Commit a6bce782 authored by Johannes Berg's avatar Johannes Berg

mac80211: refuse aggregations sessions before authorized

If an MFP station isn't authorized, the receiver will (or
at least should) drop the action frame since it's a robust
management frame, but if we're not authorized we haven't
installed keys yet. Refuse attempts to start a session as
they'd just time out.
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220203201528.ff4d5679dce9.I34bb1f2bc341e161af2d6faf74f91b332ba11285@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 610d086d
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* Copyright 2007, Michael Wu <flamingice@sourmilk.net> * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2007-2010, Intel Corporation * Copyright 2007-2010, Intel Corporation
* Copyright(c) 2015-2017 Intel Deutschland GmbH * Copyright(c) 2015-2017 Intel Deutschland GmbH
* Copyright (C) 2018 - 2021 Intel Corporation * Copyright (C) 2018 - 2022 Intel Corporation
*/ */
#include <linux/ieee80211.h> #include <linux/ieee80211.h>
...@@ -626,6 +626,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, ...@@ -626,6 +626,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
return -EINVAL; return -EINVAL;
} }
if (test_sta_flag(sta, WLAN_STA_MFP) &&
!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
ht_dbg(sdata,
"MFP STA not authorized - deny BA session request %pM tid %d\n",
sta->sta.addr, tid);
return -EINVAL;
}
/* /*
* 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a * 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a
* member of an IBSS, and has no other existing Block Ack agreement * member of an IBSS, and has no other existing Block Ack agreement
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment