Commit 7ef2743d authored by Jes Sorensen's avatar Jes Sorensen Committed by Greg Kroah-Hartman

staging: rtl8723au: Validate keys in cfg80211_rtw_add_key()

We validate the parameters in cfg80211_rtw_add_key() so no need to do
it all again in rtw_cfg80211_{ap_}set_encryption()
Signed-off-by: default avatarJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3e71669a
...@@ -512,23 +512,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, ...@@ -512,23 +512,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index,
DBG_8723A("%s\n", __func__); DBG_8723A("%s\n", __func__);
if (is_broadcast_ether_addr(sta_addr)) { if (!is_broadcast_ether_addr(sta_addr)) {
if (key_index >= WEP_KEYS) {
ret = -EINVAL;
goto exit;
}
switch (keyparms->cipher) {
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
case WLAN_CIPHER_SUITE_TKIP:
case WLAN_CIPHER_SUITE_CCMP:
break;
default:
ret = -EINVAL;
goto exit;
}
} else {
psta = rtw_get_stainfo23a(pstapriv, sta_addr); psta = rtw_get_stainfo23a(pstapriv, sta_addr);
if (!psta) { if (!psta) {
/* ret = -EINVAL; */ /* ret = -EINVAL; */
...@@ -547,15 +531,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, ...@@ -547,15 +531,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index,
DBG_8723A("r871x_set_encryption, wep_key_idx =%d, len =%d\n", DBG_8723A("r871x_set_encryption, wep_key_idx =%d, len =%d\n",
key_index, key_len); key_index, key_len);
if (key_index >= WEP_KEYS || key_len <= 0) {
ret = -EINVAL;
goto exit;
}
if (key_len > 0) {
key_len = key_len <= 5 ? 5 : 13;
}
if (psecuritypriv->bWepDefaultKeyIdxSet == 0) { if (psecuritypriv->bWepDefaultKeyIdxSet == 0) {
/* wep default key has not been set, so use /* wep default key has not been set, so use
this key index as default key. */ this key index as default key. */
...@@ -586,8 +561,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, ...@@ -586,8 +561,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index,
memcpy(psecuritypriv-> memcpy(psecuritypriv->
dot118021XGrpKey[key_index].skey, dot118021XGrpKey[key_index].skey,
keyparms->key, keyparms->key, key_len);
(key_len > 16 ? 16 : key_len));
psecuritypriv->dot118021XGrpPrivacy = psecuritypriv->dot118021XGrpPrivacy =
keyparms->cipher; keyparms->cipher;
...@@ -628,8 +602,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, ...@@ -628,8 +602,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index,
DBG_8723A("%s, set group_key, none\n", DBG_8723A("%s, set group_key, none\n",
__func__); __func__);
psecuritypriv->dot118021XGrpPrivacy = psecuritypriv->dot118021XGrpPrivacy = 0;
0;
} }
psecuritypriv->dot118021XGrpKeyid = key_index; psecuritypriv->dot118021XGrpKeyid = key_index;
...@@ -709,8 +682,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, ...@@ -709,8 +682,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index,
keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) { keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) {
memcpy(psecuritypriv-> memcpy(psecuritypriv->
dot118021XGrpKey[key_index].skey, dot118021XGrpKey[key_index].skey,
keyparms->key, keyparms->key, key_len);
(key_len > 16 ? 16 : key_len));
psecuritypriv->dot118021XGrpPrivacy = psecuritypriv->dot118021XGrpPrivacy =
keyparms->cipher; keyparms->cipher;
...@@ -732,7 +704,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, ...@@ -732,7 +704,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index,
&keyparms->key[24], 8); &keyparms->key[24], 8);
psecuritypriv->busetkipkey = 1; psecuritypriv->busetkipkey = 1;
} else if (keyparms->cipher == WLAN_CIPHER_SUITE_CCMP) { } else if (keyparms->cipher == WLAN_CIPHER_SUITE_CCMP) {
psecuritypriv->dot118021XGrpPrivacy = psecuritypriv->dot118021XGrpPrivacy =
WLAN_CIPHER_SUITE_CCMP; WLAN_CIPHER_SUITE_CCMP;
...@@ -787,42 +758,20 @@ static int rtw_cfg80211_set_encryption(struct net_device *dev, u8 key_index, ...@@ -787,42 +758,20 @@ static int rtw_cfg80211_set_encryption(struct net_device *dev, u8 key_index,
key_len = keyparms->key_len; key_len = keyparms->key_len;
if (is_broadcast_ether_addr(sta_addr)) {
if (key_index >= WEP_KEYS) {
ret = -EINVAL;
goto exit;
}
} else {
ret = -EINVAL;
goto exit;
}
if (keyparms->cipher == WLAN_CIPHER_SUITE_WEP40 || if (keyparms->cipher == WLAN_CIPHER_SUITE_WEP40 ||
keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) { keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) {
RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_err_, RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_err_,
("wpa_set_encryption, crypt.alg = WEP\n")); ("wpa_set_encryption, crypt.alg = WEP\n"));
DBG_8723A("wpa_set_encryption, crypt.alg = WEP\n"); DBG_8723A("wpa_set_encryption, crypt.alg = WEP\n");
if (key_index > WEP_KEYS || key_len <= 0) {
ret = -EINVAL;
goto exit;
}
if (psecuritypriv->bWepDefaultKeyIdxSet == 0) { if (psecuritypriv->bWepDefaultKeyIdxSet == 0) {
/* wep default key has not been set, so use this /* wep default key has not been set, so use this
key index as default key. */ key index as default key. */
key_len = key_len <= 5 ? 5 : 13;
psecuritypriv->ndisencryptstatus = psecuritypriv->ndisencryptstatus =
Ndis802_11Encryption1Enabled; Ndis802_11Encryption1Enabled;
psecuritypriv->dot11PrivacyAlgrthm = WLAN_CIPHER_SUITE_WEP40; psecuritypriv->dot11PrivacyAlgrthm = keyparms->cipher;
psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_WEP40; psecuritypriv->dot118021XGrpPrivacy = keyparms->cipher;
if (key_len == 13) {
psecuritypriv->dot11PrivacyAlgrthm = WLAN_CIPHER_SUITE_WEP104;
psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_WEP104;
}
psecuritypriv->dot11PrivacyKeyIndex = key_index; psecuritypriv->dot11PrivacyKeyIndex = key_index;
} }
...@@ -967,7 +916,15 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev, ...@@ -967,7 +916,15 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev,
switch (params->cipher) { switch (params->cipher) {
case IW_AUTH_CIPHER_NONE: case IW_AUTH_CIPHER_NONE:
case WLAN_CIPHER_SUITE_WEP40: case WLAN_CIPHER_SUITE_WEP40:
if (params->key_len != WLAN_KEY_LEN_WEP40) {
ret = -EINVAL;
goto exit;
}
case WLAN_CIPHER_SUITE_WEP104: case WLAN_CIPHER_SUITE_WEP104:
if (params->key_len != WLAN_KEY_LEN_WEP104) {
ret = -EINVAL;
goto exit;
}
case WLAN_CIPHER_SUITE_TKIP: case WLAN_CIPHER_SUITE_TKIP:
case WLAN_CIPHER_SUITE_CCMP: case WLAN_CIPHER_SUITE_CCMP:
break; break;
...@@ -976,6 +933,11 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev, ...@@ -976,6 +933,11 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev,
goto exit; goto exit;
} }
if (key_index >= WEP_KEYS || params->key_len < 0) {
ret = -EINVAL;
goto exit;
}
eth_broadcast_addr(sta_addr); eth_broadcast_addr(sta_addr);
if (!mac_addr || is_broadcast_ether_addr(mac_addr)) if (!mac_addr || is_broadcast_ether_addr(mac_addr))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment