summaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorDenis Kenzior <denkenz@gmail.com>2019-08-27 18:41:19 -0400
committerJohannes Berg <johannes.berg@intel.com>2019-08-29 10:38:36 -0400
commitc8a41c6afa27b8c3f61622dfd882b912da9d6721 (patch)
treeae9e0856e5bd800557c4e5c5706d8091900c7047 /net/mac80211
parentb9500577d361522a3d9f14da8cf41dc1d824904e (diff)
mac80211: Don't memset RXCB prior to PAE intercept
In ieee80211_deliver_skb_to_local_stack intercepts EAPoL frames if mac80211 is configured to do so and forwards the contents over nl80211. During this process some additional data is also forwarded, including whether the frame was received encrypted or not. Unfortunately just prior to the call to ieee80211_deliver_skb_to_local_stack, skb->cb is cleared, resulting in incorrect data being exposed over nl80211. Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211") Cc: stable@vger.kernel.org Signed-off-by: Denis Kenzior <denkenz@gmail.com> Link: https://lore.kernel.org/r/20190827224120.14545-2-denkenz@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/rx.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 3c1ab870fefe..7c4aeac006fb 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2452,6 +2452,8 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb,
2452 cfg80211_rx_control_port(dev, skb, noencrypt); 2452 cfg80211_rx_control_port(dev, skb, noencrypt);
2453 dev_kfree_skb(skb); 2453 dev_kfree_skb(skb);
2454 } else { 2454 } else {
2455 memset(skb->cb, 0, sizeof(skb->cb));
2456
2455 /* deliver to local stack */ 2457 /* deliver to local stack */
2456 if (rx->napi) 2458 if (rx->napi)
2457 napi_gro_receive(rx->napi, skb); 2459 napi_gro_receive(rx->napi, skb);
@@ -2546,8 +2548,6 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
2546 2548
2547 if (skb) { 2549 if (skb) {
2548 skb->protocol = eth_type_trans(skb, dev); 2550 skb->protocol = eth_type_trans(skb, dev);
2549 memset(skb->cb, 0, sizeof(skb->cb));
2550
2551 ieee80211_deliver_skb_to_local_stack(skb, rx); 2551 ieee80211_deliver_skb_to_local_stack(skb, rx);
2552 } 2552 }
2553 2553