[Bionic][PATCH 1/2] mac80211: drop robust management frames from unknown TA
Wen-chien Jesse Sung
jesse.sung at canonical.com
Tue Aug 6 10:06:32 UTC 2019
From: Johannes Berg <johannes.berg at intel.com>
BugLink: https://launchpad.net/bugs/1839105
When receiving a robust management frame, drop it if we don't have
rx->sta since then we don't have a security association and thus
couldn't possibly validate the frame.
Cc: stable at vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg at intel.com>
CVE-2019-0136
(cherry picked from commit 588f7d39b3592a36fb7702ae3b8bdd9be4621e2f)
Signed-off-by: Wen-chien Jesse Sung <jesse.sung at canonical.com>
---
net/mac80211/rx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 9e19ddbcb06e..ec34cab43642 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3586,6 +3586,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
case NL80211_IFTYPE_STATION:
if (!bssid && !sdata->u.mgd.use_4addr)
return false;
+ if (ieee80211_is_robust_mgmt_frame(skb) && !rx->sta)
+ return false;
if (multicast)
return true;
return ether_addr_equal(sdata->vif.addr, hdr->addr1);
--
2.20.1
More information about the kernel-team
mailing list