On Sun, 2012-09-30 at 19:47 +0300, Jouni Malinen wrote: > The bits used in the mask were off-by-one and ended up masking PwrMgt, > MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this > and to mask the correct fields. While doing so, convert the code to mask > the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is > built. > > Since BIP is used only with broadcast/multicast management frames, the > Retry field is always 0 in these frames. The Protected field is also > zero to maintain backwards compatibility. As such, the incorrect mask > here does not really cause any problems for valid frames. In theory, an > invalid BIP frame with Retry or Protected field set to 1 could be > rejected because of BIP validation. However, no such frame should show > up with standard compliant implementations, so this does not cause > problems in normal BIP use. > > Signed-off-by: Jouni Malinen <j@xxxxx> > --- > net/mac80211/wpa.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > This incorrect mask value was reported to me through private email and I > have not received permission to add a Reported-by: tag, so I can only > credit the anonymous reporter here. Thanks! :-) Applied, thanks! johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
