@@ -1397,6 +1397,14 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
ieee80211_is_data(fc) &&
(rx->key || rx->sdata->drop_unencrypted)))
return -EACCES;
+ /*
+ * Drop encrypted frames that have not been decrypted. This
+ * happens for frames that are sent by an AP to another STA
+ */
+ if (ieee80211_has_protected(fc) &&
+ !(status->flag & RX_FLAG_DECRYPTED)) {
+ return -EACCES;
+ }
if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
rx->key))