \
--cc=coelho@ti.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).