diff mbox series

mac80211: do not access the IV when it gets stripped

Message ID 20211101024657.143026-1-xing.song@mediatek.com (mailing list archive)
State Accepted
Delegated to: Johannes Berg
Headers show
Series mac80211: do not access the IV when it gets stripped | expand

Commit Message

Xing Song Nov. 1, 2021, 2:46 a.m. UTC 
ieee80211_get_keyid() will return false value if IV has been stripped,
such as return 0 for IP/ARP frames due to LLC header, and return -EINVAL
for disassociation frames due to its length... etc.

Signed-off-by: Xing Song <xing.song@mediatek.com>
---
 net/mac80211/rx.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c4071b015c18..ba3b82a72a60 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1952,7 +1952,8 @@  ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
 		int keyid = rx->sta->ptk_idx;
 		sta_ptk = rcu_dereference(rx->sta->ptk[keyid]);
 
-		if (ieee80211_has_protected(fc)) {
+		if (ieee80211_has_protected(fc) &&
+		    !(status->flag & RX_FLAG_IV_STRIPPED)) {
 			cs = rx->sta->cipher_scheme;
 			keyid = ieee80211_get_keyid(rx->skb, cs);