From patchwork Mon Mar 2 19:28:52 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bob Copeland X-Patchwork-Id: 5916861 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 087429F380 for ; Mon, 2 Mar 2015 19:30:24 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 332E420212 for ; Mon, 2 Mar 2015 19:30:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 273A520211 for ; Mon, 2 Mar 2015 19:30:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754679AbbCBTaT (ORCPT ); Mon, 2 Mar 2015 14:30:19 -0500 Received: from mail-ie0-f174.google.com ([209.85.223.174]:43385 "EHLO mail-ie0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754657AbbCBTaQ (ORCPT ); Mon, 2 Mar 2015 14:30:16 -0500 Received: by iebtr6 with SMTP id tr6so50745067ieb.10 for ; Mon, 02 Mar 2015 11:30:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=n5UY1hX0/nezJUJdaptAjpsGEOOw2lRNW4fsDBbWNp8=; b=YvPRnEhW9JzxlluyVu2v0DpLJbc7g6pOBHi6TOPBpXjghwwtzWvkPTaIR2QycVXIeC k1QwxIRvuW0n3CFWCgw62QJYE/7Puws9LsbluukGXB760q12dwUGcwZYSyxHbeVZ64i9 JZ1Cl3wLLPKykU+W+8s2M+JwSDnhQRNWV1W3qs+23ErocWHbmi1qAwodSN621tmJvk9C /PcFib9cWbHIFOplJxenr6eCHyADmY1QqIGTSO+LxJUH3078OkitAOKJ9f3ypNXxrwGM JdF5xCVSfvUNQi0CfDUTDCuz2R8aQCCI0qYuJvPRYBhpdcx0TuBANzWl1vyvYJ0c4Xc4 Q9iw== X-Gm-Message-State: ALoCoQlSRPSTKzAy77VBkFtteZo7r8GgB+tbZaU/IPBtIbDUsdhivROIjcV175PJ7+1o0Cfvjtyr X-Received: by 10.50.176.196 with SMTP id ck4mr23750979igc.40.1425324615714; Mon, 02 Mar 2015 11:30:15 -0800 (PST) Received: from hash ([2001:470:1d:6db:230:48ff:fe9d:9c89]) by mx.google.com with ESMTPSA id y142sm8447990iod.25.2015.03.02.11.30.14 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 02 Mar 2015 11:30:14 -0800 (PST) Received: from bob by hash with local (Exim 4.80) (envelope-from ) id 1YSW1t-00036P-C5; Mon, 02 Mar 2015 14:29:25 -0500 From: Bob Copeland To: linux-wireless@vger.kernel.org, johannes@sipsolutions.net Cc: Bob Copeland , stable@vger.kernel.org Subject: [PATCH] mac80211: drop unencrypted frames in mesh fwding Date: Mon, 2 Mar 2015 14:28:52 -0500 Message-Id: <1425324532-11849-1-git-send-email-me@bobcopeland.com> X-Mailer: git-send-email 1.7.10.4 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The mesh forwarding path was not checking that data frames were protected when running an encrypted network; add the necessary check. Cc: stable@vger.kernel.org Reported-by: Johannes Berg Signed-off-by: Bob Copeland --- net/mac80211/rx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index ed38d83..f0f4241 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2214,6 +2214,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) hdr = (struct ieee80211_hdr *) skb->data; mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); + if (ieee80211_drop_unencrypted(rx, hdr->frame_control)) + return RX_DROP_MONITOR; + /* frame is in RMC, don't forward */ if (ieee80211_is_data(hdr->frame_control) && is_multicast_ether_addr(hdr->addr1) &&