prima: Verify pmk len in construct RSn IE API (b654f708) · Commits · e / devices / android_kernel_fairphone_FP3

CORE/HDD/src/wlan_hdd_assoc.c

+2 −1

Original line number	Diff line number	Diff line
		/*
		* Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
		* Copyright (c) 2012-2020 The Linux Foundation. All rights reserved.
		*
		* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
		*
		@@ -4649,6 +4649,7 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter,
		flag to 0 */
		memset( &dot11WPAIE, 0 , sizeof(tDot11fIEWPA) );
		memset( &dot11RSNIE, 0 , sizeof(tDot11fIERSN) );
		memset( PMKIDCache, 0 , sizeof(tPmkidCacheInfo) * 4);

		// Type check
		if ( gen_ie[0] == DOT11F_EID_RSN)

CORE/SME/src/csr/csrApiRoam.c

+5 −4

Original line number	Diff line number	Diff line
		/*
		* Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
		* Copyright (c) 2012-2020 The Linux Foundation. All rights reserved.
		*
		* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
		*
		@@ -12899,11 +12899,12 @@ static void csr_update_pmk_cache(tCsrRoamSession *pSession,
		pSession->PmkidCacheInfo[cache_idx].PMKID,
		pmksa->PMKID, CSR_RSN_PMKID_SIZE);

		if (pmksa->pmk_len)
		pSession->PmkidCacheInfo[cache_idx].pmk_len = 0;
		if (pmksa->pmk_len && pmksa->pmk_len <= CSR_RSN_MAX_PMK_LEN) {
		vos_mem_copy(pSession->PmkidCacheInfo[cache_idx].pmk,
		pmksa->pmk, pmksa->pmk_len);

		pSession->PmkidCacheInfo[cache_idx].pmk_len = pmksa->pmk_len;
		}

		/* Increment the CSR local cache index */
		if (cache_idx < (CSR_MAX_PMKID_ALLOWED - 1))

CORE/SME/src/csr/csrUtil.c

+9 −44

Original line number	Diff line number	Diff line
		/*
		* Copyright (c) 2011-2017, 2019 The Linux Foundation. All rights reserved.
		* Copyright (c) 2011-2017, 2019-2020 The Linux Foundation. All rights reserved.
		*
		* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
		*
		@@ -4095,39 +4095,6 @@ tANI_BOOLEAN csrIsRSNMatch( tHalHandle hHal, tCsrAuthList *pAuthType,
		return( fRSNMatch );
		}

		/**
		* csr_lookup_pmkid_using_ssid() - lookup pmkid using ssid and cache_id
		* @mac: pointer to mac
		* @session: sme session pointer
		* @pmk_cache: pointer to pmk cache
		* @index: index value needs to be seached
		*
		* Return: true if pmkid is found else false
		*/
		static bool csr_lookup_pmkid_using_ssid(tpAniSirGlobal mac,
		tCsrRoamSession *session,
		tPmkidCacheInfo *pmk_cache,
		uint32_t *index)
		{
		uint32_t i;
		tPmkidCacheInfo *session_pmk;

		for (i = 0; i < session->NumPmkidCache; i++) {
		session_pmk = &session->PmkidCacheInfo[i];

		if ((!vos_mem_compare(pmk_cache->ssid, session_pmk->ssid,
		pmk_cache->ssid_len)) &&
		(!vos_mem_compare(session_pmk->cache_id,
		pmk_cache->cache_id, CACHE_ID_LEN))) {
		/* match found */
		*index = i;
		return true;
		}
		}

		return false;
		}

		bool csr_lookup_pmkid_using_bssid(tpAniSirGlobal mac,
		tCsrRoamSession *session,
		tPmkidCacheInfo *pmk_cache,
		@@ -4172,21 +4139,19 @@ tANI_BOOLEAN csrLookupPMKID(tpAniSirGlobal pMac, tANI_U32 sessionId,
		return fRC;
		}

		if (pmk_cache->ssid_len) {
		/* Try to find based on cache_id and ssid first */
		fMatchFound = csr_lookup_pmkid_using_ssid(pMac, pSession, pmk_cache,
		&Index);
		}

		/* If not able to find using cache id or ssid_len is not present */
		if (!fMatchFound)
		fMatchFound = csr_lookup_pmkid_using_bssid(pMac, pSession, pmk_cache,
		&Index);

		if (!fMatchFound) {
		smsLog(pMac, LOG2, "No PMKID Match Found");
		return false;
		}

		if (pSession->PmkidCacheInfo[Index].pmk_len > CSR_RSN_MAX_PMK_LEN) {
		smsLog(pMac, LOG2, "PMK length %d is invalid",
		pSession->PmkidCacheInfo[Index].pmk_len);
		return false;
		}

		vos_mem_copy(pmk_cache->PMKID, pSession->PmkidCacheInfo[Index].PMKID, CSR_RSN_PMKID_SIZE);