Hi,
I had a crash in function
ieee80211_rx_h_michael_mic_verify() during calling
mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
(void *) skb->data, NULL, GFP_ATOMIC);
The rx->key was a NULL pointer in this case. This situation was only in WPA2 mode. I investigated this issue and I found that the problem is related to decryption in function: ieee80211_rx_h_decrypt().
When I set rx->key the crash doesn't appear but I'm not sure if it is a good pleace.
The patch:
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index a247ffe..b16ad4f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -974,9 +974,14 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
* we somehow allow the driver to tell us which key
* the hardware used if this flag is set?
*/
+
if ((status->flag & RX_FLAG_DECRYPTED) &&
- (status->flag & RX_FLAG_IV_STRIPPED))
- return RX_CONTINUE;
+ (status->flag & RX_FLAG_IV_STRIPPED)) {
+ if (sta_ptk)
+ rx->key = sta_ptk;
+ return RX_CONTINUE;
+ }
+
hdrlen = ieee80211_hdrlen(fc);
Can you send me a path to the git with the newest source code?
Best regards,
Marek Kwaczynski--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
