Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Jun 2025 09:14:38 GMT
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 950343a170f0 - stable/14 - net80211: fix TKIP trailer trimming w/ no rx parameters given
Message-ID:  <202506110914.55B9EcaW062731@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=950343a170f06a0651b725058e0669b8d03b9d24

commit 950343a170f06a0651b725058e0669b8d03b9d24
Author:     Adrian Chadd <adrian@FreeBSD.org>
AuthorDate: 2025-06-02 00:11:40 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-06-10 23:45:16 +0000

    net80211: fix TKIP trailer trimming w/ no rx parameters given
    
    Previous work made trimming the TKIP trailer an optional thing
    based on what the driver indicated it did with the received
    frame.  However, for drivers that aren't populating an RX frame
    with an rx status - notably iwn(4) - exposed this bug.
    
    If the driver doesn't expose any RX status then just restore
    the previous behaviour.
    
    This matches what was done in the CCMP code in ccmp_decap().
    
    Locally tested:
    
    * iwn(4), STA mode, CCMP + TKIP groupwise network
    
    Differential Revision:  https://reviews.freebsd.org/D50638
    Fixes:  731ff40069d28
    Reviewed by:    bz
    
    (cherry picked from commit 36fcd52c2bd5a8a4b3d584564852f417fb83e762)
---
 sys/net80211/ieee80211_crypto_tkip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index ca474b504fff..0506e2df6545 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -370,7 +370,7 @@ finish:
 	/*
 	 * Strip the ICV if hardware has not done so already.
 	 */
-	if (rxs != NULL && (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0)
+	if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0)
 		m_adj(m, -tkip.ic_trailer);
 
 	return 1;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506110914.55B9EcaW062731>