From patchwork Sun Feb 14 23:37:32 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Benoit PAPILLAULT <benoit.papillault@free.fr>
X-Patchwork-Id: 79338
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o1ENbiok000362
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Sun, 14 Feb 2010 23:37:44 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753533Ab0BNXhn (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Sun, 14 Feb 2010 18:37:43 -0500
Received: from smtp1-g21.free.fr ([212.27.42.1]:55878 "EHLO
	smtp1-g21.free.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752350Ab0BNXhm (ORCPT <rfc822; linux-wireless@vger.kernel.org>);
	Sun, 14 Feb 2010 18:37:42 -0500
Received: from smtp1-g21.free.fr (localhost [127.0.0.1])
	by smtp1-g21.free.fr (Postfix) with ESMTP id 9639F94001B;
	Mon, 15 Feb 2010 00:37:36 +0100 (CET)
Received: from xian.sabine-et-benoit.com (ns.popipo.fr [88.163.232.53])
	by smtp1-g21.free.fr (Postfix) with ESMTP id B39F5940099;
	Mon, 15 Feb 2010 00:37:33 +0100 (CET)
Received: by xian.sabine-et-benoit.com (Postfix, from userid 1000)
	id 9B1A5701A8; Mon, 15 Feb 2010 00:37:33 +0100 (CET)
From: Benoit Papillault <benoit.papillault@free.fr>
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
	Benoit Papillault <benoit.papillault@free.fr>
Subject: [PATCH 1/2] mac80211: Drop protected data frames that have not been
	decrypted
Date: Mon, 15 Feb 2010 00:37:32 +0100
Message-Id: <1266190653-2453-1-git-send-email-benoit.papillault@free.fr>
X-Mailer: git-send-email 1.5.6.5
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Sun, 14 Feb 2010 23:37:44 +0000 (UTC)


diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c9755f3..22ae6ee 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1397,6 +1397,14 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
 		     ieee80211_is_data(fc) &&
 		     (rx->key || rx->sdata->drop_unencrypted)))
 		return -EACCES;
+	/*
+	 * Drop encrypted frames that have not been decrypted. This
+	 * happens for frames that are sent by an AP to another STA
+	 */
+	if (ieee80211_has_protected(fc) &&
+	    !(status->flag & RX_FLAG_DECRYPTED)) {
+		return -EACCES;
+	}
 	if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
 		if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
 			     rx->key))