[PATCH] nl80211: Reject disconnect commands except from conn_owner

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Andrew Zaborowski <andrew.zaborowski@intel.com>
To: linux-wireless@vger.kernel.org
Subject: [PATCH] nl80211: Reject disconnect commands except from conn_owner
Date: Tue, 22 May 2018 02:46:02 +0200	[thread overview]
Message-ID: <20180522004602.19370-1-andrew.zaborowski@intel.com> (raw)

Reject NL80211_CMD_DISCONNECT, NL80211_CMD_DISASSOCIATE,
NL80211_CMD_DEAUTHENTICATE and NL80211_CMD_ASSOCIATE commands
from clients other than the connection owner set in the connect,
authenticate or associate commands, if it was set.

The main point of this check is to prevent chaos when two processes
try to use nl80211 at the same time, it's not a security measure.
The same thing should possibly be done for JOIN_IBSS/LEAVE_IBSS and
START_AP/STOP_AP.

Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
---
 net/wireless/nl80211.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e4a52a2b5e..85f094a564 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -8506,6 +8506,10 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
 	const u8 *bssid, *ssid;
 	int err, ssid_len = 0;
 
+	if (dev->ieee80211_ptr->conn_owner_nlportid &&
+	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
+		return -EPERM;
+
 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
 		return -EINVAL;
 
@@ -8628,6 +8632,10 @@ static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
 	u16 reason_code;
 	bool local_state_change;
 
+	if (dev->ieee80211_ptr->conn_owner_nlportid &&
+	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
+		return -EPERM;
+
 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
 		return -EINVAL;
 
@@ -8675,6 +8683,10 @@ static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
 	u16 reason_code;
 	bool local_state_change;
 
+	if (dev->ieee80211_ptr->conn_owner_nlportid &&
+	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
+		return -EPERM;
+
 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
 		return -EINVAL;
 
@@ -9451,6 +9463,10 @@ static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
 	u16 reason;
 	int ret;
 
+	if (dev->ieee80211_ptr->conn_owner_nlportid &&
+	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
+		return -EPERM;
+
 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
 		reason = WLAN_REASON_DEAUTH_LEAVING;
 	else
-- 
2.14.1

next             reply	other threads:[~2018-05-22  0:46 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-22  0:46 Andrew Zaborowski [this message]
2018-05-22  7:53 ` [PATCH] nl80211: Reject disconnect commands except from conn_owner Arend van Spriel
2018-05-22  8:21   ` Johannes Berg
2018-05-22 10:30     ` Arend van Spriel
2018-05-22 10:33   ` Andrew Zaborowski
2018-05-22 10:39     ` Arend van Spriel
  -- strict thread matches above, loose matches on Subject: below --
2018-04-28  1:47 Andrew Zaborowski
2018-04-28 13:07 ` Kalle Valo
2018-04-29 18:30   ` Andrew Zaborowski
2018-05-07 19:19     ` Johannes Berg
2018-05-08 12:18       ` Arend van Spriel
2018-05-08 12:19         ` Johannes Berg
2018-05-08 12:34           ` Arend van Spriel
     [not found]             ` <A996D5EE-1279-4DEC-832F-FC4D5FD7FC61@gmail.com>
2018-05-22 10:39               ` Arend van Spriel
2018-05-22 14:45                 ` Denis Kenzior
2018-05-08 20:03           ` Andrew Zaborowski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e4a52a2b5 dfblob:85f094a56 )
 OR (
bs:"[PATCH] nl80211: Reject disconnect commands except from conn_owner" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180522004602.19370-1-andrew.zaborowski@intel.com \
    --to=andrew.zaborowski@intel.com \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).