This patch fixes a regression I (most likely) introduced, namely that
unencrypted frames are right now accepted even if we have a key for that
specific sender. That has very bad security implications.
Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
---
This applies to 2.6.24.
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- linux-2.6.orig/net/mac80211/rx.c 2007-11-28 10:59:56.988928439 +0100
+++ linux-2.6/net/mac80211/rx.c 2007-11-28 11:00:21.718922363 +0100
@@ -997,7 +997,7 @@ ieee80211_rx_h_drop_unencrypted(struct i
if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
(rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
(rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
- rx->sdata->drop_unencrypted &&
+ (rx->key || rx->sdata->drop_unencrypted) &&
(rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) {
if (net_ratelimit())
printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
