Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7ef2743d authored by Jes Sorensen's avatar Jes Sorensen Committed by Greg Kroah-Hartman
Browse files

staging: rtl8723au: Validate keys in cfg80211_rtw_add_key() 



We validate the parameters in cfg80211_rtw_add_key() so no need to do
it all again in rtw_cfg80211_{ap_}set_encryption()

Signed-off-by: default avatarJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3e71669a

drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c

+19 −57
Original line number Diff line number Diff line
@@ -512,23 +512,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, 


	DBG_8723A("%s\n", __func__);



	if (is_broadcast_ether_addr(sta_addr)) {

		if (key_index >= WEP_KEYS) {

			ret = -EINVAL;

			goto exit;

		}

		switch (keyparms->cipher) {

		case WLAN_CIPHER_SUITE_WEP40:

		case WLAN_CIPHER_SUITE_WEP104:

		case WLAN_CIPHER_SUITE_TKIP:

		case WLAN_CIPHER_SUITE_CCMP:

			break;

		default:

			ret = -EINVAL;

			goto exit;

		}



	} else {

	if (!is_broadcast_ether_addr(sta_addr)) {

		psta = rtw_get_stainfo23a(pstapriv, sta_addr);

		if (!psta) {

			/* ret = -EINVAL; */
@@ -547,15 +531,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, 
		DBG_8723A("r871x_set_encryption, wep_key_idx =%d, len =%d\n",

			  key_index, key_len);



		if (key_index >= WEP_KEYS || key_len <= 0) {

			ret = -EINVAL;

			goto exit;

		}



		if (key_len > 0) {

			key_len = key_len <= 5 ? 5 : 13;

		}



		if (psecuritypriv->bWepDefaultKeyIdxSet == 0) {

			/* wep default key has not been set, so use

			   this key index as default key. */
@@ -586,8 +561,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, 


				memcpy(psecuritypriv->

				       dot118021XGrpKey[key_index].skey,

				       keyparms->key,

				       (key_len > 16 ? 16 : key_len));

				       keyparms->key, key_len);



				psecuritypriv->dot118021XGrpPrivacy =

					keyparms->cipher;
@@ -628,8 +602,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, 
				DBG_8723A("%s, set group_key, none\n",

					  __func__);



				psecuritypriv->dot118021XGrpPrivacy =

				    0;

				psecuritypriv->dot118021XGrpPrivacy = 0;

			}



			psecuritypriv->dot118021XGrpKeyid = key_index;
@@ -709,8 +682,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, 
			    keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) {

				memcpy(psecuritypriv->

				       dot118021XGrpKey[key_index].skey,

				       keyparms->key,

				       (key_len > 16 ? 16 : key_len));

				       keyparms->key, key_len);



				psecuritypriv->dot118021XGrpPrivacy =

					keyparms->cipher;
@@ -732,7 +704,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, 
				       &keyparms->key[24], 8);



				psecuritypriv->busetkipkey = 1;



			} else if (keyparms->cipher == WLAN_CIPHER_SUITE_CCMP) {

				psecuritypriv->dot118021XGrpPrivacy =

					WLAN_CIPHER_SUITE_CCMP;
@@ -787,42 +758,20 @@ static int rtw_cfg80211_set_encryption(struct net_device *dev, u8 key_index, 


	key_len = keyparms->key_len;



	if (is_broadcast_ether_addr(sta_addr)) {

		if (key_index >= WEP_KEYS) {

			ret = -EINVAL;

			goto exit;

		}

	} else {

		ret = -EINVAL;

		goto exit;

	}



	if (keyparms->cipher == WLAN_CIPHER_SUITE_WEP40 ||

	    keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) {

		RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_err_,

			 ("wpa_set_encryption, crypt.alg = WEP\n"));

		DBG_8723A("wpa_set_encryption, crypt.alg = WEP\n");



		if (key_index > WEP_KEYS || key_len <= 0) {

			ret = -EINVAL;

			goto exit;

		}



		if (psecuritypriv->bWepDefaultKeyIdxSet == 0) {

			/* wep default key has not been set, so use this

			   key index as default key. */



			key_len = key_len <= 5 ? 5 : 13;



			psecuritypriv->ndisencryptstatus =

				Ndis802_11Encryption1Enabled;

			psecuritypriv->dot11PrivacyAlgrthm = WLAN_CIPHER_SUITE_WEP40;

			psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_WEP40;



			if (key_len == 13) {

				psecuritypriv->dot11PrivacyAlgrthm = WLAN_CIPHER_SUITE_WEP104;

				psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_WEP104;

			}

			psecuritypriv->dot11PrivacyAlgrthm = keyparms->cipher;

			psecuritypriv->dot118021XGrpPrivacy = keyparms->cipher;



			psecuritypriv->dot11PrivacyKeyIndex = key_index;

		}
@@ -967,7 +916,15 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev, 
	switch (params->cipher) {

	case IW_AUTH_CIPHER_NONE:

	case WLAN_CIPHER_SUITE_WEP40:

		if (params->key_len != WLAN_KEY_LEN_WEP40) {

			ret = -EINVAL;

			goto exit;

		}

	case WLAN_CIPHER_SUITE_WEP104:

		if (params->key_len != WLAN_KEY_LEN_WEP104) {

			ret = -EINVAL;

			goto exit;

		}

	case WLAN_CIPHER_SUITE_TKIP:

	case WLAN_CIPHER_SUITE_CCMP:

		break;
@@ -976,6 +933,11 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev, 
		goto exit;

	}



	if (key_index >= WEP_KEYS || params->key_len < 0) {

		ret = -EINVAL;

		goto exit;

	}



	eth_broadcast_addr(sta_addr);



	if (!mac_addr || is_broadcast_ether_addr(mac_addr))