diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2007-11-28 05:07:57 -0500 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2007-11-29 18:08:48 -0500 |
commit | 8312512e81ab16d845b49d1ec695fad1c72f19f6 (patch) | |
tree | c32ca43a65679197a417ab06fba3bbc542d575f5 | |
parent | 8b393f1dc76acbe65a97a4e51f8144f4a65fa1c9 (diff) |
mac80211: drop unencrypted frames if encryption is expected
This patch fixes a regression I (most likely) introduced, namely that
unencrypted frames are right now accepted even if we have a key for that
specific sender. That has very bad security implications.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | net/mac80211/rx.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 428a9fcf57d6..00f908d9275e 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
@@ -997,7 +997,7 @@ ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx) | |||
997 | if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) && | 997 | if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) && |
998 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | 998 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && |
999 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && | 999 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && |
1000 | rx->sdata->drop_unencrypted && | 1000 | (rx->key || rx->sdata->drop_unencrypted) && |
1001 | (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) { | 1001 | (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) { |
1002 | if (net_ratelimit()) | 1002 | if (net_ratelimit()) |
1003 | printk(KERN_DEBUG "%s: RX non-WEP frame, but expected " | 1003 | printk(KERN_DEBUG "%s: RX non-WEP frame, but expected " |