From 7ef2743da1bb1edcad5cdfafe75652445fa3cc1b Mon Sep 17 00:00:00 2001 From: Jes Sorensen Date: Tue, 24 Jun 2014 15:03:53 +0200 Subject: [PATCH] staging: rtl8723au: Validate keys in cfg80211_rtw_add_key() We validate the parameters in cfg80211_rtw_add_key() so no need to do it all again in rtw_cfg80211_{ap_}set_encryption() Signed-off-by: Jes Sorensen Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c | 76 ++++++----------------- 1 file changed, 19 insertions(+), 57 deletions(-) diff --git a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c index f53189a..87f953c 100644 --- a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c +++ b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c @@ -512,23 +512,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, DBG_8723A("%s\n", __func__); - if (is_broadcast_ether_addr(sta_addr)) { - if (key_index >= WEP_KEYS) { - ret = -EINVAL; - goto exit; - } - switch (keyparms->cipher) { - case WLAN_CIPHER_SUITE_WEP40: - case WLAN_CIPHER_SUITE_WEP104: - case WLAN_CIPHER_SUITE_TKIP: - case WLAN_CIPHER_SUITE_CCMP: - break; - default: - ret = -EINVAL; - goto exit; - } - - } else { + if (!is_broadcast_ether_addr(sta_addr)) { psta = rtw_get_stainfo23a(pstapriv, sta_addr); if (!psta) { /* ret = -EINVAL; */ @@ -547,15 +531,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, DBG_8723A("r871x_set_encryption, wep_key_idx =%d, len =%d\n", key_index, key_len); - if (key_index >= WEP_KEYS || key_len <= 0) { - ret = -EINVAL; - goto exit; - } - - if (key_len > 0) { - key_len = key_len <= 5 ? 5 : 13; - } - if (psecuritypriv->bWepDefaultKeyIdxSet == 0) { /* wep default key has not been set, so use this key index as default key. */ @@ -586,8 +561,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, memcpy(psecuritypriv-> dot118021XGrpKey[key_index].skey, - keyparms->key, - (key_len > 16 ? 16 : key_len)); + keyparms->key, key_len); psecuritypriv->dot118021XGrpPrivacy = keyparms->cipher; @@ -628,8 +602,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, DBG_8723A("%s, set group_key, none\n", __func__); - psecuritypriv->dot118021XGrpPrivacy = - 0; + psecuritypriv->dot118021XGrpPrivacy = 0; } psecuritypriv->dot118021XGrpKeyid = key_index; @@ -709,8 +682,7 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) { memcpy(psecuritypriv-> dot118021XGrpKey[key_index].skey, - keyparms->key, - (key_len > 16 ? 16 : key_len)); + keyparms->key, key_len); psecuritypriv->dot118021XGrpPrivacy = keyparms->cipher; @@ -732,7 +704,6 @@ static int rtw_cfg80211_ap_set_encryption(struct net_device *dev, u8 key_index, &keyparms->key[24], 8); psecuritypriv->busetkipkey = 1; - } else if (keyparms->cipher == WLAN_CIPHER_SUITE_CCMP) { psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_CCMP; @@ -787,42 +758,20 @@ static int rtw_cfg80211_set_encryption(struct net_device *dev, u8 key_index, key_len = keyparms->key_len; - if (is_broadcast_ether_addr(sta_addr)) { - if (key_index >= WEP_KEYS) { - ret = -EINVAL; - goto exit; - } - } else { - ret = -EINVAL; - goto exit; - } - if (keyparms->cipher == WLAN_CIPHER_SUITE_WEP40 || keyparms->cipher == WLAN_CIPHER_SUITE_WEP104) { RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_err_, ("wpa_set_encryption, crypt.alg = WEP\n")); DBG_8723A("wpa_set_encryption, crypt.alg = WEP\n"); - if (key_index > WEP_KEYS || key_len <= 0) { - ret = -EINVAL; - goto exit; - } - if (psecuritypriv->bWepDefaultKeyIdxSet == 0) { /* wep default key has not been set, so use this key index as default key. */ - key_len = key_len <= 5 ? 5 : 13; - psecuritypriv->ndisencryptstatus = Ndis802_11Encryption1Enabled; - psecuritypriv->dot11PrivacyAlgrthm = WLAN_CIPHER_SUITE_WEP40; - psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_WEP40; - - if (key_len == 13) { - psecuritypriv->dot11PrivacyAlgrthm = WLAN_CIPHER_SUITE_WEP104; - psecuritypriv->dot118021XGrpPrivacy = WLAN_CIPHER_SUITE_WEP104; - } + psecuritypriv->dot11PrivacyAlgrthm = keyparms->cipher; + psecuritypriv->dot118021XGrpPrivacy = keyparms->cipher; psecuritypriv->dot11PrivacyKeyIndex = key_index; } @@ -967,7 +916,15 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev, switch (params->cipher) { case IW_AUTH_CIPHER_NONE: case WLAN_CIPHER_SUITE_WEP40: + if (params->key_len != WLAN_KEY_LEN_WEP40) { + ret = -EINVAL; + goto exit; + } case WLAN_CIPHER_SUITE_WEP104: + if (params->key_len != WLAN_KEY_LEN_WEP104) { + ret = -EINVAL; + goto exit; + } case WLAN_CIPHER_SUITE_TKIP: case WLAN_CIPHER_SUITE_CCMP: break; @@ -976,6 +933,11 @@ static int cfg80211_rtw_add_key(struct wiphy *wiphy, struct net_device *ndev, goto exit; } + if (key_index >= WEP_KEYS || params->key_len < 0) { + ret = -EINVAL; + goto exit; + } + eth_broadcast_addr(sta_addr); if (!mac_addr || is_broadcast_ether_addr(mac_addr)) -- 2.7.4