summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2016-09-13 16:37:40 +0200
committerJohannes Berg <johannes.berg@intel.com>2016-09-13 20:20:53 +0200
commite9c8f8d3a4d54106a30f2b981b53d658c9bc0c8e (patch)
tree0df9a19b7ed74f0bd7a4fd3d1386d7fdeab184b1
parent9381e267b69acfea96c8429dc99da3e78835cef1 (diff)
cfg80211: validate key index better
Don't accept it if a key_idx < 0 snuck through, reject WEP keys with key index 4 and 5 (which are used for IGTKs) and don't allow IGTKs with key indices other than 4 and 5. This makes the key data match expectations better. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r--net/wireless/util.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 0675f513e7b9..12e2d3fae843 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -218,7 +218,7 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
struct key_params *params, int key_idx,
bool pairwise, const u8 *mac_addr)
{
- if (key_idx > 5)
+ if (key_idx < 0 || key_idx > 5)
return -EINVAL;
if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
@@ -249,7 +249,13 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
/* Disallow BIP (group-only) cipher as pairwise cipher */
if (pairwise)
return -EINVAL;
+ if (key_idx < 4)
+ return -EINVAL;
break;
+ case WLAN_CIPHER_SUITE_WEP40:
+ case WLAN_CIPHER_SUITE_WEP104:
+ if (key_idx > 3)
+ return -EINVAL;
default:
break;
}