• Jouni Malinen's avatar
    mac80211: Do not send Layer 2 Update frame before authorization · 4ea96747
    Jouni Malinen authored
    BugLink: https://bugs.launchpad.net/bugs/1860681
    
    commit 3e493173 upstream.
    
    The Layer 2 Update frame is used to update bridges when a station roams
    to another AP even if that STA does not transmit any frames after the
    reassociation. This behavior was described in IEEE Std 802.11F-2003 as
    something that would happen based on MLME-ASSOCIATE.indication, i.e.,
    before completing 4-way handshake. However, this IEEE trial-use
    recommended practice document was published before RSN (IEEE Std
    802.11i-2004) and as such, did not consider RSN use cases. Furthermore,
    IEEE Std 802.11F-2003 was withdrawn in 2006 and as such, has not been
    maintained amd should not be used anymore.
    
    Sending out the Layer 2 Update frame immediately after association is
    fine for open networks (and also when using SAE, FT protocol, or FILS
    authentication when the station is actually authenticated by the time
    association completes). However, it is not appropriate for cases where
    RSN is used with PSK or EAP authentication since the station is actually
    fully authenticated only once the 4-way handshake completes after
    authentication and attackers might be able to use the unauthenticated
    triggering of Layer 2 Update frame transmission to disrupt bridge
    behavior.
    
    Fix this by postponing transmission of the Layer 2 Update frame from
    station entry addition to the point when the station entry is marked
    authorized. Similarly, send out the VLAN binding update only if the STA
    entry has already been authorized.
    Signed-off-by: default avatarJouni Malinen <jouni@codeaurora.org>
    Reviewed-by: default avatarJohannes Berg <johannes@sipsolutions.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    [bwh: Backported to 4.4: adjust context]
    Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
    Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
    4ea96747
sta_info.c 55.4 KB