diff options
| author |   bluhm <bluhm@openbsd.org> | 2019-11-07 12:56:34 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2019-11-07 12:56:34 +0000 |
| commit | 378a30c41de2c25190fc22bf96771004278742a0 (patch) | |
| tree | 28dd3228a359881490adf9236236ee53150e6dfc | |
| parent | Enable DNSSEC validation in unbound by default (diff) | |
| download | wireguard-openbsd-378a30c41de2c25190fc22bf96771004278742a0.tar.xz wireguard-openbsd-378a30c41de2c25190fc22bf96771004278742a0.zip | |
Showing kernel WEP keys to userland has been disabled in generic
ieee80211 ioctl(2) implementation. Do the same for the driver
specific code of ac(4) and wi(4) wireless network devices.
OK mpi@
| -rw-r--r-- | sys/dev/ic/an.c | 22 | ||||
| -rw-r--r-- | sys/dev/ic/if_wi.c | 20 |
2 files changed, 9 insertions, 33 deletions
diff --git a/sys/dev/ic/an.c b/sys/dev/ic/an.c index 54da66085ad..421e5749ae5 100644 --- a/sys/dev/ic/an.c +++ b/sys/dev/ic/an.c @@ -1,4 +1,4 @@ -/* $OpenBSD: an.c,v 1.74 2019/11/07 11:55:02 bluhm Exp $ */ +/* $OpenBSD: an.c,v 1.75 2019/11/07 12:56:34 bluhm Exp $ */ /* $NetBSD: an.c,v 1.34 2005/06/20 02:49:18 atatat Exp $ */ /* * Copyright (c) 1997, 1998, 1999 @@ -1517,9 +1517,8 @@ an_set_nwkey_wep(struct an_softc *sc, struct ieee80211_nwkey *nwkey) int an_get_nwkey(struct an_softc *sc, struct ieee80211_nwkey *nwkey) { - int i, error; + int i; - error = 0; if (sc->sc_config.an_authtype & AN_AUTHTYPE_LEAP) nwkey->i_wepon = IEEE80211_NWKEY_EAP; else if (sc->sc_config.an_authtype & AN_AUTHTYPE_PRIVACY_IN_USE) @@ -1535,21 +1534,10 @@ an_get_nwkey(struct an_softc *sc, struct ieee80211_nwkey *nwkey) for (i = 0; i < IEEE80211_WEP_NKID; i++) { if (nwkey->i_key[i].i_keydat == NULL) continue; - /* do not show any keys to non-root user */ - if ((error = suser(curproc)) != 0) - break; - nwkey->i_key[i].i_keylen = sc->sc_wepkeys[i].an_wep_keylen; - if (nwkey->i_key[i].i_keylen < 0) { - if (sc->sc_perskeylen[i] == 0) - nwkey->i_key[i].i_keylen = 0; - continue; - } - if ((error = copyout(sc->sc_wepkeys[i].an_wep_key, - nwkey->i_key[i].i_keydat, - sc->sc_wepkeys[i].an_wep_keylen)) != 0) - break; + /* do not show any keys to userland */ + return EPERM; } - return error; + return 0; } int diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c index 6b8eb776371..a7568c56b22 100644 --- a/sys/dev/ic/if_wi.c +++ b/sys/dev/ic/if_wi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wi.c,v 1.169 2019/05/12 18:12:38 stsp Exp $ */ +/* $OpenBSD: if_wi.c,v 1.170 2019/11/07 12:56:34 bluhm Exp $ */ /* * Copyright (c) 1997, 1998, 1999 @@ -2906,30 +2906,18 @@ wi_set_nwkey(struct wi_softc *sc, struct ieee80211_nwkey *nwkey) STATIC int wi_get_nwkey(struct wi_softc *sc, struct ieee80211_nwkey *nwkey) { - int i, len, error; - struct wi_ltv_keys *wk = &sc->wi_keys; + int i; if (!(sc->wi_flags & WI_FLAGS_HAS_WEP)) return ENODEV; nwkey->i_wepon = sc->wi_use_wep; nwkey->i_defkid = sc->wi_tx_key + 1; - /* do not show any keys to non-root user */ - error = suser(curproc); for (i = 0; i < IEEE80211_WEP_NKID; i++) { if (nwkey->i_key[i].i_keydat == NULL) continue; - /* error holds results of suser() for the first time */ - if (error) - return error; - len = letoh16(wk->wi_keys[i].wi_keylen); - if (nwkey->i_key[i].i_keylen < len) - return ENOSPC; - nwkey->i_key[i].i_keylen = len; - error = copyout(wk->wi_keys[i].wi_keydat, - nwkey->i_key[i].i_keydat, len); - if (error) - return error; + /* do not show any keys to userland */ + return EPERM; } return 0; } |