CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
	Sun, 6 Jun 2021 22:10:56 +0000 (22:10 +0000)
committer	Bjoern A. Zeeb <bz@FreeBSD.org>
	Thu, 30 Sep 2021 14:54:04 +0000 (14:54 +0000)
commit	ffc19cf52da5546973965f78cf32aa0f2c9657f8
tree	aab449f55f1d0da7d1eb99af59429262aeeca0db	tree \| snapshot
parent	f024bdf1155f36d2d8c4caa533b66e4040c4c469	commit \| diff

net80211: prevent plaintext injection by A-MSDU RFC1042/EAPOL frames

No longer accept plaintext A-MSDU frames that start with an RFC1042
header with EtherType EAPOL. This is done by only accepting EAPOL
packets that are included in non-aggregated 802.11 frames.

Note that before this patch, FreeBSD also only accepted EAPOL frames
that are sent in a non-aggregated 802.11 frame due to bugs in
processing EAPOL packets inside A-MSDUs. In other words,
compatibility with legitimate devices remains the same.

This relates to section 6.5 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.

Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26144
PR: 256120
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D30665

sys/net80211/ieee80211_adhoc.c		diff \| blob \| history
sys/net80211/ieee80211_hostap.c		diff \| blob \| history
sys/net80211/ieee80211_sta.c		diff \| blob \| history
sys/net80211/ieee80211_wds.c		diff \| blob \| history