On Tue, 2016-01-05 at 11:54 +0100, Matthias May wrote: > > Not safe as in "access to stuff which has to be locked", or not safe > as > in "a CCMP replay attack is possible"? > When changing this we argumented that since we are not really > connected > yet, a CCMP replay attack doesn't really make sense. > It's a bit more complicated than my first look suggested, it seems. However, I'm not sure what effect your patch is supposed to have. You're skipping CCMP replay checking and update when not authorized yet, at which point the station isn't receiving frames anyway (though they'd be checked for all this, they'd later be discarded). Once it becomes authorized, you do the checks. However, it never becomes unauthorized again, even for rekeying, so for the PTK rekeying issue at hand it's pretty much a no-op? johannes PS: the comment in your patch is also wrong: > + /* If we are a station update the ccmp counter only when we are > + * authorised. For all other modes always update. */ > + if (!rx->sta || > + (rx->sta && test_sta_flag(rx->sta, WLAN_STA_AUTHORIZED)) ) { There's no check for "if we are a station" here. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html