Re: [syzbot] [PATCH wireless v2] wifi: mac80211: drop invalid source address OCB frames
From: syzbot
Date: Mon Jun 16 2025 - 11:18:51 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx, syzkaller-bugs@xxxxxxxxxxxxxxxx.
***
Subject: [PATCH wireless v2] wifi: mac80211: drop invalid source address OCB frames
Author: johannes@xxxxxxxxxxxxxxxx
From: Johannes Berg <johannes.berg@xxxxxxxxx>
In OCB, don't accept frames from invalid source addresses
(and in particular don't try to create stations for them),
drop the frames instead.
Reported-by: syzbot+8b512026a7ec10dcbdd9@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://lore.kernel.org/r/6788d2d9.050a0220.20d369.0028.GAE@xxxxxxxxxx/
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
---
#syz test
---
net/mac80211/rx.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 09beb65d6108..e73431549ce7 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4432,6 +4432,10 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
if (!multicast &&
!ether_addr_equal(sdata->dev->dev_addr, hdr->addr1))
return false;
+ /* reject invalid/our STA address */
+ if (!is_valid_ether_addr(hdr->addr2) ||
+ ether_addr_equal(sdata->dev->dev_addr, hdr->addr2))
+ return false;
if (!rx->sta) {
int rate_idx;
if (status->encoding != RX_ENC_LEGACY)
--
2.49.0