On Tue, 2012-10-02 at 21:34 +0200, Stanislaw Gruszka wrote: > This patch fix corruption which can manifest itself by following crash > when switching on rfkill switch with rt2x00 driver: > https://bugzilla.redhat.com/attachment.cgi?id=615362 > > Pointer key->u.ccmp.tfm of group key get corrupted in: > > ieee80211_rx_h_michael_mic_verify(): > > /* update IV in key information to be able to detect replays */ > rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; > rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; > > because rt2x00 always set RX_FLAG_MMIC_STRIPPED, even if key is not TKIP. > > We already check type of the key in different path in > ieee80211_rx_h_michael_mic_verify() function, so adding additional > check here is reasonable. > > Cc: stable@xxxxxxxxxxxxxxx # 3.0+ > Signed-off-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx> Looks fine, John, could you also pick this up for 3.7? johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
