On Tue, 2016-01-05 at 11:54 +0100, Matthias May wrote:

Not safe as in "access to stuff which has to be locked", or not safe
as 
in "a CCMP replay attack is possible"?
When changing this we argumented that since we are not really
connected 
yet, a CCMP replay attack doesn't really make sense.

It's a bit more complicated than my first look suggested, it seems.

However, I'm not sure what effect your patch is supposed to have.
You're skipping CCMP replay checking and update when not authorized
yet, at which point the station isn't receiving frames anyway (though
they'd be checked for all this, they'd later be discarded).

Once it becomes authorized, you do the checks. However, it never
becomes unauthorized again, even for rekeying, so for the PTK rekeying
issue at hand it's pretty much a no-op?

johannes

PS: the comment in your patch is also wrong:

+               /* If we are a station update the ccmp counter only when we are
+                * authorised. For all other modes always update. */
+               if (!rx->sta ||
+                   (rx->sta && test_sta_flag(rx->sta, WLAN_STA_AUTHORIZED)) ) {

There's no check for "if we are a station" here.