| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170502060145.26766-4-insafonov@gmail.com>
Date: Tue, 2 May 2017 09:01:42 +0300
From: Ivan Safonov <insafonov@...il.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Aishwarya Pant <aishpant@...il.com>,
Yamanappagouda Patil <goudapatilk@...il.com>,
Luca Ceresoli <luca@...aceresoli.net>,
Jarod Wilson <jarod@...hat.com>,
"David S . Miller" <davem@...emloft.net>,
devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
Ivan Safonov <insafonov@...il.com>
Subject: [PATCH 4/7] staging:r8188eu: trim IV/ICV fields in validate_recv_data_frame()
Length of IV/ICV fields calculated here, so trim these field here too.
Signed-off-by: Ivan Safonov <insafonov@...il.com>
---
drivers/staging/rtl8188eu/core/rtw_recv.c | 17 ++++++++++-------
drivers/staging/rtl8188eu/os_dep/mon.c | 19 ++++---------------
2 files changed, 14 insertions(+), 22 deletions(-)
diff --git a/drivers/staging/rtl8188eu/core/rtw_recv.c b/drivers/staging/rtl8188eu/core/rtw_recv.c
index e8f0ff9..2c37bb5 100644
--- a/drivers/staging/rtl8188eu/core/rtw_recv.c
+++ b/drivers/staging/rtl8188eu/core/rtw_recv.c
@@ -1138,6 +1138,8 @@ static int validate_recv_data_frame(struct adapter *adapter,
}
if (pattrib->privacy) {
+ struct sk_buff *skb = precv_frame->pkt;
+
RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("validate_recv_data_frame:pattrib->privacy=%x\n", pattrib->privacy));
RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n ^^^^^^^^^^^IS_MCAST(pattrib->ra(0x%02x))=%d^^^^^^^^^^^^^^^6\n", pattrib->ra[0], IS_MCAST(pattrib->ra)));
@@ -1146,6 +1148,13 @@ static int validate_recv_data_frame(struct adapter *adapter,
RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n pattrib->encrypt=%d\n", pattrib->encrypt));
SET_ICE_IV_LEN(pattrib->iv_len, pattrib->icv_len, pattrib->encrypt);
+
+ if (pattrib->bdecrypted == 1 && pattrib->encrypt > 0) {
+ memmove(skb->data + pattrib->iv_len,
+ skb->data, pattrib->hdrlen);
+ skb_pull(skb, pattrib->iv_len);
+ skb_trim(skb, skb->len - pattrib->icv_len);
+ }
} else {
pattrib->encrypt = 0;
pattrib->iv_len = 0;
@@ -1265,14 +1274,8 @@ static int validate_recv_frame(struct adapter *adapter,
* Hence forward the frame to the monitor anyway to preserve the order
* in which frames were received.
*/
- rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame);
- if (precv_frame->attrib.bdecrypted == 1 && precv_frame->attrib.encrypt > 0 &&
- (adapter->securitypriv.busetkipkey == 1 || precv_frame->attrib.encrypt != _TKIP_)) {
- memmove(precv_frame->pkt->data + precv_frame->attrib.iv_len, precv_frame->pkt->data, precv_frame->attrib.hdrlen);
- skb_pull(precv_frame->pkt, precv_frame->attrib.iv_len);
- skb_trim(precv_frame->pkt, precv_frame->pkt->len - precv_frame->attrib.icv_len);
- }
+ rtl88eu_mon_recv_hook(adapter->pmondev, precv_frame);
exit:
diff --git a/drivers/staging/rtl8188eu/os_dep/mon.c b/drivers/staging/rtl8188eu/os_dep/mon.c
index 53f853f..ed39661 100644
--- a/drivers/staging/rtl8188eu/os_dep/mon.c
+++ b/drivers/staging/rtl8188eu/os_dep/mon.c
@@ -67,7 +67,7 @@ static void mon_recv_decrypted(struct net_device *dev, const u8 *data,
}
static void mon_recv_decrypted_recv(struct net_device *dev, const u8 *data,
- int data_len, int iv_len, int icv_len)
+ int data_len)
{
struct sk_buff *skb;
struct ieee80211_hdr *hdr;
@@ -86,15 +86,8 @@ static void mon_recv_decrypted_recv(struct net_device *dev, const u8 *data,
hdr = (struct ieee80211_hdr *)skb->data;
hdr_len = ieee80211_hdrlen(hdr->frame_control);
- if (skb->len < hdr_len + iv_len + icv_len) {
- if (ieee80211_has_protected(hdr->frame_control)) {
- hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-
- memmove(skb->data + iv_len, skb->data, hdr_len);
- skb_pull(skb, iv_len);
- skb_trim(skb, skb->len - icv_len);
- }
- }
+ if (ieee80211_has_protected(hdr->frame_control))
+ hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_PROTECTED);
skb->ip_summed = CHECKSUM_UNNECESSARY;
skb->protocol = eth_type_trans(skb, dev);
@@ -117,7 +110,6 @@ static void mon_recv_encrypted(struct net_device *dev, const u8 *data,
void rtl88eu_mon_recv_hook(struct net_device *dev, struct recv_frame *frame)
{
struct rx_pkt_attrib *attr;
- int iv_len, icv_len;
int data_len;
u8 *data;
@@ -130,11 +122,8 @@ void rtl88eu_mon_recv_hook(struct net_device *dev, struct recv_frame *frame)
data = frame->pkt->data;
data_len = frame->pkt->len;
- /* Broadcast and multicast frames don't have attr->{iv,icv}_len set */
- SET_ICE_IV_LEN(iv_len, icv_len, attr->encrypt);
-
if (attr->bdecrypted)
- mon_recv_decrypted_recv(dev, data, data_len, iv_len, icv_len);
+ mon_recv_decrypted_recv(dev, data, data_len);
else
mon_recv_encrypted(dev, data, data_len);
}
--
2.10.2
Powered by blists - more mailing lists