From: Johannes Berg <johannes@sipsolutions.net>
To: Alexander Wetzel <alexander@wetzel-home.de>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH v6 3/3] mac80211: Fix PTK rekey freezes and cleartext leaks
Date: Tue, 28 Aug 2018 10:48:40 +0200 [thread overview]
Message-ID: <1535446120.5895.6.camel@sipsolutions.net> (raw)
In-Reply-To: <20180814104255.4183-4-alexander@wetzel-home.de>
On Tue, 2018-08-14 at 12:42 +0200, Alexander Wetzel wrote:
>
> + /* PTK only using key ID 0 needs special handling on rekey */
> + if (new_key && sta && ptk0rekey) {
> + local = old_key->local;
> + sdata = old_key->sdata;
> +
> + /* Stop TX till we are on the new key */
> + old_key->flags |= KEY_FLAG_TAINTED;
> + ieee80211_clear_fast_xmit(sta);
> +
> + /* Aggregation sessions during rekey are complicated due to
> + * the reorder buffer. Side step that by blocking aggregation
> + * and tear down running connections.
> + */
> + if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
> + set_sta_flag(sta, WLAN_STA_BLOCK_BA);
> + ieee80211_sta_tear_down_BA_sessions(sta,
> + AGG_STOP_LOCAL_REQUEST);
> + }
> +
> + if (new_key->local->ops->replace_key) {
> + ret = drv_replace_key(old_key->local, sdata,
> + &sta->sta, &old_key->conf,
> + &new_key->conf);
> + if (!ret)
> + new_key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
> + else
> + sdata_err(sdata,
> + "failed to replace key (%d) for " \
> + "STA (%pM) in hardware: ret=(%d)\n",
> + old_key->conf.keyidx,
> + sta->sta.addr,
> + ret);
> +
> + old_key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
> + } else {
> + sdata_info(sdata,
> + "Userspace requested a PTK rekey for STA " \
> + "%pM while feature not supported! " \
> + "This may leak clear text packets or " \
> + "freeze the connection.",
> + sta->sta.addr);
This seems a bit weird - we know a likely dangerous thing is happening
and only print an info message? Why not just prevent this in the first
place?
johannes
next prev parent reply other threads:[~2018-08-28 12:39 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-14 10:42 [PATCH v6 0/3] Fix PTK rekey freezes and cleartext leaks Alexander Wetzel
2018-08-14 10:42 ` [PATCH v6 1/3] nl80211: Add ATOMIC_KEY_REPLACE API Alexander Wetzel
2018-08-16 16:30 ` Denis Kenzior
2018-08-18 20:53 ` Alexander Wetzel
2018-08-28 8:46 ` Johannes Berg
2018-08-28 16:00 ` Alexander Wetzel
2018-08-28 8:47 ` Johannes Berg
2018-08-28 16:00 ` Alexander Wetzel
2018-08-28 16:03 ` Johannes Berg
2018-08-28 19:02 ` Alexander Wetzel
2018-08-29 7:02 ` Johannes Berg
2018-08-14 10:42 ` [PATCH v6 2/3] mac80211: Define new driver callback replace_key Alexander Wetzel
2018-08-16 16:35 ` Denis Kenzior
2018-08-18 21:01 ` Alexander Wetzel
2018-08-14 10:42 ` [PATCH v6 3/3] mac80211: Fix PTK rekey freezes and cleartext leaks Alexander Wetzel
2018-08-28 8:48 ` Johannes Berg [this message]
2018-08-28 16:27 ` Alexander Wetzel
2018-08-29 6:59 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1535446120.5895.6.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=alexander@wetzel-home.de \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.