diff options
| author |   reyk <reyk@openbsd.org> | 2006-12-29 15:45:56 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2006-12-29 15:45:56 +0000 |
| commit | ba51ea6f8b8f41afeb17b2f58325c225d1eeddbc (patch) | |
| tree | 8ae224032386aa82e6dff202182e7d15bda32fd0 | |
| parent | Change the comment for mbg(4) to "radio clocks" here, too. (diff) | |
| download | wireguard-openbsd-ba51ea6f8b8f41afeb17b2f58325c225d1eeddbc.tar.xz wireguard-openbsd-ba51ea6f8b8f41afeb17b2f58325c225d1eeddbc.zip | |
fix the key buffer size used for software wep, this could cause
problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
| -rw-r--r-- | sys/net80211/ieee80211_crypto.c | 15 | ||||
| -rw-r--r-- | sys/net80211/ieee80211_ioctl.c | 6 |
2 files changed, 17 insertions, 4 deletions
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 62a8f5c2a4c..7827e9710ca 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.c,v 1.8 2006/06/18 18:39:41 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto.c,v 1.9 2006/12/29 15:45:56 reyk Exp $ */ /* $NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $ */ /*- @@ -108,7 +108,7 @@ ieee80211_wep_crypt(struct ifnet *ifp, struct mbuf *m0, int txflag) u_int32_t iv, crc; u_int8_t *ivp; void *ctx; - u_int8_t keybuf[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; + u_int8_t keybuf[klen_round(IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE)]; u_int8_t crcbuf[IEEE80211_WEP_CRCLEN]; n0 = NULL; @@ -177,9 +177,18 @@ ieee80211_wep_crypt(struct ifnet *ifp, struct mbuf *m0, int txflag) kid = ivp[IEEE80211_WEP_IVLEN] >> 6; moff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; } + + /* + * Copy the IV and the key material. The input key has been padded + * with zeros by the ioctl. The output key buffer length is rounded + * to a multiple of 64bit to allow variable length keys padded by + * zeros. + */ + bzero(&keybuf, sizeof(keybuf)); memcpy(keybuf, ivp, IEEE80211_WEP_IVLEN); + memcpy(keybuf + IEEE80211_WEP_IVLEN, ic->ic_nw_keys[kid].wk_key, + ic->ic_nw_keys[kid].wk_len); len = klen_round(IEEE80211_WEP_IVLEN + ic->ic_nw_keys[kid].wk_len); - memcpy(keybuf + IEEE80211_WEP_IVLEN, ic->ic_nw_keys[kid].wk_key, len); arc4_setkey(ctx, keybuf, len); /* encrypt with calculating CRC */ diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index 4f23fffd4e6..cbd96d7033e 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_ioctl.c,v 1.15 2006/06/27 20:55:51 reyk Exp $ */ +/* $OpenBSD: ieee80211_ioctl.c,v 1.16 2006/12/29 15:45:56 reyk Exp $ */ /* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */ /*- @@ -208,6 +208,10 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) memset(keys, 0, sizeof(keys)); for (i = 0; i < IEEE80211_WEP_NKID; i++) { keys[i].wk_len = nwkey->i_key[i].i_keylen; + /* + * Limit the maximal allowed key size to + * IEEE80211_KEYBUF_SIZE bytes. + */ if (keys[i].wk_len > sizeof(keys[i].wk_key)) { error = EINVAL; break; |