Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Sep 2023 17:37:34 GMT
From:      Gordon Tetlow <gordon@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 7f34ee7cc56b - releng/13.2 - net80211: fail for unicast traffic without unicast key
Message-ID:  <202309061737.386HbYVD086538@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch releng/13.2 has been updated by gordon:

URL: https://cgit.FreeBSD.org/src/commit/?id=7f34ee7cc56b84cf880a5e91cf8b1011f41f1cab

commit 7f34ee7cc56b84cf880a5e91cf8b1011f41f1cab
Author:     domienschepers <schepers.d@northeastern.edu>
AuthorDate: 2022-11-10 00:00:00 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-09-06 17:13:25 +0000

    net80211: fail for unicast traffic without unicast key
    
    Falling back to the multicast key may cause unicast traffic to leak.
    Instead fail when no key is found.
    
    For more information see the 'Framing Frames: Bypassing Wi-Fi Encryption
    by Manipulating Transmit Queues' paper.
    
    Approved by:    so
    Security:       FreeBSD-SA-23:11.wifi
    Security:       CVE-2022-47522
    
    (cherry picked from commit 61605e0ae5d8f34b89b8e71e393f3006f511e86a)
    (cherry picked from commit 6c9bcecfb296b96a383012e02bc9582260588339)
---
 sys/net80211/ieee80211_crypto.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 59760d1e7d9c..f5941392465b 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -560,13 +560,17 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m)
 
 	/*
 	 * Multicast traffic always uses the multicast key.
-	 * Otherwise if a unicast key is set we use that and
-	 * it is always key index 0.  When no unicast key is
-	 * set we fall back to the default transmit key.
+	 *
+	 * Historically we would fall back to the default
+	 * transmit key if there was no unicast key.  This
+	 * behaviour was documented up to IEEE Std 802.11-2016,
+	 * 12.9.2.2 Per-MSDU/Per-A-MSDU Tx pseudocode, in the
+	 * 'else' case but is no longer in later versions of
+	 * the standard.  Additionally falling back to the
+	 * group key for unicast was a security risk.
 	 */
 	wh = mtod(m, struct ieee80211_frame *);
-	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
-	    IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
+	if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 		if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) {
 			IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
 			    wh->i_addr1,
@@ -578,6 +582,8 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m)
 		return &vap->iv_nw_keys[vap->iv_def_txkey];
 	}
 
+	if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey))
+		return NULL;
 	return &ni->ni_ucastkey;
 }
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202309061737.386HbYVD086538>