CVSROOT: /cvs
Module name: src
Changes by: s...@cvs.openbsd.org 2018/09/24 14:14:59
Modified files:
sys/net80211 : ieee80211_crypto.c
Log message:
Prevent ieee80211_get_txkey() from returning the integrity group temporal
key (IGTK) if a node doesn't have management frame protection (MFP) enabled.
The IGTK is not initialized if MFP is disabled, so using it triggers this
panic in ieee80211_encrypt(): panic("invalid key cipher 0x%x", k->k_cipher)
(As far as I can tell, at present, MFP is never enabled.)
Problem reported and fix tested by tj@ on athn(4) hostap
