CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/05/19 15:57:31
Modified files:
sys/net80211 : Tag: OPENBSD_6_9 ieee80211_input.c
Log message:
Drop fragmented 802.11 frames.
Fragmented frames were never of any practical use to us anyway, given that
our net80211 stack does not (yet?) re-assemble them.
Counter-measure against attacks where an arbitrary packet is injected in a
fragment with attacker-controlled content (via an AP which supports fragments).
See https://papers.mathyvanhoef.com/usenix2021.pdf
Section 6.8 "Treating fragments as full frames"
ok mpi@
Prevent frame injection via forged 802.11n A-MSDUs.
This mitigates an attack where a single 802.11 frame is interpreted as an
A-MSDU because of a forged AMSDU-present bit in the 802.11 QoS frame header.
See https://papers.mathyvanhoef.com/usenix2021.pdf section 3.2.
MAC address validation is added as an additional measure to prevent hostap
clients from sending A-MSDU subframes with a spoofed source address.
An earlier version of this patch was reviewed by Mathy Vanhoef, who spotted
a bug in my original attempt at preventing spoofed addresses.
ok mpi@
from stsp@
this is errata/6.9/004_net80211.patch.sig
