From 391780cd2378ca4c36e3e9161b3783adf8fe05a1 Mon Sep 17 00:00:00 2001 From: jc_gargma Date: Thu, 29 Oct 2020 19:04:57 -0700 Subject: Updated to 5.9.2 --- ...x-regression-where-EAPOL-frames-were-sent.patch | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch (limited to '0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch') diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch new file mode 100644 index 0000000..d4c5e1a --- /dev/null +++ b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch @@ -0,0 +1,53 @@ +From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Sat, 17 Oct 2020 23:08:18 +0400 +Subject: mac80211: fix regression where EAPOL frames were sent in plaintext + +I've managed to reproduce the issue, or at least a related issue. Can +you try the draft patch below and see if that fixes it? + +When sending EAPOL frames via NL80211 they are treated as injected +frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop +injected frames even if normally not allowed") these injected frames +were not assigned a sta context in the function ieee80211_tx_dequeue, +causing certain wireless network cards to always send EAPOL frames in +plaintext. This may cause compatibility issues with some clients or +APs, which for instance can cause the group key handshake to fail and +in turn would cause the station to get disconnected. + +This commit fixes this regression by assigning a sta context in +ieee80211_tx_dequeue to injected frames as well. + +Note that sending EAPOL frames in plaintext is not a security issue +since they contain their own encryption and authentication protection. + +Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") +--- + net/mac80211/tx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index dca01d7e6e3e..2a0725b548f6 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -3613,13 +3613,14 @@ begin: + tx.skb = skb; + tx.sdata = vif_to_sdata(info->control.vif); + +- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { ++ if (txq->sta) { + tx.sta = container_of(txq->sta, struct sta_info, sta); + /* + * Drop unicast frames to unauthorised stations unless they are +- * EAPOL frames from the local station. ++ * injected frames or EAPOL frames from the local station. + */ +- if (unlikely(ieee80211_is_data(hdr->frame_control) && ++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && ++ ieee80211_is_data(hdr->frame_control) && + !ieee80211_vif_is_mesh(&tx.sdata->vif) && + tx.sdata->vif.type != NL80211_IFTYPE_OCB && + !is_multicast_ether_addr(hdr->addr1) && +-- +cgit v1.2.3-1-gf6bb5 + -- cgit v1.2.1