wifi: mac80211: check key taint for beacon protection

This will likely never happen, but for completeness check
the key taint flag before using a key for beacon protection.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230301115906.cf2c3fee6f1f.I2f19b3e04e31c99bed3c9dc71935bf513b2cd177@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 7699fb41067015b582eb114acee471e9dda05171..1f9294f5baa49fc85ae3ba9f23b84084fa51cb27 100644 (file)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5115,6 +5115,12 @@ static int ieee80211_beacon_protect(struct sk_buff *skb,
        tx.key = rcu_dereference(link->default_beacon_key);
        if (!tx.key)
                return 0;
+
+       if (unlikely(tx.key->flags & KEY_FLAG_TAINTED)) {
+               tx.key = NULL;
+               return -EINVAL;
+       }
+
        tx.local = local;
        tx.sdata = sdata;
        __skb_queue_head_init(&tx.skbs);