Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f9a703e1 authored by Dan Carpenter's avatar Dan Carpenter Committed by John W. Linville
Browse files

iwmc3200wifi: add a range check to iwm_cfg80211_get_key() 



Smatch complains that "key_index" is capped at 5 in nl80211_get_key()
but iwm->keys[] only has 4 elements.  I don't know if this is really
needed, but the other ->get_key() implementations seemed to check
for overflows so I've added a check here.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent d83579e2

drivers/net/wireless/iwmc3200wifi/cfg80211.c

+5 −1
Original line number Diff line number Diff line
@@ -187,13 +187,17 @@ static int iwm_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, 
						 struct key_params*))

{

	struct iwm_priv *iwm = ndev_to_iwm(ndev);

	struct iwm_key *key = &iwm->keys[key_index];

	struct iwm_key *key;

	struct key_params params;



	IWM_DBG_WEXT(iwm, DBG, "Getting key %d\n", key_index);



	if (key_index >= IWM_NUM_KEYS)

		return -ENOENT;



	memset(&params, 0, sizeof(params));



	key = &iwm->keys[key_index];

	params.cipher = key->cipher;

	params.key_len = key->key_len;

	params.seq_len = key->seq_len;