ce15d645be
CVE-2010-4346: install_special_mapping skips security_file_mmap check CVE-2010-4649: IB/uverbs: Handle large number of entries in poll CQ CVE-2011-0006: ima: fix add LSM rule bug CVE-2010-4648: orinoco: fix TKIP countermeasure behaviour CVE-2010-4650: fuse: verify ioctl retries
60 lines
2.0 KiB
Diff
60 lines
2.0 KiB
Diff
From: David Kilroy <kilroyd@googlemail.com>
|
|
Date: Sun, 5 Dec 2010 15:43:55 +0000 (+0000)
|
|
Subject: orinoco: fix TKIP countermeasure behaviour
|
|
X-Git-Tag: v2.6.37-rc6~14^2~14^2
|
|
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48
|
|
|
|
orinoco: fix TKIP countermeasure behaviour
|
|
|
|
Enable the port when disabling countermeasures, and disable it on
|
|
enabling countermeasures.
|
|
|
|
This bug causes the response of the system to certain attacks to be
|
|
ineffective.
|
|
|
|
It also prevents wpa_supplicant from getting scan results, as
|
|
wpa_supplicant disables countermeasures on startup - preventing the
|
|
hardware from scanning.
|
|
|
|
wpa_supplicant works with ap_mode=2 despite this bug because the commit
|
|
handler re-enables the port.
|
|
|
|
The log tends to look like:
|
|
|
|
State: DISCONNECTED -> SCANNING
|
|
Starting AP scan for wildcard SSID
|
|
Scan requested (ret=0) - scan timeout 5 seconds
|
|
EAPOL: disable timer tick
|
|
EAPOL: Supplicant port status: Unauthorized
|
|
Scan timeout - try to get results
|
|
Failed to get scan results
|
|
Failed to get scan results - try scanning again
|
|
Setting scan request: 1 sec 0 usec
|
|
Starting AP scan for wildcard SSID
|
|
Scan requested (ret=-1) - scan timeout 5 seconds
|
|
Failed to initiate AP scan.
|
|
|
|
Reported by: Giacomo Comes <comes@naic.edu>
|
|
Signed-off by: David Kilroy <kilroyd@googlemail.com>
|
|
Cc: stable@kernel.org
|
|
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
|
---
|
|
|
|
diff --git a/drivers/net/wireless/orinoco/wext.c b/drivers/net/wireless/orinoco/wext.c
|
|
index 93505f9..e5afabe 100644
|
|
--- a/drivers/net/wireless/orinoco/wext.c
|
|
+++ b/drivers/net/wireless/orinoco/wext.c
|
|
@@ -911,10 +911,10 @@ static int orinoco_ioctl_set_auth(struct net_device *dev,
|
|
*/
|
|
if (param->value) {
|
|
priv->tkip_cm_active = 1;
|
|
- ret = hermes_enable_port(hw, 0);
|
|
+ ret = hermes_disable_port(hw, 0);
|
|
} else {
|
|
priv->tkip_cm_active = 0;
|
|
- ret = hermes_disable_port(hw, 0);
|
|
+ ret = hermes_enable_port(hw, 0);
|
|
}
|
|
break;
|
|
|