diff options
| author | Mathy Vanhoef <[email protected]> | 2021-05-11 20:02:42 +0200 |
|---|---|---|
| committer | Johannes Berg <[email protected]> | 2021-05-11 20:12:36 +0200 |
| commit | 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad (patch) | |
| tree | 756d40dcc45b31850fb1f87afefb264eec678a2d /lib/test_fortify/write_overflow-strncpy-src.c | |
| parent | 297c4de6f780b63b6d2af75a730720483bf1904a (diff) | |
mac80211: assure all fragments are encrypted
Do not mix plaintext and encrypted fragments in protected Wi-Fi
networks. This fixes CVE-2020-26147.
Previously, an attacker was able to first forward a legitimate encrypted
fragment towards a victim, followed by a plaintext fragment. The
encrypted and plaintext fragment would then be reassembled. For further
details see Section 6.3 and Appendix D in the paper "Fragment and Forge:
Breaking Wi-Fi Through Frame Aggregation and Fragmentation".
Because of this change there are now two equivalent conditions in the
code to determine if a received fragment requires sequential PNs, so we
also move this test to a separate function to make the code easier to
maintain.
Cc: [email protected]
Signed-off-by: Mathy Vanhoef <[email protected]>
Link: https://lore.kernel.org/r/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid
Signed-off-by: Johannes Berg <[email protected]>
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy-src.c')
0 files changed, 0 insertions, 0 deletions