diff options
| author | Stefan Sperling <stsp@cvs.openbsd.org> | 2019-01-15 10:01:47 +0000 |
|---|---|---|
| committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2019-01-15 10:01:47 +0000 |
| commit | 492621fb6c862cfd10a3d366740bde778cb5096a (patch) | |
| tree | ec0936f4a6cdc42b200f90dce1ed900e04d9dba9 | |
| parent | afe782a721e3a3bbb0822852f23d82cc2e72dcbe (diff) | |
Stop processing "no data" frames in ieee80211_input() before decryption.
Previously such frames would be counted as decryption failures which is
nonsense because they don't carry any data which could be encrypted.
Problem analyzed by, and fix developed together with, Lauri Tirkkonen.
| -rw-r--r-- | sys/net80211/ieee80211_input.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index a614a67cc59..d04fadc0187 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_input.c,v 1.202 2018/08/07 18:13:14 stsp Exp $ */ +/* $OpenBSD: ieee80211_input.c,v 1.203 2019/01/15 10:01:46 stsp Exp $ */ /*- * Copyright (c) 2001 Atsushi Onoe @@ -405,6 +405,13 @@ ieee80211_input(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node *ni, goto out; } + /* Do not process "no data" frames any further. */ + if (subtype & IEEE80211_FC0_SUBTYPE_NODATA) { + if (ic->ic_rawbpf) + bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_IN); + goto out; + } + if ((ic->ic_flags & IEEE80211_F_WEPON) || ((ic->ic_flags & IEEE80211_F_RSNON) && (ni->ni_flags & IEEE80211_NODE_RXPROT))) { |