diff options
author | Jouni Malinen <jouni.malinen@atheros.com> | 2009-03-20 15:21:17 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-03-27 20:13:04 -0400 |
commit | 255e737eab645ec6037baeca04a5e0a7c3b1f459 (patch) | |
tree | d178103256dcd352addf7e646b89e128e7be1cf9 /net/wireless/nl80211.c | |
parent | 65fc73ac4a310945dfeceac961726c2765ad2ec0 (diff) |
nl80211: Add more through validation of MLME command parameters
Check that the used authentication type and reason code are valid here
so that drivers/mac80211 do not need to care about this. In addition,
remove the unnecessary validation of SSID attribute length which is
taken care of by netlink policy.
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless/nl80211.c')
-rw-r--r-- | net/wireless/nl80211.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 44c79972be57..6f38ee7a3c92 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
@@ -2614,6 +2614,14 @@ static int nl80211_dump_scan(struct sk_buff *skb, | |||
2614 | return err; | 2614 | return err; |
2615 | } | 2615 | } |
2616 | 2616 | ||
2617 | static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) | ||
2618 | { | ||
2619 | return auth_type == NL80211_AUTHTYPE_OPEN_SYSTEM || | ||
2620 | auth_type == NL80211_AUTHTYPE_SHARED_KEY || | ||
2621 | auth_type == NL80211_AUTHTYPE_FT || | ||
2622 | auth_type == NL80211_AUTHTYPE_NETWORK_EAP; | ||
2623 | } | ||
2624 | |||
2617 | static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) | 2625 | static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) |
2618 | { | 2626 | { |
2619 | struct cfg80211_registered_device *drv; | 2627 | struct cfg80211_registered_device *drv; |
@@ -2666,6 +2674,10 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) | |||
2666 | if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { | 2674 | if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { |
2667 | req.auth_type = | 2675 | req.auth_type = |
2668 | nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); | 2676 | nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); |
2677 | if (!nl80211_valid_auth_type(req.auth_type)) { | ||
2678 | err = -EINVAL; | ||
2679 | goto out; | ||
2680 | } | ||
2669 | } | 2681 | } |
2670 | 2682 | ||
2671 | err = drv->ops->auth(&drv->wiphy, dev, &req); | 2683 | err = drv->ops->auth(&drv->wiphy, dev, &req); |
@@ -2718,10 +2730,6 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) | |||
2718 | } | 2730 | } |
2719 | } | 2731 | } |
2720 | 2732 | ||
2721 | if (nla_len(info->attrs[NL80211_ATTR_SSID]) > IEEE80211_MAX_SSID_LEN) { | ||
2722 | err = -EINVAL; | ||
2723 | goto out; | ||
2724 | } | ||
2725 | req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); | 2733 | req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); |
2726 | req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); | 2734 | req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); |
2727 | 2735 | ||
@@ -2769,9 +2777,15 @@ static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) | |||
2769 | 2777 | ||
2770 | req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); | 2778 | req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); |
2771 | 2779 | ||
2772 | if (info->attrs[NL80211_ATTR_REASON_CODE]) | 2780 | if (info->attrs[NL80211_ATTR_REASON_CODE]) { |
2773 | req.reason_code = | 2781 | req.reason_code = |
2774 | nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); | 2782 | nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); |
2783 | if (req.reason_code == 0) { | ||
2784 | /* Reason Code 0 is reserved */ | ||
2785 | err = -EINVAL; | ||
2786 | goto out; | ||
2787 | } | ||
2788 | } | ||
2775 | 2789 | ||
2776 | if (info->attrs[NL80211_ATTR_IE]) { | 2790 | if (info->attrs[NL80211_ATTR_IE]) { |
2777 | req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); | 2791 | req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); |
@@ -2817,9 +2831,15 @@ static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) | |||
2817 | 2831 | ||
2818 | req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); | 2832 | req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); |
2819 | 2833 | ||
2820 | if (info->attrs[NL80211_ATTR_REASON_CODE]) | 2834 | if (info->attrs[NL80211_ATTR_REASON_CODE]) { |
2821 | req.reason_code = | 2835 | req.reason_code = |
2822 | nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); | 2836 | nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); |
2837 | if (req.reason_code == 0) { | ||
2838 | /* Reason Code 0 is reserved */ | ||
2839 | err = -EINVAL; | ||
2840 | goto out; | ||
2841 | } | ||
2842 | } | ||
2823 | 2843 | ||
2824 | if (info->attrs[NL80211_ATTR_IE]) { | 2844 | if (info->attrs[NL80211_ATTR_IE]) { |
2825 | req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); | 2845 | req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); |