diff options
| author |   Johannes Berg <johannes.berg@intel.com> | 2016-09-13 16:37:40 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2016-09-13 20:20:53 +0200 |
| commit | e9c8f8d3a4d54106a30f2b981b53d658c9bc0c8e (patch) | |
| tree | 0df9a19b7ed74f0bd7a4fd3d1386d7fdeab184b1 /net/wireless | |
| parent | cfg80211: wext: only allow WEP keys to be configured before connected (diff) | |
| download | linux-dev-e9c8f8d3a4d54106a30f2b981b53d658c9bc0c8e.tar.xz linux-dev-e9c8f8d3a4d54106a30f2b981b53d658c9bc0c8e.zip | |
cfg80211: validate key index better
Don't accept it if a key_idx < 0 snuck through, reject WEP keys with
key index 4 and 5 (which are used for IGTKs) and don't allow IGTKs
with key indices other than 4 and 5. This makes the key data match
expectations better.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless')
| -rw-r--r-- | net/wireless/util.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/wireless/util.c b/net/wireless/util.c index 0675f513e7b9..12e2d3fae843 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -218,7 +218,7 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, struct key_params *params, int key_idx, bool pairwise, const u8 *mac_addr) { - if (key_idx > 5) + if (key_idx < 0 || key_idx > 5) return -EINVAL; if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) @@ -249,7 +249,13 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, /* Disallow BIP (group-only) cipher as pairwise cipher */ if (pairwise) return -EINVAL; + if (key_idx < 4) + return -EINVAL; break; + case WLAN_CIPHER_SUITE_WEP40: + case WLAN_CIPHER_SUITE_WEP104: + if (key_idx > 3) + return -EINVAL; default: break; } |