From nobody Wed Sep  6 17:37:34 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgqMM2D2Bz4sQkW;
	Wed,  6 Sep 2023 17:37:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RgqMM0wWLz3dC0;
	Wed,  6 Sep 2023 17:37:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1694021855;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=aLShdMZqXhlA0bpF/xQh+hir872yWalhhohKdnKpl3o=;
	b=RPrZMZcWu3V4ac5H380zlMTfGDhmrmUP56zP3R/BUGBnygrdRR6RRtfe5opuncPGyzMI+M
	vEWf/nkoiKb0q+skizSypRKI/m7jGPVDIXcD+nRtIFzZ1axNBYdTYLcfBRz/KjkaueyVk/
	RvoePPzflIi7U7a1ohiFFw5y9s13Ztl5j1RkPQ0JbpC1dfSxuRK8vuhNrV6wrRHeY8ic2L
	DUJJfFDauZ8zbTJfHnGfsSQloccjD0JzAco/YKEJ4u6zopBqW47M4Ac0sGqyLZUpvXzTLl
	Mx6wP6jp9p1amoYJQhC2fht4yl2GHyv6FZ9HLqKSokoUMVwGdfFaznUCA5B1IQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694021855; a=rsa-sha256; cv=none;
	b=f/WiDMH/KrLZoCKvd/1zZt3s8rClGhO6GjnqMCvTP7pUNM4zzNGHCMxY4hkdWELT+hijpT
	u3hwTVmrOuNFHXECbG3yEti9vOa1j7HsJJL2fzXuEisr3Oe77S1JxNWlbfwW9RKdnxpMsD
	oW2k8xaU48uWzD9vWFnD+7+DPMMlB+UX+cONlUKepTQzNiV/xGONlbdU2I3NAwiRp+5p0e
	J4VgWJjVOHi4mv2g6rQf8Ekhdjt8EMNOv0qzcpQS2KR9fBPMHJDq3mresl873uKhsgAaCV
	Nk2g2/OATD5JkEHJaz7auy8coLLoxTAXI7M4PoNt0dI+eXmF7HNGuBpXhBfpHg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1694021855;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=aLShdMZqXhlA0bpF/xQh+hir872yWalhhohKdnKpl3o=;
	b=BOrbSsGjoDCN40ac7SV4yOIcNBlWV9CJRR4wdjsVm0LOaHfepdHNnpKcecG3VFbXW8qqTw
	/px+MstDV4F99BcDmY9jnA4oWbGcwrbzuXskV249+3QwwuyTfEed/dxJX2Wa6NfX5mRDiQ
	qfRhYiUxCxCO9iy837ZO4HVEFRhvA90nMzt1QMXPy38m+EVf1G2s4zf86mzUkgyfYVWiEd
	B/FzX1u23pYOLeQKKeKWSlQe0JWQtGUytMUaO947t67Vi9+m2oW6iNlJA+WDF5aItHWq4a
	6fcUJChGZirNjPmiHndJPwna2375FRyy4BkujllLG6+y/FISN0h3CqIBOel2Zw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RgqML6rRTzB8C;
	Wed,  6 Sep 2023 17:37:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 386HbYes086541;
	Wed, 6 Sep 2023 17:37:34 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 386HbYVD086538;
	Wed, 6 Sep 2023 17:37:34 GMT
	(envelope-from git)
Date: Wed, 6 Sep 2023 17:37:34 GMT
Message-Id: <202309061737.386HbYVD086538@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gordon Tetlow <gordon@FreeBSD.org>
Subject: git: 7f34ee7cc56b - releng/13.2 - net80211: fail for unicast
  traffic without unicast key
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: gordon
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/13.2
X-Git-Reftype: branch
X-Git-Commit: 7f34ee7cc56b84cf880a5e91cf8b1011f41f1cab
Auto-Submitted: auto-generated

The branch releng/13.2 has been updated by gordon:

URL: https://cgit.FreeBSD.org/src/commit/?id=7f34ee7cc56b84cf880a5e91cf8b1011f41f1cab

commit 7f34ee7cc56b84cf880a5e91cf8b1011f41f1cab
Author:     domienschepers <schepers.d@northeastern.edu>
AuthorDate: 2022-11-10 00:00:00 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-09-06 17:13:25 +0000

    net80211: fail for unicast traffic without unicast key
    
    Falling back to the multicast key may cause unicast traffic to leak.
    Instead fail when no key is found.
    
    For more information see the 'Framing Frames: Bypassing Wi-Fi Encryption
    by Manipulating Transmit Queues' paper.
    
    Approved by:    so
    Security:       FreeBSD-SA-23:11.wifi
    Security:       CVE-2022-47522
    
    (cherry picked from commit 61605e0ae5d8f34b89b8e71e393f3006f511e86a)
    (cherry picked from commit 6c9bcecfb296b96a383012e02bc9582260588339)
---
 sys/net80211/ieee80211_crypto.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 59760d1e7d9c..f5941392465b 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -560,13 +560,17 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m)
 
 	/*
 	 * Multicast traffic always uses the multicast key.
-	 * Otherwise if a unicast key is set we use that and
-	 * it is always key index 0.  When no unicast key is
-	 * set we fall back to the default transmit key.
+	 *
+	 * Historically we would fall back to the default
+	 * transmit key if there was no unicast key.  This
+	 * behaviour was documented up to IEEE Std 802.11-2016,
+	 * 12.9.2.2 Per-MSDU/Per-A-MSDU Tx pseudocode, in the
+	 * 'else' case but is no longer in later versions of
+	 * the standard.  Additionally falling back to the
+	 * group key for unicast was a security risk.
 	 */
 	wh = mtod(m, struct ieee80211_frame *);
-	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
-	    IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
+	if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 		if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) {
 			IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
 			    wh->i_addr1,
@@ -578,6 +582,8 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m)
 		return &vap->iv_nw_keys[vap->iv_def_txkey];
 	}
 
+	if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey))
+		return NULL;
 	return &ni->ni_ucastkey;
 }