diff options
| author | Jouni Malinen <jouni@qca.qualcomm.com> | 2011-11-02 17:45:55 -0400 |
|---|---|---|
| committer | Kalle Valo <kvalo@qca.qualcomm.com> | 2011-11-11 05:59:59 -0500 |
| commit | f4bb9a6fbc1f49058fc9eb6dcb4a3022d99013b4 (patch) | |
| tree | 45deb6e360d87d793f77701aec84fc0f8aa6515d | |
| parent | 1ddc3377e1f43b0bd62c7042cb2032824ebfb663 (diff) | |
ath6kl: Fix key configuration to copy at most seq_len from seq
There is no guarantee on the caller using 8-octet buffer for
key->seq, so better follow the key->seq_len parameter on figuring
out how many octets to copy.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
| -rw-r--r-- | drivers/net/wireless/ath/ath6kl/cfg80211.c | 8 | ||||
| -rw-r--r-- | drivers/net/wireless/ath/ath6kl/main.c | 5 | ||||
| -rw-r--r-- | drivers/net/wireless/ath/ath6kl/wmi.c | 7 | ||||
| -rw-r--r-- | drivers/net/wireless/ath/ath6kl/wmi.h | 3 |
4 files changed, 14 insertions, 9 deletions
diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c index 4a880b4dda5b..d7e0a8c75001 100644 --- a/drivers/net/wireless/ath/ath6kl/cfg80211.c +++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c | |||
| @@ -500,7 +500,7 @@ static int ath6kl_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev, | |||
| 500 | vif->prwise_crypto, | 500 | vif->prwise_crypto, |
| 501 | GROUP_USAGE | TX_USAGE, | 501 | GROUP_USAGE | TX_USAGE, |
| 502 | key->key_len, | 502 | key->key_len, |
| 503 | NULL, | 503 | NULL, 0, |
| 504 | key->key, KEY_OP_INIT_VAL, NULL, | 504 | key->key, KEY_OP_INIT_VAL, NULL, |
| 505 | NO_SYNC_WMIFLAG); | 505 | NO_SYNC_WMIFLAG); |
| 506 | } | 506 | } |
| @@ -1014,7 +1014,8 @@ static int ath6kl_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev, | |||
| 1014 | status = ath6kl_wmi_addkey_cmd(ar->wmi, vif->fw_vif_idx, | 1014 | status = ath6kl_wmi_addkey_cmd(ar->wmi, vif->fw_vif_idx, |
| 1015 | vif->def_txkey_index, | 1015 | vif->def_txkey_index, |
| 1016 | key_type, key_usage, key->key_len, | 1016 | key_type, key_usage, key->key_len, |
| 1017 | key->seq, key->key, KEY_OP_INIT_VAL, | 1017 | key->seq, key->seq_len, key->key, |
| 1018 | KEY_OP_INIT_VAL, | ||
| 1018 | (u8 *) mac_addr, SYNC_BOTH_WMIFLAG); | 1019 | (u8 *) mac_addr, SYNC_BOTH_WMIFLAG); |
| 1019 | 1020 | ||
| 1020 | if (status) | 1021 | if (status) |
| @@ -1134,7 +1135,8 @@ static int ath6kl_cfg80211_set_default_key(struct wiphy *wiphy, | |||
| 1134 | status = ath6kl_wmi_addkey_cmd(ar->wmi, vif->fw_vif_idx, | 1135 | status = ath6kl_wmi_addkey_cmd(ar->wmi, vif->fw_vif_idx, |
| 1135 | vif->def_txkey_index, | 1136 | vif->def_txkey_index, |
| 1136 | key_type, key_usage, | 1137 | key_type, key_usage, |
| 1137 | key->key_len, key->seq, key->key, | 1138 | key->key_len, key->seq, key->seq_len, |
| 1139 | key->key, | ||
| 1138 | KEY_OP_INIT_VAL, NULL, | 1140 | KEY_OP_INIT_VAL, NULL, |
| 1139 | SYNC_BOTH_WMIFLAG); | 1141 | SYNC_BOTH_WMIFLAG); |
| 1140 | if (status) | 1142 | if (status) |
diff --git a/drivers/net/wireless/ath/ath6kl/main.c b/drivers/net/wireless/ath/ath6kl/main.c index 021b2f65d541..5e5f4ca8f3f0 100644 --- a/drivers/net/wireless/ath/ath6kl/main.c +++ b/drivers/net/wireless/ath/ath6kl/main.c | |||
| @@ -442,7 +442,7 @@ static void ath6kl_install_static_wep_keys(struct ath6kl_vif *vif) | |||
| 442 | WEP_CRYPT, | 442 | WEP_CRYPT, |
| 443 | keyusage, | 443 | keyusage, |
| 444 | vif->wep_key_list[index].key_len, | 444 | vif->wep_key_list[index].key_len, |
| 445 | NULL, | 445 | NULL, 0, |
| 446 | vif->wep_key_list[index].key, | 446 | vif->wep_key_list[index].key, |
| 447 | KEY_OP_INIT_VAL, NULL, | 447 | KEY_OP_INIT_VAL, NULL, |
| 448 | NO_SYNC_WMIFLAG); | 448 | NO_SYNC_WMIFLAG); |
| @@ -477,7 +477,8 @@ void ath6kl_connect_ap_mode_bss(struct ath6kl_vif *vif, u16 channel) | |||
| 477 | memset(key_rsc, 0, sizeof(key_rsc)); | 477 | memset(key_rsc, 0, sizeof(key_rsc)); |
| 478 | res = ath6kl_wmi_addkey_cmd( | 478 | res = ath6kl_wmi_addkey_cmd( |
| 479 | ar->wmi, vif->fw_vif_idx, ik->key_index, ik->key_type, | 479 | ar->wmi, vif->fw_vif_idx, ik->key_index, ik->key_type, |
| 480 | GROUP_USAGE, ik->key_len, key_rsc, ik->key, | 480 | GROUP_USAGE, ik->key_len, key_rsc, ATH6KL_KEY_SEQ_LEN, |
| 481 | ik->key, | ||
| 481 | KEY_OP_INIT_VAL, NULL, SYNC_BOTH_WMIFLAG); | 482 | KEY_OP_INIT_VAL, NULL, SYNC_BOTH_WMIFLAG); |
| 482 | if (res) { | 483 | if (res) { |
| 483 | ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "Delayed " | 484 | ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "Delayed " |
diff --git a/drivers/net/wireless/ath/ath6kl/wmi.c b/drivers/net/wireless/ath/ath6kl/wmi.c index ece67a5c37b3..612326d96070 100644 --- a/drivers/net/wireless/ath/ath6kl/wmi.c +++ b/drivers/net/wireless/ath/ath6kl/wmi.c | |||
| @@ -2000,7 +2000,8 @@ int ath6kl_wmi_disctimeout_cmd(struct wmi *wmi, u8 if_idx, u8 timeout) | |||
| 2000 | int ath6kl_wmi_addkey_cmd(struct wmi *wmi, u8 if_idx, u8 key_index, | 2000 | int ath6kl_wmi_addkey_cmd(struct wmi *wmi, u8 if_idx, u8 key_index, |
| 2001 | enum crypto_type key_type, | 2001 | enum crypto_type key_type, |
| 2002 | u8 key_usage, u8 key_len, | 2002 | u8 key_usage, u8 key_len, |
| 2003 | u8 *key_rsc, u8 *key_material, | 2003 | u8 *key_rsc, unsigned int key_rsc_len, |
| 2004 | u8 *key_material, | ||
| 2004 | u8 key_op_ctrl, u8 *mac_addr, | 2005 | u8 key_op_ctrl, u8 *mac_addr, |
| 2005 | enum wmi_sync_flag sync_flag) | 2006 | enum wmi_sync_flag sync_flag) |
| 2006 | { | 2007 | { |
| @@ -2013,7 +2014,7 @@ int ath6kl_wmi_addkey_cmd(struct wmi *wmi, u8 if_idx, u8 key_index, | |||
| 2013 | key_index, key_type, key_usage, key_len, key_op_ctrl); | 2014 | key_index, key_type, key_usage, key_len, key_op_ctrl); |
| 2014 | 2015 | ||
| 2015 | if ((key_index > WMI_MAX_KEY_INDEX) || (key_len > WMI_MAX_KEY_LEN) || | 2016 | if ((key_index > WMI_MAX_KEY_INDEX) || (key_len > WMI_MAX_KEY_LEN) || |
| 2016 | (key_material == NULL)) | 2017 | (key_material == NULL) || key_rsc_len > 8) |
| 2017 | return -EINVAL; | 2018 | return -EINVAL; |
| 2018 | 2019 | ||
| 2019 | if ((WEP_CRYPT != key_type) && (NULL == key_rsc)) | 2020 | if ((WEP_CRYPT != key_type) && (NULL == key_rsc)) |
| @@ -2031,7 +2032,7 @@ int ath6kl_wmi_addkey_cmd(struct wmi *wmi, u8 if_idx, u8 key_index, | |||
| 2031 | memcpy(cmd->key, key_material, key_len); | 2032 | memcpy(cmd->key, key_material, key_len); |
| 2032 | 2033 | ||
| 2033 | if (key_rsc != NULL) | 2034 | if (key_rsc != NULL) |
| 2034 | memcpy(cmd->key_rsc, key_rsc, sizeof(cmd->key_rsc)); | 2035 | memcpy(cmd->key_rsc, key_rsc, key_rsc_len); |
| 2035 | 2036 | ||
| 2036 | cmd->key_op_ctrl = key_op_ctrl; | 2037 | cmd->key_op_ctrl = key_op_ctrl; |
| 2037 | 2038 | ||
diff --git a/drivers/net/wireless/ath/ath6kl/wmi.h b/drivers/net/wireless/ath/ath6kl/wmi.h index c626c1e67eea..1d458f05ace0 100644 --- a/drivers/net/wireless/ath/ath6kl/wmi.h +++ b/drivers/net/wireless/ath/ath6kl/wmi.h | |||
| @@ -2253,7 +2253,8 @@ int ath6kl_wmi_get_stats_cmd(struct wmi *wmi, u8 if_idx); | |||
| 2253 | int ath6kl_wmi_addkey_cmd(struct wmi *wmi, u8 if_idx, u8 key_index, | 2253 | int ath6kl_wmi_addkey_cmd(struct wmi *wmi, u8 if_idx, u8 key_index, |
| 2254 | enum crypto_type key_type, | 2254 | enum crypto_type key_type, |
| 2255 | u8 key_usage, u8 key_len, | 2255 | u8 key_usage, u8 key_len, |
| 2256 | u8 *key_rsc, u8 *key_material, | 2256 | u8 *key_rsc, unsigned int key_rsc_len, |
| 2257 | u8 *key_material, | ||
| 2257 | u8 key_op_ctrl, u8 *mac_addr, | 2258 | u8 key_op_ctrl, u8 *mac_addr, |
| 2258 | enum wmi_sync_flag sync_flag); | 2259 | enum wmi_sync_flag sync_flag); |
| 2259 | int ath6kl_wmi_add_krk_cmd(struct wmi *wmi, u8 if_idx, u8 *krk); | 2260 | int ath6kl_wmi_add_krk_cmd(struct wmi *wmi, u8 if_idx, u8 *krk); |