mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-20 09:31:09 +00:00
ath10k: Fix TKIP Michael MIC verification for PCIe
commit 0dc267b13f
upstream.
TKIP Michael MIC was not verified properly for PCIe cases since the
validation steps in ieee80211_rx_h_michael_mic_verify() in mac80211 did
not get fully executed due to unexpected flag values in
ieee80211_rx_status.
Fix this by setting the flags property to meet mac80211 expectations for
performing Michael MIC validation there. This fixes CVE-2020-26141. It
does the same as ath10k_htt_rx_proc_rx_ind_hl() for SDIO which passed
MIC verification case. This applies only to QCA6174/QCA9377 PCIe.
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
Cc: stable@vger.kernel.org
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
c4d5271830
commit
6643b21aee
1 changed files with 10 additions and 0 deletions
|
@ -1974,6 +1974,11 @@ static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
|
|||
}
|
||||
|
||||
ath10k_htt_rx_h_csum_offload(msdu);
|
||||
|
||||
if (frag && !fill_crypt_header &&
|
||||
enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
|
||||
status->flag &= ~RX_FLAG_MMIC_STRIPPED;
|
||||
|
||||
ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
|
||||
is_decrypted);
|
||||
|
||||
|
@ -1991,6 +1996,11 @@ static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
|
|||
|
||||
hdr = (void *)msdu->data;
|
||||
hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
|
||||
|
||||
if (frag && !fill_crypt_header &&
|
||||
enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
|
||||
status->flag &= ~RX_FLAG_IV_STRIPPED &
|
||||
~RX_FLAG_MMIC_STRIPPED;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue