HomeFreeBSD
Diffusion FreeBSD src repository a780210457fe

net80211: reject mixed plaintext/encrypted fragments
a780210457fe
Actions

Description

net80211: reject mixed plaintext/encrypted fragments

ieee80211_defrag() accepts fragmented 802.11 frames in a protected Wi-Fi
network even when some of the fragments are not encrypted.
Track whether the fragments are encrypted or not and only accept
successive ones if they match the state of the first fragment.

This relates to section 6.3 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.

Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26147
PR: 256118

(cherry picked from commit 11572d7d7fb9802ceb46ea9dc6cbe3bb95373e55)
(cherry picked from commit e13d483c5677d12b52f1c81537d54faa85ed43b9)
(cherry picked from commit 00cd5a2f614ae2cf1daa30cde7f91de9cdde2393)

Approved by: so
Security: FreeBSD-SA-22:02.wifi

Details

Provenance
Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>Authored on Jun 6 2021, 10:10 PM
markjCommitted on Mar 15 2022, 5:40 PM
Parents
rGb2107e60f62e: net80211: proper ssid length check in setmlme_assoc_adhoc()
Branches
Unknown
Tags
Unknown

Event Timeline

markj committed rGa780210457fe: net80211: reject mixed plaintext/encrypted fragments (authored by Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>).Mar 15 2022, 5:40 PM

Changes (7)

PathSize
sys/
net80211/

rGa780210457fe

View Options

sys/net80211/ieee80211_adhoc.c

Loading...
View Options

sys/net80211/ieee80211_hostap.c

Loading...
View Options

sys/net80211/ieee80211_input.c

Loading...
View Options

sys/net80211/ieee80211_input.h

Loading...
View Options

sys/net80211/ieee80211_mesh.c

Loading...
View Options

sys/net80211/ieee80211_sta.c

Loading...
View Options

sys/net80211/ieee80211_wds.c

Loading...