This is a note to let you know that I've just added the patch titled mac80211: fix TKIP replay vulnerability
to the 2.6.39-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mac80211-fix-tkip-replay-vulnerability.patch and it can be found in the queue-2.6.39 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <sta...@kernel.org> know about it. >From 34459512ffa7236c849466e3bd604801389734e1 Mon Sep 17 00:00:00 2001 From: Johannes Berg <johannes.b...@intel.com> Date: Thu, 7 Jul 2011 18:24:54 +0200 Subject: mac80211: fix TKIP replay vulnerability From: Johannes Berg <johannes.b...@intel.com> commit 34459512ffa7236c849466e3bd604801389734e1 upstream. Unlike CCMP, the presence or absence of the QoS field doesn't change the encryption, only the TID is used. When no QoS field is present, zero is used as the TID value. This means that it is possible for an attacker to take a QoS packet with TID 0 and replay it as a non-QoS packet. Unfortunately, mac80211 uses different IVs for checking the validity of the packet's TKIP IV when it checks TID 0 and when it checks non-QoS packets. This means it is vulnerable to this replay attack. To fix this, use the same replay counter for TID 0 and non-QoS packets by overriding the rx->queue value to 0 if it is 16 (non-QoS). This is a minimal fix for now. I caused this issue in commit 1411f9b531f0a910cd1c85a337737c1e6ffbae6a Author: Johannes Berg <johan...@sipsolutions.net> Date: Thu Jul 10 10:11:02 2008 +0200 mac80211: fix RX sequence number check while fixing a sequence number issue (there, a separate counter needs to be used). Signed-off-by: Johannes Berg <johannes.b...@intel.com> Signed-off-by: John W. Linville <linvi...@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gre...@suse.de> --- net/mac80211/wpa.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c @@ -86,6 +86,11 @@ ieee80211_rx_h_michael_mic_verify(struct struct sk_buff *skb = rx->skb; struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; + int queue = rx->queue; + + /* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */ + if (rx->queue == NUM_RX_DATA_QUEUES - 1) + queue = 0; /* No way to verify the MIC if the hardware stripped it */ if (status->flag & RX_FLAG_MMIC_STRIPPED) @@ -119,8 +124,8 @@ ieee80211_rx_h_michael_mic_verify(struct skb_trim(skb, skb->len - MICHAEL_MIC_LEN); /* update IV in key information to be able to detect replays */ - rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32; - rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16; + rx->key->u.tkip.rx[queue].iv32 = rx->tkip_iv32; + rx->key->u.tkip.rx[queue].iv16 = rx->tkip_iv16; return RX_CONTINUE; } @@ -201,6 +206,11 @@ ieee80211_crypto_tkip_decrypt(struct iee struct ieee80211_key *key = rx->key; struct sk_buff *skb = rx->skb; struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); + int queue = rx->queue; + + /* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */ + if (rx->queue == NUM_RX_DATA_QUEUES - 1) + queue = 0; hdrlen = ieee80211_hdrlen(hdr->frame_control); @@ -221,7 +231,7 @@ ieee80211_crypto_tkip_decrypt(struct iee res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, key, skb->data + hdrlen, skb->len - hdrlen, rx->sta->sta.addr, - hdr->addr1, hwaccel, rx->queue, + hdr->addr1, hwaccel, queue, &rx->tkip_iv32, &rx->tkip_iv16); if (res != TKIP_DECRYPT_OK) Patches currently in stable-queue which might be from johannes.b...@intel.com are queue-2.6.39/mac80211-fix-tkip-replay-vulnerability.patch _______________________________________________ stable mailing list stable@linux.kernel.org http://linux.kernel.org/mailman/listinfo/stable