HomeFreeBSD

net80211: reject mixed plaintext/encrypted fragments

Description

net80211: reject mixed plaintext/encrypted fragments

ieee80211_defrag() accepts fragmented 802.11 frames in a protected Wi-Fi
network even when some of the fragments are not encrypted.
Track whether the fragments are encrypted or not and only accept
successive ones if they match the state of the first fragment.

This relates to section 6.3 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.

Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26147
PR: 256118

(cherry picked from commit 11572d7d7fb9802ceb46ea9dc6cbe3bb95373e55)

Details

Provenance
Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>Authored on Jun 6 2021, 10:10 PM
bzCommitted on Nov 19 2021, 12:01 AM
Parents
rG37b2cf4e6a97: LinuxKPI: implement dma_set_coherent_mask()
Branches
Unknown
Tags
Unknown