mac80211: drop unencrypted frames if encryption is expected

This patch fixes a regression I (most likely) introduced, namely that unencrypted frames are right now accepted even if we have a key for that specific sender. That has very bad security implications. Signed-off-by: N Johannes Berg <johannes@sipsolutions.net> Signed-off-by: N John W. Linville <linville@tuxdriver.com>

mac80211: drop unencrypted frames if encryption is expected
This patch fixes a regression I (most likely) introduced, namely that unencrypted frames are right now accepted even if we have a key for that specific sender. That has very bad security implications. Signed-off-by: N Johannes Berg <johannes@sipsolutions.net> Signed-off-by: N John W. Linville <linville@tuxdriver.com>
8312512e · Johannes Berg · John W. Linville · 8b393f1d · 8312512e
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/mac80211/rx.c net/mac80211/rx.c +1 -1

未找到文件。
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -997,7 +997,7 @@ ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
 	if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
 		     (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
 		     (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
-		     rx->sdata->drop_unencrypted &&
+		     (rx->key || rx->sdata->drop_unencrypted) &&
 		     (rx->sdata->eapol == 0 || !ieee80211_is_eapol(rx->skb)))) {
 		if (net_ratelimit())
 			printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "