forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net/mac80211
History
Johannes Berg b812c69019 mac80211: reject ToDS broadcast data frames 
commit 3018e947d7 upstream.

AP/AP_VLAN modes don't accept any real 802.11 multicast data
frames, but since they do need to accept broadcast management
frames the same is currently permitted for data frames. This
opens a security problem because such frames would be decrypted
with the GTK, and could even contain unicast L3 frames.

Since the spec says that ToDS frames must always have the BSSID
as the RA (addr1), reject any other data frames.

The problem was originally reported in "Predicting, Decrypting,
and Abusing WPA2/802.11 Group Keys" at usenix
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/vanhoef
and brought to my attention by Jouni.

Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
--
2017-04-27 09:09:33 +02:00
..
aes_ccm.c mac80211: Switch to new AEAD interface 2015-05-28 11:23:20 +08:00
aes_ccm.h mac80111: Add CCMP-256 cipher 2015-01-27 11:07:35 +01:00
aes_cmac.c mac80211: remove ieee80211_aes_cmac_calculate_k1_k2() 2015-08-13 11:31:45 +02:00
aes_cmac.h mac80111: Add BIP-CMAC-256 cipher 2015-01-27 11:09:13 +01:00
aes_gcm.c mac80211: Switch to new AEAD interface 2015-05-28 11:23:20 +08:00
aes_gcm.h mac80111: Add GCMP and GCMP-256 ciphers 2015-01-27 11:06:09 +01:00
aes_gmac.c mac80211: Switch to new AEAD interface 2015-05-28 11:23:20 +08:00
aes_gmac.h mac80111: Add BIP-GMAC-128 and BIP-GMAC-256 ciphers 2015-01-27 11:10:13 +01:00
agg-rx.c mac80211: fix use of uninitialised values in RX aggregation 2016-03-16 08:43:00 -07:00
agg-tx.c mac80211: always set the buf_size in AddBA req to 64 2015-11-20 11:39:40 +01:00
cfg.c mac80211: fix purging multicast PS buffer queue 2016-09-07 08:32:41 +02:00
chan.c mac80211: upgrade BW of TDLS peers when possible 2015-07-17 15:38:12 +02:00
debug.h mac80211: 802.11p OCB mode support 2014-11-04 13:18:21 +01:00
debugfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-20 06:08:27 -07:00
debugfs.h mac80211: fix some missing includes 2014-04-09 14:49:43 +02:00
debugfs_key.c mac80211: allow writing TX PN in debugfs 2015-09-29 15:56:50 +02:00
debugfs_key.h
debugfs_netdev.c mac80211: remove last_beacon/ave_beacon debugfs files 2015-09-22 15:21:25 +02:00
debugfs_netdev.h mac80211: fix some missing includes 2014-04-09 14:49:43 +02:00
debugfs_sta.c mac80211: move station statistics into sub-structs 2015-10-21 10:08:22 +02:00
debugfs_sta.h
driver-ops.c mac80211: document sleep requirements for channel context ops 2015-11-03 11:15:48 +01:00
driver-ops.h mac80211: document sleep requirements for channel context ops 2015-11-03 11:15:48 +01:00
ethtool.c mac80211: move station statistics into sub-structs 2015-10-21 10:08:22 +02:00
ht.c mac80211: add VHT support for IBSS 2015-03-30 10:48:26 +02:00
ibss.c mac80211: fix ibss scan parameters 2016-04-20 15:42:10 +09:00
ieee80211_i.h mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs 2016-03-16 08:43:00 -07:00
iface.c mac80211: fix statistics leak if dev_alloc_name() fails 2016-05-11 11:21:13 +02:00
Kconfig mac80211: use DECLARE_EWMA 2015-08-14 17:49:53 +02:00
key.c mac80211: remove sta_info.gtk_idx 2015-07-17 15:37:54 +02:00
key.h mac80211: remove key TX/RX counter 2015-07-17 15:38:01 +02:00
led.c mac80211: fix throughput LED trigger 2015-05-11 19:16:04 +02:00
led.h mac80211: make LED triggering depend on activation 2015-05-05 14:21:56 +02:00
main.c mac80211: don't advertise NL80211_FEATURE_FULL_AP_CLIENT_STATE 2015-11-17 15:48:50 +01:00
Makefile mac80211: remove event.c 2015-10-14 18:40:26 +02:00
mesh.c mac80211: Fix adding of mesh vendor IEs 2017-02-14 15:22:51 -08:00
mesh.h mac80211: Requeue work after scan complete for all VIF types. 2016-03-03 15:07:26 -08:00
mesh_hwmp.c mac80211: move station statistics into sub-structs 2015-10-21 10:08:22 +02:00
mesh_pathtbl.c mac80211: mesh: fix call_rcu() usage 2015-11-17 15:49:25 +01:00
mesh_plink.c mac80211: fix crash on mesh local link ID generation with VIFs 2015-11-03 10:43:40 +01:00
mesh_ps.c mac80211: mesh: separate plid and aid concepts 2015-07-17 15:47:11 +02:00
mesh_sync.c mac80211: move mesh related station fields to own struct 2015-07-17 15:38:06 +02:00
michael.c
michael.h mac80211: fix some missing includes 2014-04-09 14:49:43 +02:00
mlme.c cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts 2017-01-09 08:07:42 +01:00
ocb.c mac80211: move station statistics into sub-structs 2015-10-21 10:08:22 +02:00
offchannel.c mac80211: use bool argument to ieee80211_send_nullfunc 2015-09-29 15:56:52 +02:00
pm.c mac80211: flush delayed work when entering suspend 2017-03-15 09:57:14 +08:00
rate.c mac80211: further improve "no supported rates" warning 2015-11-03 10:56:42 +01:00
rate.h mac80211: deinline rate_control_rate_init, rate_control_rate_update 2015-07-17 15:50:02 +02:00
rc80211_minstrel.c mac80211: minstrel: Change expected throughput unit back to Kbps 2016-03-16 08:42:59 -07:00
rc80211_minstrel.h mac80211: add standard deviation to Minstrel stats 2015-04-01 20:44:33 +02:00
rc80211_minstrel_debugfs.c mac80211: minstrel[_ht]: remove non-ascii debugfs characters 2015-09-29 15:56:47 +02:00
rc80211_minstrel_ht.c mac80211: minstrel_ht: fix a logic error in RTS/CTS handling 2016-03-16 08:43:00 -07:00
rc80211_minstrel_ht.h mac80211: add max lossless throughput per rate 2015-04-01 20:44:32 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel[_ht]: remove non-ascii debugfs characters 2015-09-29 15:56:47 +02:00
rx.c mac80211: reject ToDS broadcast data frames 2017-04-27 09:09:33 +02:00
scan.c mac80211: Requeue work after scan complete for all VIF types. 2016-03-03 15:07:26 -08:00
spectmgmt.c mac80211: remove unused variable in ieee80211_parse_ch_switch_ie() 2014-12-17 15:45:17 +01:00
sta_info.c mac80211: avoid excessive stack usage in sta_info 2016-04-20 15:42:10 +09:00
sta_info.h mac80211: fix fast_tx header alignment 2016-07-27 09:47:27 -07:00
status.c Here's another set of patches for the current cycle: 2015-10-22 07:28:41 -07:00
tdls.c mac80211: TDLS: add proper HT-oper IE 2015-11-03 10:42:47 +01:00
tkip.c mac80211: fix checkpatch errors 2013-12-18 10:33:06 +01:00
tkip.h
trace.c mac80211: Move message tracepoints to their own header 2015-04-07 12:32:09 -04:00
trace.h mac80211: allow null chandef in tracing 2015-11-03 10:40:59 +01:00
trace_msg.h mac80211: Move message tracepoints to their own header 2015-04-07 12:32:09 -04:00
tx.c mac80211: initialize fast-xmit 'info' later 2017-01-12 11:22:43 +01:00
util.c mac80211: reprogram in interface order 2015-12-15 13:13:59 +01:00
vht.c mac80211: handle width changes from opmode notification IE in beacon 2015-12-15 13:16:47 +01:00
wep.c mac80211: move WEP tailroom size check 2015-05-11 14:51:29 +02:00
wep.h
wme.c mac80211: synchronously reserve TID per station 2014-11-19 18:45:36 +01:00
wme.h mac80211: add WMM admission control support 2014-10-22 10:42:09 +02:00
wpa.c mac80211: remove event.c 2015-10-14 18:40:26 +02:00
wpa.h mac80111: Add BIP-GMAC-128 and BIP-GMAC-256 ciphers 2015-01-27 11:10:13 +01:00