aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-05-15 05:38:32 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-05-20 14:46:25 -0400
commit9f26a952210e44691f784b77bf1f83a500d63f58 (patch)
treea11a5ab475cc8cfa61362e57b6b6c4e018d21996 /net
parentcc65965cbb24d2ca2bb70f26cac9d7243349e7e3 (diff)
nl80211: Validate NL80211_ATTR_KEY_SEQ length
Validate RSC (NL80211_ATTR_KEY_SEQ) length in nl80211/cfg80211 instead of having to do this in all the drivers. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/key.c6
-rw-r--r--net/wireless/nl80211.c1
-rw-r--r--net/wireless/util.c15
3 files changed, 19 insertions, 3 deletions
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 827ea8e6ee0a..ce267565e180 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -320,7 +320,7 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
320 case ALG_TKIP: 320 case ALG_TKIP:
321 key->conf.iv_len = TKIP_IV_LEN; 321 key->conf.iv_len = TKIP_IV_LEN;
322 key->conf.icv_len = TKIP_ICV_LEN; 322 key->conf.icv_len = TKIP_ICV_LEN;
323 if (seq && seq_len == 6) { 323 if (seq) {
324 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) { 324 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
325 key->u.tkip.rx[i].iv32 = 325 key->u.tkip.rx[i].iv32 =
326 get_unaligned_le32(&seq[2]); 326 get_unaligned_le32(&seq[2]);
@@ -332,7 +332,7 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
332 case ALG_CCMP: 332 case ALG_CCMP:
333 key->conf.iv_len = CCMP_HDR_LEN; 333 key->conf.iv_len = CCMP_HDR_LEN;
334 key->conf.icv_len = CCMP_MIC_LEN; 334 key->conf.icv_len = CCMP_MIC_LEN;
335 if (seq && seq_len == CCMP_PN_LEN) { 335 if (seq) {
336 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 336 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
337 for (j = 0; j < CCMP_PN_LEN; j++) 337 for (j = 0; j < CCMP_PN_LEN; j++)
338 key->u.ccmp.rx_pn[i][j] = 338 key->u.ccmp.rx_pn[i][j] =
@@ -342,7 +342,7 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
342 case ALG_AES_CMAC: 342 case ALG_AES_CMAC:
343 key->conf.iv_len = 0; 343 key->conf.iv_len = 0;
344 key->conf.icv_len = sizeof(struct ieee80211_mmie); 344 key->conf.icv_len = sizeof(struct ieee80211_mmie);
345 if (seq && seq_len == 6) 345 if (seq)
346 for (j = 0; j < 6; j++) 346 for (j = 0; j < 6; j++)
347 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1]; 347 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
348 break; 348 break;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 0e22b5f5880f..1cf57f53a283 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -77,6 +77,7 @@ static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
77 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 77 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
78 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 78 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
79 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 79 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
80 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
80 81
81 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 82 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
82 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 83 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
diff --git a/net/wireless/util.c b/net/wireless/util.c
index beb226e78cd7..b94c8604ad7c 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -181,5 +181,20 @@ int cfg80211_validate_key_settings(struct key_params *params, int key_idx,
181 return -EINVAL; 181 return -EINVAL;
182 } 182 }
183 183
184 if (params->seq) {
185 switch (params->cipher) {
186 case WLAN_CIPHER_SUITE_WEP40:
187 case WLAN_CIPHER_SUITE_WEP104:
188 /* These ciphers do not use key sequence */
189 return -EINVAL;
190 case WLAN_CIPHER_SUITE_TKIP:
191 case WLAN_CIPHER_SUITE_CCMP:
192 case WLAN_CIPHER_SUITE_AES_CMAC:
193 if (params->seq_len != 6)
194 return -EINVAL;
195 break;
196 }
197 }
198
184 return 0; 199 return 0;
185} 200}