From: Johannes Berg <johannes.berg@xxxxxxxxx> To be able to more easily understand the code, drop robust action frames before being associated, even if there's no MFP in the end, as they are Class 3 Frames and shouldn't be transmitted in the first place. Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> Signed-off-by: Gregory Greenman <gregory.greenman@xxxxxxxxx> --- net/mac80211/rx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index fb2d4a7436be..aec851c722f1 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2473,6 +2473,15 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) return RX_DROP_U_UNPROT_UNICAST_PUB_ACTION; } + /* + * Drop robust action frames before assoc regardless of MFP state, + * after assoc we also have decided on MFP or not. + */ + if (ieee80211_is_action(fc) && + ieee80211_is_robust_mgmt_frame(rx->skb) && + (!rx->sta || !test_sta_flag(rx->sta, WLAN_STA_ASSOC))) + return -EACCES; + return 0; } -- 2.38.1
