mac80211: drop unencrypted frames if encryption is expected

This patch fixes a regression I (most likely) introduced, namely that unencrypted frames are right now accepted even if we have a key for that specific sender. That has very bad security implications. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Johannes Berg <johannes@sipsolutions.net> 2007-11-28 05:07:57 -0500
committer: John W. Linville <linville@tuxdriver.com> 2007-11-29 18:08:48 -0500
commit: 8312512e81ab16d845b49d1ec695fad1c72f19f6 (patch)
tree: c32ca43a65679197a417ab06fba3bbc542d575f5 /net
parent: 8b393f1dc76acbe65a97a4e51f8144f4a65fa1c9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 428a9fcf57d6..00f908d9275e 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -997,7 +997,7 @@ ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
        if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
                     (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
                     (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
-                     rx->sdata->drop_unencrypted &&
+                     (rx->key || rx->sdata->drop_unencrypted) &&
                     (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) {
                if (net_ratelimit())
                        printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
author	Johannes Berg <johannes@sipsolutions.net>	2007-11-28 05:07:57 -0500
committer	John W. Linville <linville@tuxdriver.com>	2007-11-29 18:08:48 -0500
commit	8312512e81ab16d845b49d1ec695fad1c72f19f6 (patch)
tree	c32ca43a65679197a417ab06fba3bbc542d575f5 /net
parent	8b393f1dc76acbe65a97a4e51f8144f4a65fa1c9 (diff)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 428a9fcf57d6..00f908d9275e 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c
@@ -997,7 +997,7 @@ ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
997	if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&	997	if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
998	(rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&	998	(rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
999	(rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&	999	(rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
1000	rx->sdata->drop_unencrypted &&	1000	(rx->key \|\| rx->sdata->drop_unencrypted) &&
1001	(rx->sdata->eapol == 0 \|\| !ieee80211_is_eapol(rx->skb)))) {	1001	(rx->sdata->eapol == 0 \|\| !ieee80211_is_eapol(rx->skb)))) {
1002	if (net_ratelimit())	1002	if (net_ratelimit())
1003	printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "	1003	printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "