From nobody Wed Sep 06 17:37:45 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgqMY6CgQz4sQjB;
	Wed,  6 Sep 2023 17:37:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RgqMY531qz3dvF;
	Wed,  6 Sep 2023 17:37:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1694021865;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7ZvctPZhRUCesvohr18aFMHQijUjGXdZizLQF/kzlGo=;
	b=oHQio/TzqztwsKepleX51kpHatS+zavnkrKC10gDuAVmu+Fne6BusgH1n+VvWL/lm7qr5q
	V/DIhEVF1vyzUtotGTNO3JeWythSXfEpccH6iZamPs6XApKOed7y/rjjRpGBRQZhq4nsq+
	CVUfgGlDbOuxmAU5/PjS5h9hll21ky/BRusgpZiprTutzCcf1OmVQoQ0goeN16T3/kxd0t
	giRjcvasC6dfwQSP2ZhpRoETVI4mlVhiTZ0MeRZqb7iU1Os+IUs+XOTJjN0ZsWAWVYbisk
	sfvEfWITdJwasef5AEomiDJutDt8h5mC9ZfA2igGV9SHDqRLrE17wUKa+OBoqA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694021865; a=rsa-sha256; cv=none;
	b=F58OzCrwdDu35E8cqaGSmnVOdC815S1O1ON9a30x5amAzmALWFRdfX8DNVnTEkgZON2Lxb
	Ox9IT2Kp+9F/2VEk/6qnw1//JPfrb8fNL8/jaIeiIxbFaiEwpuGibPFhNm4f5gv2ZgT06j
	GhzhbOIT8fbfXNYlkpbKlqMoa4HdyuqFr5b5IHjvqL725oknwk4aqbpkZrESXRHTl+COW/
	quhzHB9/DJgr0qTAjhndtRzvJEmiOsjVK8nKMRW5pMif0LaByNgcK0f/qBSVhLWROuCJc4
	4LowI7NmOerqSY2WI0Sf6nZsDRqZOSmp77QKkHwa7ax/i+yKaxI50mQVxWPXng==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1694021865;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7ZvctPZhRUCesvohr18aFMHQijUjGXdZizLQF/kzlGo=;
	b=UlXGPfDQ71+UMTZ5y1SBwwOaHooFBGyDI8knrz8OXMQrZGdBoVxgXhBHahbuMkISxQOKGO
	zUCuxCW8Nn60+G0BSIlGPpXA/fuomv5BQ5zQRXWYhQdbXYqiiTeBKEn1Ab31HFlSb82UKe
	zcKVgZ9UTsGluJMLCPN03K6Zty529aESL8+iNRMcN6W2gSI86HsRTa9GbpKxNE3ylNt2vq
	ze4f+KHowY6vRDYEouEfuVn8+PVKoz/Ao/2ocKjAU0WMhnrxZA0rN7ehCUMXdOrs3YFwUv
	bHDLidVRC/rMiU+hl/ujTMNcwgmIBpEBUWCfmbAGV4c8jsf0F43tDIx512PdqQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RgqMY3tDJzBMd;
	Wed,  6 Sep 2023 17:37:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 386Hbjxu086827;
	Wed, 6 Sep 2023 17:37:45 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 386HbjQr086824;
	Wed, 6 Sep 2023 17:37:45 GMT
	(envelope-from git)
Date: Wed, 6 Sep 2023 17:37:45 GMT
Message-Id: <202309061737.386HbjQr086824@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gordon Tetlow <gordon@FreeBSD.org>
Subject: git: e020f9602809 - releng/12.4 - net80211: fail for unicast
  traffic without unicast key
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: gordon
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/12.4
X-Git-Reftype: branch
X-Git-Commit: e020f9602809e6973b189d6d30e325f1f92f7148
Auto-Submitted: auto-generated

The branch releng/12.4 has been updated by gordon:

URL: https://cgit.FreeBSD.org/src/commit/?id=e020f9602809e6973b189d6d30e325f1f92f7148

commit e020f9602809e6973b189d6d30e325f1f92f7148
Author:     domienschepers <schepers.d@northeastern.edu>
AuthorDate: 2022-11-10 00:00:00 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-09-06 17:20:03 +0000

    net80211: fail for unicast traffic without unicast key
    
    Falling back to the multicast key may cause unicast traffic to leak.
    Instead fail when no key is found.
    
    For more information see the 'Framing Frames: Bypassing Wi-Fi Encryption
    by Manipulating Transmit Queues' paper.
    
    Approved by:    so
    Security:       FreeBSD-SA-23:11.wifi
    Security:       CVE-2022-47522
    
    (cherry picked from commit 61605e0ae5d8f34b89b8e71e393f3006f511e86a)
    (cherry picked from commit 84d538470bced9b1a45064c7845c92551a15e3e1)
---
 sys/net80211/ieee80211_crypto.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index d565b3511170..0e605bf13a43 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -560,13 +560,17 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m)
 
 	/*
 	 * Multicast traffic always uses the multicast key.
-	 * Otherwise if a unicast key is set we use that and
-	 * it is always key index 0.  When no unicast key is
-	 * set we fall back to the default transmit key.
+	 *
+	 * Historically we would fall back to the default
+	 * transmit key if there was no unicast key.  This
+	 * behaviour was documented up to IEEE Std 802.11-2016,
+	 * 12.9.2.2 Per-MSDU/Per-A-MSDU Tx pseudocode, in the
+	 * 'else' case but is no longer in later versions of
+	 * the standard.  Additionally falling back to the
+	 * group key for unicast was a security risk.
 	 */
 	wh = mtod(m, struct ieee80211_frame *);
-	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
-	    IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
+	if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 		if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) {
 			IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
 			    wh->i_addr1,
@@ -578,6 +582,8 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m)
 		return &vap->iv_nw_keys[vap->iv_def_txkey];
 	}
 
+	if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey))
+		return NULL;
 	return &ni->ni_ucastkey;
 }