mac80211: refuse aggregations sessions before authorized

BugLink: https://bugs.launchpad.net/bugs/1969678
[ Upstream commit a6bce78262f5dd4b50510f0aa47f3995f7b185f3 ]

If an MFP station isn't authorized, the receiver will (or
at least should) drop the action frame since it's a robust
management frame, but if we're not authorized we haven't
installed keys yet. Refuse attempts to start a session as
they'd just time out.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220203201528.ff4d5679dce9.I34bb1f2bc341e161af2d6faf74f91b332ba11285@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 20024b11c2c6565fcb7ee6986c8ecc36dde11932..ff74cd0feb8f455896b9ef52a6fba2ab3b343552 100644 (file)
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -9,7 +9,7 @@
  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
  * Copyright 2007-2010, Intel Corporation
  * Copyright(c) 2015-2017 Intel Deutschland GmbH
- * Copyright (C) 2018 - 2021 Intel Corporation
+ * Copyright (C) 2018 - 2022 Intel Corporation
  */
 
 #include <linux/ieee80211.h>
@@ -622,6 +622,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
                return -EINVAL;
        }
 
+       if (test_sta_flag(sta, WLAN_STA_MFP) &&
+           !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
+               ht_dbg(sdata,
+                      "MFP STA not authorized - deny BA session request %pM tid %d\n",
+                      sta->sta.addr, tid);
+               return -EINVAL;
+       }
+
        /*
         * 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a
         * member of an IBSS, and has no other existing Block Ack agreement