From nobody Fri Aug  8 00:39:03 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bylX743twz63kfT;
	Fri, 08 Aug 2025 00:39:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bylX730QPz3WWC;
	Fri, 08 Aug 2025 00:39:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1754613543;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=sKobaSA0EdSEm6f48+nCOSZ2PtMEiSa4FQJzqZJbZWU=;
	b=k/eMMTIIdYAeHoquEdRkCrU1XgNXKNX9AKsxVpnZ7x/N06QE1lUpCROf6ddQJO2LOantiV
	YV69dCgNmVW5ft1DlGTvCljUBAKYEDuuFqe3K+8wHdBzqm+AkfXrPYctm+RbC2t+1fFV4b
	DtXrsA45RdhXyV0q+K1nQfbkOqddMY9W3giDtRoV7+JvDyMuQib84igJGTOIUKFU9wNiUN
	2z7WKkt9Nansr1A2l/4KE/DM1Jo7ukm/b5Wadilb8ZnpAym7nXo/DbK5KQ76NSgvb90L+M
	fYFePeXbSA7YTMvwiM96z8mm3cz7vaMCWyQ2iJWqTBVrSxBhgu8XjqAEyv0Cdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1754613543;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=sKobaSA0EdSEm6f48+nCOSZ2PtMEiSa4FQJzqZJbZWU=;
	b=o59ToFmRN3mZHkh5c1wSD09zdFNhYg793zjhis+x9LE0ZBv1QPw3Iow+GHMvyXWbXHmsCb
	LpqYfpfMqtVP8f6hVQdFoLsqGyhmiwhu+4J5t9P3bDbUnMetUI1jXlmbjiiFEUD9YDYGSS
	vdMzUpuuIMGpjGWoNBHQI8M4VibNGF0pyVvZzcXwe+Q4RCwhyHNzrtNfKZ2xExqss7rNJn
	isDCPCVXxBkrXNUNKYgVziRRmuJnOOF9IL++dhIP6haTEIjU9ahZgjMAJzdf8KDO0KOQNj
	cIX8a1Xr1UI3JA/pQNFUsGbqbyrei+qTPmon/KX2WgyQ+ZTPBTDx2BvBRTSSLw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754613543; a=rsa-sha256; cv=none;
	b=r1wFDmDfOhlsDOeLelacdx9P+Te3dupKbf8nSDDgS/MtmPqcL5gBoflWEQyUqG/0aQH4/C
	Jej5jY2Cfkh4OiEVMkBn1vqon+ULjv8wgIe1ZUx0+IhHIQG98z6CI9BIE44p8FCAd3oktF
	4adPo/RGX5cNFlRZK3Bn3EWx30zSERcsqgzyrzzlQyxRT/ptdi5Pr2hfim/TPzbOmm4s4o
	q3+RVQhhoHa0HfGD1gnmmL3WUCDnZkXKJUBJhteG+56Fkkj4nLwAo70M/8o0yiQEoUIphc
	1/OOiEztZZ18cCD9oPKfaP4gQ7FO6BRgJAIx8JUz6lF+UD6cb8TPzrkJjOejTg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bylX72bYNz1Rxx;
	Fri, 08 Aug 2025 00:39:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5780d3FM073658;
	Fri, 8 Aug 2025 00:39:03 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5780d3Uj073655;
	Fri, 8 Aug 2025 00:39:03 GMT
	(envelope-from git)
Date: Fri, 8 Aug 2025 00:39:03 GMT
Message-Id: <202508080039.5780d3Uj073655@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gordon Tetlow <gordon@FreeBSD.org>
Subject: git: a3bd81ddfe29 - releng/14.3 - net80211: fix TKIP trailer
  trimming w/ no rx parameters given
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: gordon
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/14.3
X-Git-Reftype: branch
X-Git-Commit: a3bd81ddfe2912afb824e322fddc576cde72e376
Auto-Submitted: auto-generated

The branch releng/14.3 has been updated by gordon:

URL: https://cgit.FreeBSD.org/src/commit/?id=a3bd81ddfe2912afb824e322fddc576cde72e376

commit a3bd81ddfe2912afb824e322fddc576cde72e376
Author:     Adrian Chadd <adrian@FreeBSD.org>
AuthorDate: 2025-06-02 00:11:40 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2025-08-07 23:21:08 +0000

    net80211: fix TKIP trailer trimming w/ no rx parameters given
    
    Previous work made trimming the TKIP trailer an optional thing
    based on what the driver indicated it did with the received
    frame.  However, for drivers that aren't populating an RX frame
    with an rx status - notably iwn(4) - exposed this bug.
    
    If the driver doesn't expose any RX status then just restore
    the previous behaviour.
    
    This matches what was done in the CCMP code in ccmp_decap().
    
    Locally tested:
    
    * iwn(4), STA mode, CCMP + TKIP groupwise network
    
    Differential Revision:  https://reviews.freebsd.org/D50638
    Fixes:  731ff40069d28
    Reviewed by:    bz
    Approved by:    so
    Security:       FreeBSD-EN-25:13.wlan_tkip
    
    (cherry picked from commit 36fcd52c2bd5a8a4b3d584564852f417fb83e762)
    (cherry picked from commit 950343a170f06a0651b725058e0669b8d03b9d24)
---
 sys/net80211/ieee80211_crypto_tkip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index ca474b504fff..0506e2df6545 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -370,7 +370,7 @@ finish:
 	/*
 	 * Strip the ICV if hardware has not done so already.
 	 */
-	if (rxs != NULL && (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0)
+	if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0)
 		m_adj(m, -tkip.ic_trailer);
 
 	return 1;