diff options
author | Felix Fietkau <nbd@nbd.name> | 2021-11-26 08:40:55 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2021-11-26 08:42:36 +0100 |
commit | 68189835ac81779f9cf21060dca0c54dcdb0c0a6 (patch) | |
tree | 176e32bcdb9cb49a93838eb43d8ba69fec90a6dd /package/kernel/mac80211/patches | |
parent | 3ba98468424db1f081818982dfa2a07ab85ae136 (diff) | |
download | upstream-68189835ac81779f9cf21060dca0c54dcdb0c0a6.tar.gz upstream-68189835ac81779f9cf21060dca0c54dcdb0c0a6.tar.bz2 upstream-68189835ac81779f9cf21060dca0c54dcdb0c0a6.zip |
mac80211: backport fix for dealing with stripped IV on rx
This fixes potental rx drop issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'package/kernel/mac80211/patches')
-rw-r--r-- | package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch b/package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch new file mode 100644 index 0000000000..7b662acdc5 --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch @@ -0,0 +1,26 @@ +From: Xing Song <xing.song@mediatek.com> +Date: Mon, 1 Nov 2021 10:46:57 +0800 +Subject: [PATCH] mac80211: do not access the IV when it was stripped + +ieee80211_get_keyid() will return false value if IV has been stripped, +such as return 0 for IP/ARP frames due to LLC header, and return -EINVAL +for disassociation frames due to its length... etc. Don't try to access +it if it's not present. + +Signed-off-by: Xing Song <xing.song@mediatek.com> +Link: https://lore.kernel.org/r/20211101024657.143026-1-xing.song@mediatek.com +Signed-off-by: Johannes Berg <johannes.berg@intel.com> +--- + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -1952,7 +1952,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_ + int keyid = rx->sta->ptk_idx; + sta_ptk = rcu_dereference(rx->sta->ptk[keyid]); + +- if (ieee80211_has_protected(fc)) { ++ if (ieee80211_has_protected(fc) && ++ !(status->flag & RX_FLAG_IV_STRIPPED)) { + cs = rx->sta->cipher_scheme; + keyid = ieee80211_get_keyid(rx->skb, cs); + |