Commit ec450483 authored by Glen Lee's avatar Glen Lee Committed by Greg Kroah-Hartman

staging: wilc1000: fix WEP security bug

Station cannot connect to soft AP mode wilc when it is configured for WEP
security. This patch fixes it by setting the key index within the key value and
change the last else condition with DEFAULTKEY action case, and also do not use
WILC_WFI_wep_default index to set wep key id.
Signed-off-by: default avatarGlen Lee <glen.lee@atmel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 70418790
...@@ -1737,14 +1737,7 @@ static int Handle_Key(struct wilc_vif *vif, ...@@ -1737,14 +1737,7 @@ static int Handle_Key(struct wilc_vif *vif,
strWIDList[1].size = sizeof(char); strWIDList[1].size = sizeof(char);
strWIDList[1].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.auth_type; strWIDList[1].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.auth_type;
strWIDList[2].id = (u16)WID_KEY_ID; pu8keybuf = kmalloc(pstrHostIFkeyAttr->attr.wep.key_len + 2,
strWIDList[2].type = WID_CHAR;
strWIDList[2].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index;
strWIDList[2].size = sizeof(char);
pu8keybuf = kmemdup(pstrHostIFkeyAttr->attr.wep.key,
pstrHostIFkeyAttr->attr.wep.key_len,
GFP_KERNEL); GFP_KERNEL);
if (pu8keybuf == NULL) { if (pu8keybuf == NULL) {
...@@ -1752,15 +1745,21 @@ static int Handle_Key(struct wilc_vif *vif, ...@@ -1752,15 +1745,21 @@ static int Handle_Key(struct wilc_vif *vif,
return -ENOMEM; return -ENOMEM;
} }
pu8keybuf[0] = pstrHostIFkeyAttr->attr.wep.index;
pu8keybuf[1] = pstrHostIFkeyAttr->attr.wep.key_len;
memcpy(&pu8keybuf[2], pstrHostIFkeyAttr->attr.wep.key,
pstrHostIFkeyAttr->attr.wep.key_len);
kfree(pstrHostIFkeyAttr->attr.wep.key); kfree(pstrHostIFkeyAttr->attr.wep.key);
strWIDList[3].id = (u16)WID_WEP_KEY_VALUE; strWIDList[2].id = (u16)WID_WEP_KEY_VALUE;
strWIDList[3].type = WID_STR; strWIDList[2].type = WID_STR;
strWIDList[3].size = pstrHostIFkeyAttr->attr.wep.key_len; strWIDList[2].size = pstrHostIFkeyAttr->attr.wep.key_len + 2;
strWIDList[3].val = (s8 *)pu8keybuf; strWIDList[2].val = (s8 *)pu8keybuf;
result = wilc_send_config_pkt(vif->wilc, SET_CFG, result = wilc_send_config_pkt(vif->wilc, SET_CFG,
strWIDList, 4, strWIDList, 3,
wilc_get_vif_idx(vif)); wilc_get_vif_idx(vif));
kfree(pu8keybuf); kfree(pu8keybuf);
} else if (pstrHostIFkeyAttr->action & ADDKEY) { } else if (pstrHostIFkeyAttr->action & ADDKEY) {
...@@ -1797,7 +1796,7 @@ static int Handle_Key(struct wilc_vif *vif, ...@@ -1797,7 +1796,7 @@ static int Handle_Key(struct wilc_vif *vif,
result = wilc_send_config_pkt(vif->wilc, SET_CFG, result = wilc_send_config_pkt(vif->wilc, SET_CFG,
&wid, 1, &wid, 1,
wilc_get_vif_idx(vif)); wilc_get_vif_idx(vif));
} else { } else if (pstrHostIFkeyAttr->action & DEFAULTKEY) {
wid.id = (u16)WID_KEY_ID; wid.id = (u16)WID_KEY_ID;
wid.type = WID_CHAR; wid.type = WID_CHAR;
wid.val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index; wid.val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index;
......
...@@ -761,7 +761,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev, ...@@ -761,7 +761,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev,
return s32Error; return s32Error;
} }
priv->WILC_WFI_wep_default = 0;
memset(priv->WILC_WFI_wep_key, 0, sizeof(priv->WILC_WFI_wep_key)); memset(priv->WILC_WFI_wep_key, 0, sizeof(priv->WILC_WFI_wep_key));
memset(priv->WILC_WFI_wep_key_len, 0, sizeof(priv->WILC_WFI_wep_key_len)); memset(priv->WILC_WFI_wep_key_len, 0, sizeof(priv->WILC_WFI_wep_key_len));
...@@ -788,7 +787,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev, ...@@ -788,7 +787,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev,
for (i = 0; i < sme->key_len; i++) for (i = 0; i < sme->key_len; i++)
PRINT_D(CORECONFIG_DBG, "WEP Key Value[%d] = %d\n", i, sme->key[i]); PRINT_D(CORECONFIG_DBG, "WEP Key Value[%d] = %d\n", i, sme->key[i]);
} }
priv->WILC_WFI_wep_default = sme->key_idx;
priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len; priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len;
memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len); memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len);
...@@ -806,7 +804,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev, ...@@ -806,7 +804,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev,
pcgroup_encrypt_val = "WEP104"; pcgroup_encrypt_val = "WEP104";
pccipher_group = "WLAN_CIPHER_SUITE_WEP104"; pccipher_group = "WLAN_CIPHER_SUITE_WEP104";
priv->WILC_WFI_wep_default = sme->key_idx;
priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len; priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len;
memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len); memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len);
...@@ -986,7 +983,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index, ...@@ -986,7 +983,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index,
case WLAN_CIPHER_SUITE_WEP40: case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104: case WLAN_CIPHER_SUITE_WEP104:
if (priv->wdev->iftype == NL80211_IFTYPE_AP) { if (priv->wdev->iftype == NL80211_IFTYPE_AP) {
priv->WILC_WFI_wep_default = key_index;
priv->WILC_WFI_wep_key_len[key_index] = params->key_len; priv->WILC_WFI_wep_key_len[key_index] = params->key_len;
memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len); memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len);
...@@ -1009,7 +1005,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index, ...@@ -1009,7 +1005,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index,
break; break;
} }
if (memcmp(params->key, priv->WILC_WFI_wep_key[key_index], params->key_len)) { if (memcmp(params->key, priv->WILC_WFI_wep_key[key_index], params->key_len)) {
priv->WILC_WFI_wep_default = key_index;
priv->WILC_WFI_wep_key_len[key_index] = params->key_len; priv->WILC_WFI_wep_key_len[key_index] = params->key_len;
memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len); memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len);
...@@ -1336,9 +1331,7 @@ static int set_default_key(struct wiphy *wiphy, struct net_device *netdev, u8 ke ...@@ -1336,9 +1331,7 @@ static int set_default_key(struct wiphy *wiphy, struct net_device *netdev, u8 ke
PRINT_D(CFG80211_DBG, "Setting default key with idx = %d\n", key_index); PRINT_D(CFG80211_DBG, "Setting default key with idx = %d\n", key_index);
if (key_index != priv->WILC_WFI_wep_default) {
wilc_set_wep_default_keyid(vif, key_index); wilc_set_wep_default_keyid(vif, key_index);
}
return 0; return 0;
} }
......
...@@ -124,7 +124,6 @@ struct wilc_priv { ...@@ -124,7 +124,6 @@ struct wilc_priv {
struct host_if_drv *hWILCWFIDrv; struct host_if_drv *hWILCWFIDrv;
struct host_if_pmkid_attr pmkid_list; struct host_if_pmkid_attr pmkid_list;
struct WILC_WFI_stats netstats; struct WILC_WFI_stats netstats;
u8 WILC_WFI_wep_default;
u8 WILC_WFI_wep_key[4][WLAN_KEY_LEN_WEP104]; u8 WILC_WFI_wep_key[4][WLAN_KEY_LEN_WEP104];
u8 WILC_WFI_wep_key_len[4]; u8 WILC_WFI_wep_key_len[4];
/* The real interface that the monitor is on */ /* The real interface that the monitor is on */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment