Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eapol: authenticator: Drop unencrypted EAPoL frames 

After the initial handshake, once the TK has been installed, all frames
coming to the AP should be encrypted.  However, it seems that some
kernel/driver combinations allow unencrypted EAPoL frames to be received
and forwarded to userspace.  This can lead to various attacks.

Some drivers can report whether the EAPoL frame has been received
unencrypted.  Use this information to drop unencrypted EAPoL frames
received after the initial handshake has been completed.
This commit is contained in:
Denis Kenzior 2022-05-10 16:03:54 -05:00
parent ccdea73df2
commit ee3a044b75
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/eapol.c
View File

@ -2547,6 +2547,11 @@ static void eapol_rx_auth_packet(uint16_t proto, const uint8_t *from,
if (proto != ETH_P_PAE || memcmp(from, sm->handshake->spa, 6))
return;
if (sm->handshake->ptk_complete && noencrypt) {
l_debug("Dropping unexpected unencrypted EAPoL frame");
return;
}
switch (frame->header.packet_type) {
case 0: /* EAPOL-EAP */
if (!sm->eap) {