From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org
Cc: stable@vger.kernel.org, Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Subject: [PATCH v4.4 01/10] mac80211: assure all fragments are encrypted
Date: Mon, 31 May 2021 22:28:25 +0200 [thread overview]
Message-ID: <20210531202834.179810-2-johannes@sipsolutions.net> (raw)
In-Reply-To: <20210531202834.179810-1-johannes@sipsolutions.net>
From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
commit 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad upstream.
Do not mix plaintext and encrypted fragments in protected Wi-Fi
networks. This fixes CVE-2020-26147.
Previously, an attacker was able to first forward a legitimate encrypted
fragment towards a victim, followed by a plaintext fragment. The
encrypted and plaintext fragment would then be reassembled. For further
details see Section 6.3 and Appendix D in the paper "Fragment and Forge:
Breaking Wi-Fi Through Frame Aggregation and Fragmentation".
Because of this change there are now two equivalent conditions in the
code to determine if a received fragment requires sequential PNs, so we
also move this test to a separate function to make the code easier to
maintain.
Cc: stable@vger.kernel.org
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Link: https://lore.kernel.org/r/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/rx.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 886dce84e70c..eaad526cd0bf 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1807,6 +1807,16 @@ ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
return NULL;
}
+static bool requires_sequential_pn(struct ieee80211_rx_data *rx, __le16 fc)
+{
+ return rx->key &&
+ (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
+ rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
+ rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
+ rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
+ ieee80211_has_protected(fc);
+}
+
static ieee80211_rx_result debug_noinline
ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
{
@@ -1852,12 +1862,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
/* This is the first fragment of a new frame. */
entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
rx->seqno_idx, &(rx->skb));
- if (rx->key &&
- (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
- rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
- rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
- rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
- ieee80211_has_protected(fc)) {
+ if (requires_sequential_pn(rx, fc)) {
int queue = rx->security_idx;
/* Store CCMP/GCMP PN so that we can verify that the
@@ -1899,11 +1904,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
int queue;
- if (!rx->key ||
- (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
- rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&
- rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&
- rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))
+ if (!requires_sequential_pn(rx, fc))
return RX_DROP_UNUSABLE;
memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
--
2.31.1
next prev parent reply other threads:[~2021-05-31 20:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 20:28 [PATCH v4.4 00/10] security fixes backports Johannes Berg
2021-05-31 20:28 ` Johannes Berg [this message]
2021-05-31 20:28 ` [PATCH v4.4 02/10] mac80211: prevent mixed key and fragment cache attacks Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 03/10] mac80211: properly handle A-MSDUs that start with an RFC 1042 header Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 04/10] cfg80211: mitigate A-MSDU aggregation attacks Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 05/10] mac80211: drop A-MSDUs on old ciphers Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 06/10] mac80211: add fragment cache to sta_info Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 07/10] mac80211: check defrag PN against current frame Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 08/10] mac80211: prevent attacks on TKIP/WEP as well Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 09/10] mac80211: do not accept/forward invalid EAPOL frames Johannes Berg
2021-05-31 20:28 ` [PATCH v4.4 10/10] mac80211: extend protection against mixed key and fragment cache attacks Johannes Berg
2021-06-01 8:36 ` [PATCH v4.4 00/10] security fixes backports Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210531202834.179810-2-johannes@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=Mathy.Vanhoef@kuleuven.be \
--cc=linux-wireless@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.