diff options
| author | Stefano Brivio <stefano.brivio@polimi.it> | 2008-02-02 13:16:01 -0500 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-02-05 14:35:46 -0500 |
| commit | 9eca9a8e81928685b4de00ecef83a7c13c340fc9 (patch) | |
| tree | 9029574fe8c64a8b75c3f682d6ba2f4fd1ced504 /drivers/net/wireless/b43legacy/dma.c | |
| parent | ada50731c0346bf900dc387edd3a6961297bf2d3 (diff) | |
b43legacy: drop packets we are not able to encrypt
We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).
This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.
It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.
This patch by Michael Buesch has been ported to b43legacy.
Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/b43legacy/dma.c')
| -rw-r--r-- | drivers/net/wireless/b43legacy/dma.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/drivers/net/wireless/b43legacy/dma.c b/drivers/net/wireless/b43legacy/dma.c index 83161d9af813..0023de8235bf 100644 --- a/drivers/net/wireless/b43legacy/dma.c +++ b/drivers/net/wireless/b43legacy/dma.c | |||
| @@ -1181,9 +1181,11 @@ static int dma_tx_fragment(struct b43legacy_dmaring *ring, | |||
| 1181 | 1181 | ||
| 1182 | header = &(ring->txhdr_cache[slot * sizeof( | 1182 | header = &(ring->txhdr_cache[slot * sizeof( |
| 1183 | struct b43legacy_txhdr_fw3)]); | 1183 | struct b43legacy_txhdr_fw3)]); |
| 1184 | b43legacy_generate_txhdr(ring->dev, header, | 1184 | err = b43legacy_generate_txhdr(ring->dev, header, |
| 1185 | skb->data, skb->len, ctl, | 1185 | skb->data, skb->len, ctl, |
| 1186 | generate_cookie(ring, slot)); | 1186 | generate_cookie(ring, slot)); |
| 1187 | if (unlikely(err)) | ||
| 1188 | return err; | ||
| 1187 | 1189 | ||
| 1188 | meta_hdr->dmaaddr = map_descbuffer(ring, (unsigned char *)header, | 1190 | meta_hdr->dmaaddr = map_descbuffer(ring, (unsigned char *)header, |
| 1189 | sizeof(struct b43legacy_txhdr_fw3), 1); | 1191 | sizeof(struct b43legacy_txhdr_fw3), 1); |
| @@ -1282,6 +1284,13 @@ int b43legacy_dma_tx(struct b43legacy_wldev *dev, | |||
| 1282 | B43legacy_BUG_ON(ring->stopped); | 1284 | B43legacy_BUG_ON(ring->stopped); |
| 1283 | 1285 | ||
| 1284 | err = dma_tx_fragment(ring, skb, ctl); | 1286 | err = dma_tx_fragment(ring, skb, ctl); |
| 1287 | if (unlikely(err == -ENOKEY)) { | ||
| 1288 | /* Drop this packet, as we don't have the encryption key | ||
| 1289 | * anymore and must not transmit it unencrypted. */ | ||
| 1290 | dev_kfree_skb_any(skb); | ||
| 1291 | err = 0; | ||
| 1292 | goto out_unlock; | ||
| 1293 | } | ||
| 1285 | if (unlikely(err)) { | 1294 | if (unlikely(err)) { |
| 1286 | b43legacyerr(dev->wl, "DMA tx mapping failure\n"); | 1295 | b43legacyerr(dev->wl, "DMA tx mapping failure\n"); |
| 1287 | goto out_unlock; | 1296 | goto out_unlock; |