This is a note to let you know that I've just added the patch titled
mac80211: mlme: find auth challenge directly
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mac80211-mlme-find-auth-challenge-directly.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Sat Oct 15 05:24:51 PM CEST 2022
From: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
Date: Fri, 14 Oct 2022 18:47:03 +0200
Subject: mac80211: mlme: find auth challenge directly
To: linux-wireless@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx
Cc: Felix Fietkau <nbd@xxxxxxxx>, Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>, Marcus Meissner <meissner@xxxxxxx>, Jiri Kosina <jkosina@xxxxxxx>, Steve deRosier <steve.derosier@xxxxxxxxx>, Johannes Berg <johannes.berg@xxxxxxxxx>
Message-ID: <20221014164705.31486-2-johannes@xxxxxxxxxxxxxxxx>
From: Johannes Berg <johannes.berg@xxxxxxxxx>
There's no need to parse all elements etc. just to find the
authentication challenge - use cfg80211_find_elem() instead.
This also allows us to remove WLAN_EID_CHALLENGE handling
from the element parsing entirely.
Link: https://lore.kernel.org/r/20210920154009.45f9b3a15722.Ice3159ffad03a007d6154cbf1fb3a8c48489e86f@changeid
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/mac80211/ieee80211_i.h | 2 --
net/mac80211/mlme.c | 11 ++++++-----
net/mac80211/util.c | 4 ----
3 files changed, 6 insertions(+), 11 deletions(-)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1460,7 +1460,6 @@ struct ieee802_11_elems {
const u8 *supp_rates;
const u8 *ds_params;
const struct ieee80211_tim_ie *tim;
- const u8 *challenge;
const u8 *rsn;
const u8 *erp_info;
const u8 *ext_supp_rates;
@@ -1507,7 +1506,6 @@ struct ieee802_11_elems {
u8 ssid_len;
u8 supp_rates_len;
u8 tim_len;
- u8 challenge_len;
u8 rsn_len;
u8 ext_supp_rates_len;
u8 wmm_info_len;
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2829,14 +2829,14 @@ static void ieee80211_auth_challenge(str
{
struct ieee80211_local *local = sdata->local;
struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
+ const struct element *challenge;
u8 *pos;
- struct ieee802_11_elems elems;
u32 tx_flags = 0;
pos = mgmt->u.auth.variable;
- ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
- mgmt->bssid, auth_data->bss->bssid);
- if (!elems.challenge)
+ challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
+ len - (pos - (u8 *)mgmt));
+ if (!challenge)
return;
auth_data->expected_transaction = 4;
drv_mgd_prepare_tx(sdata->local, sdata, 0);
@@ -2844,7 +2844,8 @@ static void ieee80211_auth_challenge(str
tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
IEEE80211_TX_INTFL_MLME_CONN_TX;
ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
- elems.challenge - 2, elems.challenge_len + 2,
+ (void *)challenge,
+ challenge->datalen + sizeof(*challenge),
auth_data->bss->bssid, auth_data->bss->bssid,
auth_data->key, auth_data->key_len,
auth_data->key_idx, tx_flags);
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1006,10 +1006,6 @@ _ieee802_11_parse_elems_crc(const u8 *st
} else
elem_parse_failed = true;
break;
- case WLAN_EID_CHALLENGE:
- elems->challenge = pos;
- elems->challenge_len = elen;
- break;
case WLAN_EID_VENDOR_SPECIFIC:
if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
pos[2] == 0xf2) {
Patches currently in stable-queue which might be from johannes@xxxxxxxxxxxxxxxx are
queue-5.4/wifi-mac80211-don-t-parse-mbssid-in-assoc-response.patch
queue-5.4/mac80211-mlme-find-auth-challenge-directly.patch
queue-5.4/wifi-mac80211-fix-mbssid-parsing-use-after-free.patch
