Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e9c8f8d3 authored by Johannes Berg's avatar Johannes Berg
Browse files

cfg80211: validate key index better 



Don't accept it if a key_idx < 0 snuck through, reject WEP keys with
key index 4 and 5 (which are used for IGTKs) and don't allow IGTKs
with key indices other than 4 and 5. This makes the key data match
expectations better.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 9381e267

net/wireless/util.c

+7 −1
Original line number Diff line number Diff line
@@ -218,7 +218,7 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, 
				   struct key_params *params, int key_idx,

				   bool pairwise, const u8 *mac_addr)

{

	if (key_idx > 5)

	if (key_idx < 0 || key_idx > 5)

		return -EINVAL;



	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
@@ -249,7 +249,13 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, 
		/* Disallow BIP (group-only) cipher as pairwise cipher */

		if (pairwise)

			return -EINVAL;

		if (key_idx < 4)

			return -EINVAL;

		break;

	case WLAN_CIPHER_SUITE_WEP40:

	case WLAN_CIPHER_SUITE_WEP104:

		if (key_idx > 3)

			return -EINVAL;

	default:

		break;

	}