brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
3173390b8d
linux-brain/net/mac80211
History
Wen Gong cbc470aa3f mac80211: extend protection against mixed key and fragment cache attacks 
commit 3edc6b0d6c061a70d8ca3c3c72eb1f58ce29bfb1 upstream.

For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is
done by the hardware, and the Protected bit in the Frame Control field
is cleared in the lower level driver before the frame is passed to
mac80211. In such cases, the condition for ieee80211_has_protected() is
not met in ieee80211_rx_h_defragment() of mac80211 and the new security
validation steps are not executed.

Extend mac80211 to cover the case where the Protected bit has been
cleared, but the frame is indicated as having been decrypted by the
hardware. This extends protection against mixed key and fragment cache
attack for additional drivers/chips. This fixes CVE-2020-24586 and
CVE-2020-24587 for such cases.

Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1

Cc: stable@vger.kernel.org
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-03 08:59:02 +02:00
..
aead_api.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aead_api.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_ccm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_cmac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_cmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gcm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gmac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
agg-rx.c mac80211: add missing null return check from call to ieee80211_get_sband 2019-07-31 10:51:17 +02:00
agg-tx.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
cfg.c mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN 2021-04-21 12:56:15 +02:00
chan.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
debug.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_key.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
debugfs_key.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_netdev.c mac80211: fix txq null pointer dereference 2019-10-01 17:56:19 +02:00
debugfs_netdev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_sta.c mac80211: drop data frames without key on encrypted links 2020-04-01 11:02:01 +02:00
debugfs_sta.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c mac80211: AMPDU handling for rekeys with Extended Key ID 2019-07-26 13:29:10 +02:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
driver-ops.c mac80211: fix station rate table updates on assoc 2021-02-10 09:25:29 +01:00
driver-ops.h mac80211: pass the vif to cancel_remain_on_channel 2019-07-26 13:08:28 +02:00
ethtool.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 432 2019-06-05 17:37:16 +02:00
fils_aead.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
fils_aead.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
he.c mac80211: fix possible NULL pointerderef in obss pd code 2019-08-21 10:58:32 +02:00
ht.c mac80211: add support for the ADDBA extension element 2019-07-29 16:40:22 +02:00
ibss.c mac80211: fix double free in ibss_leave 2021-03-30 14:35:29 +02:00
ieee80211_i.h mac80211: check defrag PN against current frame 2021-06-03 08:59:01 +02:00
iface.c mac80211: add fragment cache to sta_info 2021-06-03 08:59:01 +02:00
Kconfig Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
key.c mac80211: prevent mixed key and fragment cache attacks 2021-06-03 08:59:01 +02:00
key.h mac80211: prevent mixed key and fragment cache attacks 2021-06-03 08:59:01 +02:00
led.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
led.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
main.c mac80211: bail out if cipher schemes are invalid 2021-05-14 09:44:28 +02:00
Makefile mac80211: minstrel: merge with minstrel_ht, always enable VHT support 2018-10-11 16:01:01 +02:00
mesh_hwmp.c mac80211: fix potential overflow when multiplying to u32 integers 2021-03-04 10:26:17 +01:00
mesh_pathtbl.c mac80211: mesh: fix mesh_pathtbl_init() error path 2020-12-21 13:27:03 +01:00
mesh_plink.c mac80211: implement HE support for mesh 2019-07-26 16:14:12 +02:00
mesh_ps.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mesh_sync.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mesh.c mac80211: fix channel switch trigger from unknown mesh peer 2020-05-02 08:48:58 +02:00
mesh.h mac80211: implement HE support for mesh 2019-07-26 16:14:12 +02:00
michael.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
michael.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mlme.c mac80211: clear the beacon's CRC after channel switch 2021-05-19 10:08:22 +02:00
ocb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
offchannel.c mac80211: pass the vif to cancel_remain_on_channel 2019-07-26 13:08:28 +02:00
pm.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rate.c mac80211: fix station rate table updates on assoc 2021-02-10 09:25:29 +01:00
rate.h mac80211: populate debugfs only after cfg80211 init 2020-04-29 16:33:18 +02:00
rc80211_minstrel_debugfs.c mac80211: rc80211_minstrel: remove variance / stddev calculation 2018-10-11 16:01:05 +02:00
rc80211_minstrel_ht_debugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
rc80211_minstrel_ht.c mac80211: populate debugfs only after cfg80211 init 2020-04-29 16:33:18 +02:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: improve rate probing for devices with static fallback 2019-08-21 11:10:13 +02:00
rc80211_minstrel.c mac80211: minstrel: fix tx status processing corner case 2020-11-24 13:29:23 +01:00
rc80211_minstrel.h mac80211: minstrel: remove deferred sampling code 2020-11-24 13:29:23 +01:00
rx.c mac80211: extend protection against mixed key and fragment cache attacks 2021-06-03 08:59:02 +02:00
scan.c mac80211: fix scan when operating on DFS channels in ETSI domains 2019-10-07 22:10:50 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-02-13 13:52:55 +01:00
sta_info.c mac80211: add fragment cache to sta_info 2021-06-03 08:59:01 +02:00
sta_info.h mac80211: prevent attacks on TKIP/WEP as well 2021-06-03 08:59:01 +02:00
status.c mac80211: add ieee80211_is_any_nullfunc() 2020-05-10 10:31:32 +02:00
tdls.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-17 15:55:34 -07:00
tkip.c mac80211: Fix TKIP replay protection immediately after key setup 2020-02-05 21:22:46 +00:00
tkip.h Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
trace_msg.h mac80211: Increase MAX_MSG_LEN 2019-03-29 11:20:36 +01:00
trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.h mac80211: pass the vif to cancel_remain_on_channel 2019-07-26 13:08:28 +02:00
tx.c mac80211: fix TXQ AC confusion 2021-04-14 08:24:12 +02:00
util.c mac80211: fix wrong 160/80+80 MHz setting 2020-03-05 16:43:41 +01:00
vht.c mac80211: don't set set TDLS STA bandwidth wider than possible 2020-12-30 11:51:25 +01:00
wep.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
wep.h Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
wme.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wme.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wpa.c mac80211: check defrag PN against current frame 2021-06-03 08:59:01 +02:00
wpa.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00