Commit e68842b3 authored May 20, 2026 by Junrui Luo Committed by Jakub Kicinski May 25, 2026

macsec: fix replay protection at XPN lower-PN wrap

In macsec_post_decrypt(), when pn is U32_MAX, pn + 1 overflows u32 to 0
and the first branch never fires. If next_pn_halves.lower is also in the
upper half, pn_same_half(pn, lower) is true and the XPN else-if does not
fire either, leaving next_pn_halves unchanged. An attacker that captures
the legitimate frame carrying pn == 0xFFFFFFFF on an XPN association
can then replay it indefinitely, since lowest_pn never rises above
the captured pn and macsec_decrypt() reconstructs the same IV.

Extend the XPN else-if to also fire when pn + 1 wraps to 0, so receipt
of pn == U32_MAX advances next_pn_halves to (upper + 1, 0).

Fixes: a21ecf0e ("macsec: Support XPN frame handling - IEEE 802.1AEbw")
Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/SYBPR01MB78813FD49E58F253B989F197AF012@SYBPR01MB7881.ausprd01.prod.outlook.com

Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent d47548a3

drivers/net/macsec.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -808,7 +808,8 @@ static bool macsec_post_decrypt(struct sk_buff skb, struct macsec_secy secy, u
		if (pn + 1 > rx_sa->next_pn_halves.lower) {
		rx_sa->next_pn_halves.lower = pn + 1;
		} else if (secy->xpn &&
		!pn_same_half(pn, rx_sa->next_pn_halves.lower)) {
		(pn + 1 == 0 \|\|
		!pn_same_half(pn, rx_sa->next_pn_halves.lower))) {
		rx_sa->next_pn_halves.upper++;
		rx_sa->next_pn_halves.lower = pn + 1;
		}