aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless/nl80211.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-03-20 15:21:17 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-03-27 20:13:04 -0400
commit255e737eab645ec6037baeca04a5e0a7c3b1f459 (patch)
treed178103256dcd352addf7e646b89e128e7be1cf9 /net/wireless/nl80211.c
parent65fc73ac4a310945dfeceac961726c2765ad2ec0 (diff)
nl80211: Add more through validation of MLME command parameters
Check that the used authentication type and reason code are valid here so that drivers/mac80211 do not need to care about this. In addition, remove the unnecessary validation of SSID attribute length which is taken care of by netlink policy. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless/nl80211.c')
-rw-r--r--net/wireless/nl80211.c32
1 files changed, 26 insertions, 6 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 44c79972be57..6f38ee7a3c92 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2614,6 +2614,14 @@ static int nl80211_dump_scan(struct sk_buff *skb,
2614 return err; 2614 return err;
2615} 2615}
2616 2616
2617static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
2618{
2619 return auth_type == NL80211_AUTHTYPE_OPEN_SYSTEM ||
2620 auth_type == NL80211_AUTHTYPE_SHARED_KEY ||
2621 auth_type == NL80211_AUTHTYPE_FT ||
2622 auth_type == NL80211_AUTHTYPE_NETWORK_EAP;
2623}
2624
2617static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 2625static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
2618{ 2626{
2619 struct cfg80211_registered_device *drv; 2627 struct cfg80211_registered_device *drv;
@@ -2666,6 +2674,10 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
2666 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2674 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2667 req.auth_type = 2675 req.auth_type =
2668 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 2676 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
2677 if (!nl80211_valid_auth_type(req.auth_type)) {
2678 err = -EINVAL;
2679 goto out;
2680 }
2669 } 2681 }
2670 2682
2671 err = drv->ops->auth(&drv->wiphy, dev, &req); 2683 err = drv->ops->auth(&drv->wiphy, dev, &req);
@@ -2718,10 +2730,6 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
2718 } 2730 }
2719 } 2731 }
2720 2732
2721 if (nla_len(info->attrs[NL80211_ATTR_SSID]) > IEEE80211_MAX_SSID_LEN) {
2722 err = -EINVAL;
2723 goto out;
2724 }
2725 req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2733 req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2726 req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 2734 req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
2727 2735
@@ -2769,9 +2777,15 @@ static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
2769 2777
2770 req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2778 req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2771 2779
2772 if (info->attrs[NL80211_ATTR_REASON_CODE]) 2780 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
2773 req.reason_code = 2781 req.reason_code =
2774 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 2782 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
2783 if (req.reason_code == 0) {
2784 /* Reason Code 0 is reserved */
2785 err = -EINVAL;
2786 goto out;
2787 }
2788 }
2775 2789
2776 if (info->attrs[NL80211_ATTR_IE]) { 2790 if (info->attrs[NL80211_ATTR_IE]) {
2777 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 2791 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
@@ -2817,9 +2831,15 @@ static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
2817 2831
2818 req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2832 req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2819 2833
2820 if (info->attrs[NL80211_ATTR_REASON_CODE]) 2834 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
2821 req.reason_code = 2835 req.reason_code =
2822 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 2836 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
2837 if (req.reason_code == 0) {
2838 /* Reason Code 0 is reserved */
2839 err = -EINVAL;
2840 goto out;
2841 }
2842 }
2823 2843
2824 if (info->attrs[NL80211_ATTR_IE]) { 2844 if (info->attrs[NL80211_ATTR_IE]) {
2825 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 2845 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);