| From 3a2f942a8e3c1b3852c2c5030313bb4c3f178d4b Mon Sep 17 00:00:00 2001 |
| From: Johannes Berg <johannes.berg@intel.com> |
| Date: Thu, 26 Mar 2020 15:51:35 +0100 |
| Subject: [PATCH] mac80211: mark station unauthorized before key removal |
| |
| commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream. |
| |
| If a station is still marked as authorized, mark it as no longer |
| so before removing its keys. This allows frames transmitted to it |
| to be rejected, providing additional protection against leaking |
| plain text data during the disconnection flow. |
| |
| Cc: stable@vger.kernel.org |
| Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c |
| index 044db4c698e9..9dae48c47d70 100644 |
| --- a/net/mac80211/sta_info.c |
| +++ b/net/mac80211/sta_info.c |
| @@ -4,7 +4,7 @@ |
| * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> |
| * Copyright 2013-2014 Intel Mobile Communications GmbH |
| * Copyright (C) 2015 - 2017 Intel Deutschland GmbH |
| - * Copyright (C) 2018 Intel Corporation |
| + * Copyright (C) 2018-2020 Intel Corporation |
| */ |
| |
| #include <linux/module.h> |
| @@ -991,6 +991,11 @@ static void __sta_info_destroy_part2(struct sta_info *sta) |
| might_sleep(); |
| lockdep_assert_held(&local->sta_mtx); |
| |
| + while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { |
| + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); |
| + WARN_ON_ONCE(ret); |
| + } |
| + |
| /* now keys can no longer be reached */ |
| ieee80211_free_sta_keys(local, sta); |
| |
| -- |
| 2.7.4 |
| |