CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
	Sun, 6 Jun 2021 22:10:41 +0000 (22:10 +0000)
committer	Bjoern A. Zeeb <bz@FreeBSD.org>
	Thu, 30 Sep 2021 14:47:41 +0000 (14:47 +0000)
commit	11572d7d7fb9802ceb46ea9dc6cbe3bb95373e55
tree	8463676d9152048d6fe5f7d7598f1fde30726221	tree \| snapshot
parent	a20c10893eb17e281f119d1b9b39c175dbf4d7bd	commit \| diff

net80211: reject mixed plaintext/encrypted fragments

ieee80211_defrag() accepts fragmented 802.11 frames in a protected Wi-Fi
network even when some of the fragments are not encrypted.
Track whether the fragments are encrypted or not and only accept
successive ones if they match the state of the first fragment.

This relates to section 6.3 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.

Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26147
PR: 256118
Differential Revision: https://reviews.freebsd.org/D30663

sys/net80211/ieee80211_adhoc.c		diff \| blob \| history
sys/net80211/ieee80211_hostap.c		diff \| blob \| history
sys/net80211/ieee80211_input.c		diff \| blob \| history
sys/net80211/ieee80211_input.h		diff \| blob \| history
sys/net80211/ieee80211_mesh.c		diff \| blob \| history
sys/net80211/ieee80211_sta.c		diff \| blob \| history
sys/net80211/ieee80211_wds.c		diff \| blob \| history