K 10
svn:author
V 6
emaste
K 8
svn:date
V 27
2022-02-15T16:05:49.645866Z
K 7
svn:log
V 983
net80211: prevent plaintext injection by A-MSDU RFC1042/EAPOL frames

No longer accept plaintext A-MSDU frames that start with an RFC1042
header with EtherType EAPOL.  This is done by only accepting EAPOL
packets that are included in non-aggregated 802.11 frames.

Note that before this patch, FreeBSD also only accepted EAPOL frames
that are sent in a non-aggregated 802.11 frame due to bugs in
processing EAPOL packets inside A-MSDUs. In other words,
compatibility with legitimate devices remains the same.

This relates to section 6.5 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.

Submitted by:	Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security:	CVE-2020-26144
PR:		256120

(cherry picked from commit ffc19cf52da5546973965f78cf32aa0f2c9657f8)
(cherry picked from commit 8b2ba742cc2c732bc4bc1d43f8256adce06657d0)

Git Hash:   2d09e4366b67dd719ebae5390436868e5430d833
Git Author: Mathy.Vanhoef@kuleuven.be
END