diff options
author | Johannes Berg <johannes.berg@intel.com> | 2020-03-26 15:09:42 +0200 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2020-03-26 15:49:24 +0100 |
commit | a0761a301746ec2d92d7fcb82af69c0a6a4339aa (patch) | |
tree | 34ceddb462d496b2c6109defc302f2cba2561ad9 /net/wireless | |
parent | 575a97acc3b7446094b0dcaf6285c7c6934c2477 (diff) | |
download | linux-a0761a301746ec2d92d7fcb82af69c0a6a4339aa.tar.gz linux-a0761a301746ec2d92d7fcb82af69c0a6a4339aa.tar.bz2 linux-a0761a301746ec2d92d7fcb82af69c0a6a4339aa.zip |
mac80211: drop data frames without key on encrypted links
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless')
0 files changed, 0 insertions, 0 deletions