From nobody Mon Apr 10 23:39:34 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PwQRq26C9z44xR4; Mon, 10 Apr 2023 23:39:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PwQRq12Mmz3mWk; Mon, 10 Apr 2023 23:39:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681169975; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WgxHIK6tl5wnZ+ekoJb9SuKPSgkg33wkScOjBbPmQAQ=; b=jER3wex8Su4Z+GFpVzn9CBOCArWcXn88VBMsefjtKqwDI7rCxbtpi+J9H33mzXNtwKrja7 wLykmRN+P5MCVz7092vnT8oKRj7Un/fbC1JZJ/81dGLPkKQF1o5EaPsK4gT0+PqxrthW6w C27sYx7O098s6/xw6n39jssXrGtpN7iVUDLttG7Lk8b+NZgIL61ok1QAQBHViCjuoG7GNK qmzicHdATLs2XK8zF96Eb58cZ/MS4zkwYAOl37xO0XlhMehfitmG11q27bD9bIBpV/g+L9 X0Q4LJGgnuQiu1QTdX1rfYZlIQKsO6VVsCleVF7e9seLhYhqc0FTSbuKo/emZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681169975; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WgxHIK6tl5wnZ+ekoJb9SuKPSgkg33wkScOjBbPmQAQ=; b=rPiGpKrzD3XOhrpxyMY3KSKANzI317GrFCkOROG73bX5/9P5UnbtT6RWImiD0cG155afDu Ozc+FPE44FdfLcGlnKjcX/cC90QZpRrSkft2gHBARpK/8jR8Fx75QIV4I2/JBkceNIWGUI zTZn4XswdRIBAnvNPFUdxCSg/16gaguByRgfW7cJiUEA4XxNFASh7UcQZNxalvFXb3PvhQ wbGfQ5WWQtm148CijrqGZQkH3JAXmyrv8Y24eXnxfuz26/Pwz5QRlo5HLdPbSTGVSdJjq5 0niFD5t+xb8brj4aOUoAx/NPCwujIi8zxdimugXO8FYQ8IX7FYoch/goiNBMUA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681169975; a=rsa-sha256; cv=none; b=GRZCkUzk6pW0GAHOUFSZ5aSQL0g6MUrVshgQgYZbhWc5TQRUSfijV+keDYINr1mE/QEr2V ZbhqafGVnozX5jH+mlkizRdXcfgQ2UPVc8GsPIb40HM38hExTDRdg7h5nd+MIsDSdvzcSl ZlND+HULq2J9DY3eh0M5JIxxBNY7meTEhp9mD99oISgxVrFgh8bo7dxnD4WIcRkjFnmSjg 87B2NwUotd0A3vil04b447aFqPkL2Pt38dbfytVVHGUnBVGRV+wUunvAyQOjJmOVJu/jHj QtveCuLzR3lR+sZV1wrYfFDaZ6xKNY9wDV0D7UIw//h0FDagXS4uEzbRoFhA3w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PwQRp6rPdz19Q5; Mon, 10 Apr 2023 23:39:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33ANdY11049362; Mon, 10 Apr 2023 23:39:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33ANdYpF049361; Mon, 10 Apr 2023 23:39:34 GMT (envelope-from git) Date: Mon, 10 Apr 2023 23:39:34 GMT Message-Id: <202304102339.33ANdYpF049361@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: 61605e0ae5d8 - main - net80211: fail for unicast traffic without unicast key List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 61605e0ae5d8f34b89b8e71e393f3006f511e86a Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=61605e0ae5d8f34b89b8e71e393f3006f511e86a commit 61605e0ae5d8f34b89b8e71e393f3006f511e86a Author: domienschepers AuthorDate: 2022-11-10 00:00:00 +0000 Commit: Bjoern A. Zeeb CommitDate: 2023-04-10 23:38:57 +0000 net80211: fail for unicast traffic without unicast key Falling back to the multicast key may cause unicast traffic to leak. Instead fail when no key is found. For more information see the 'Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues' paper. [ I updated the commit message to reference the paper and the code comment to record historic behaviour as discussed in private email. ] Security: CVE-2022-47522 --- sys/net80211/ieee80211_crypto.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 59760d1e7d9c..f5941392465b 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -560,13 +560,17 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m) /* * Multicast traffic always uses the multicast key. - * Otherwise if a unicast key is set we use that and - * it is always key index 0. When no unicast key is - * set we fall back to the default transmit key. + * + * Historically we would fall back to the default + * transmit key if there was no unicast key. This + * behaviour was documented up to IEEE Std 802.11-2016, + * 12.9.2.2 Per-MSDU/Per-A-MSDU Tx pseudocode, in the + * 'else' case but is no longer in later versions of + * the standard. Additionally falling back to the + * group key for unicast was a security risk. */ wh = mtod(m, struct ieee80211_frame *); - if (IEEE80211_IS_MULTICAST(wh->i_addr1) || - IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { + if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr1, @@ -578,6 +582,8 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m) return &vap->iv_nw_keys[vap->iv_def_txkey]; } + if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) + return NULL; return &ni->ni_ucastkey; }