linux/net/mac80211
Johannes Berg bf30ca922a mac80211: check defrag PN against current frame
As pointed out by Mathy Vanhoef, we implement the RX PN check
on fragmented frames incorrectly - we check against the last
received PN prior to the new frame, rather than to the one in
this frame itself.

Prior patches addressed the security issue here, but in order
to be able to reason better about the code, fix it to really
compare against the current frame's PN, not the last stored
one.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210511200110.bfbc340ff071.Id0b690e581da7d03d76df90bb0e3fd55930bc8a0@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-05-11 20:13:45 +02:00
..
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aead_api.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_ccm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_cmac.c mac80211: aes_cmac: check crypto_shash_setkey() return value 2021-04-19 12:01:40 +02:00
aes_cmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gcm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aes_gmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
agg-rx.c mac80211: use bitfield helpers for BA session action frames 2020-12-11 13:20:05 +01:00
agg-tx.c mac80211: use bitfield helpers for BA session action frames 2020-12-11 13:20:05 +01:00
airtime.c mac80211: add AQL support for VHT160 tx rates 2020-09-18 11:36:03 +02:00
cfg.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
chan.c mac80211: Update rate control on channel change 2020-12-11 13:20:05 +01:00
debug.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_key.c mac80211: remove trailing semicolon in macro definitions 2020-12-11 12:51:55 +01:00
debugfs_key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_netdev.c mac80211: remove trailing semicolon in macro definitions 2020-12-11 12:51:55 +01:00
debugfs_netdev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_sta.c wireless: fix spelling of A-MSDU in HE capabilities 2021-04-19 12:50:15 +02:00
debugfs_sta.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c mac80211: Allow concurrent monitor iface and ethernet rx decap 2021-04-08 15:21:05 +02:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
driver-ops.c mac80211: fix station rate table updates on assoc 2021-02-01 15:07:09 +01:00
driver-ops.h mac80211: add rx decapsulation offload support 2021-01-21 13:34:49 +01:00
ethtool.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 432 2019-06-05 17:37:16 +02:00
fils_aead.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
fils_aead.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
he.c mac80211: reduce peer HE MCS/NSS to own capabilities 2021-01-22 09:11:28 +01:00
ht.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
ibss.c mac80211: fix double free in ibss_leave 2021-03-16 21:13:09 +01:00
ieee80211_i.h mac80211: check defrag PN against current frame 2021-05-11 20:13:45 +02:00
iface.c mac80211: add fragment cache to sta_info 2021-05-11 20:13:35 +02:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-01-28 09:29:34 +02:00
key.c mac80211: prevent mixed key and fragment cache attacks 2021-05-11 20:12:51 +02:00
key.h mac80211: prevent mixed key and fragment cache attacks 2021-05-11 20:12:51 +02:00
led.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
led.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
main.c mac80211: drop the connection if firmware crashed while in CSA 2021-04-19 12:06:44 +02:00
Makefile mac80211: remove legacy minstrel rate control 2021-01-22 09:11:37 +01:00
mesh_hwmp.c mac80211: fix potential overflow when multiplying to u32 integers 2021-02-12 08:54:42 +01:00
mesh_pathtbl.c mac80211: mesh: fix mesh_pathtbl_init() error path 2020-12-04 17:34:25 -08:00
mesh_plink.c mac80211: fix some more kernel-doc in mesh 2020-09-28 14:36:53 +02:00
mesh_ps.c mac80211: fix some more kernel-doc in mesh 2020-09-28 14:36:53 +02:00
mesh_sync.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mesh.c mac80211: save HE oper info in BSS config for mesh 2020-11-06 10:03:21 +01:00
mesh.h mac80211: add HE 6 GHz Band Capability element 2020-05-31 11:26:39 +02:00
michael.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
michael.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mlme.c Another set of updates, all over the map: 2021-04-20 16:44:04 -07:00
ocb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
offchannel.c mac80211: Inform AP when returning operating channel 2020-09-28 13:18:53 +02:00
pm.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
rate.c mac80211: fix station rate table updates on assoc 2021-02-01 15:07:09 +01:00
rate.h mac80211: populate debugfs only after cfg80211 init 2020-04-24 11:30:13 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: show sampling rates in debugfs 2021-02-12 08:58:11 +01:00
rc80211_minstrel_ht.c mac80211: minstrel_ht: remove extraneous indentation on if statement 2021-04-19 12:00:48 +02:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: remove sample rate switching code for constrained devices 2021-02-12 08:58:22 +01:00
rx.c mac80211: check defrag PN against current frame 2021-05-11 20:13:45 +02:00
s1g.c mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
scan.c mac80211: convert S1G beacon to scan results 2020-09-28 13:53:25 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-01-21 13:39:11 +01:00
sta_info.c mac80211: add fragment cache to sta_info 2021-05-11 20:13:35 +02:00
sta_info.h mac80211: add fragment cache to sta_info 2021-05-11 20:13:35 +02:00
status.c mac80211: enable QoS support for nl80211 ctrl port 2021-02-12 08:52:48 +01:00
tdls.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
tkip.c mac80211: Fix TKIP replay protection immediately after key setup 2020-01-15 09:52:12 +01:00
tkip.h Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
trace_msg.h mac80211: Increase MAX_MSG_LEN 2019-03-29 11:20:36 +01:00
trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.h mac80211: add rx decapsulation offload support 2021-01-21 13:34:49 +01:00
tx.c Another set of updates, all over the map: 2021-04-20 16:44:04 -07:00
util.c mac80211: make ieee80211_vif_to_wdev work when the vif isn't in the driver 2021-04-19 12:03:13 +02:00
vht.c mac80211: remove NSS number of 160MHz if not support 160MHz for HE 2021-01-21 13:45:13 +01:00
wep.c mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wep.h mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wme.c mac80211: remove WDS-related code 2020-11-11 08:39:13 +01:00
wme.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wpa.c mac80211: check defrag PN against current frame 2021-05-11 20:13:45 +02:00
wpa.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00