summaryrefslogtreecommitdiffstats
path: root/net/wireless
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-05-15 12:38:32 +0300
committerJohn W. Linville <linville@tuxdriver.com>2009-05-20 14:46:25 -0400
commit9f26a952210e44691f784b77bf1f83a500d63f58 (patch)
treea11a5ab475cc8cfa61362e57b6b6c4e018d21996 /net/wireless
parentcc65965cbb24d2ca2bb70f26cac9d7243349e7e3 (diff)
downloadlinux-9f26a952210e44691f784b77bf1f83a500d63f58.tar.bz2
nl80211: Validate NL80211_ATTR_KEY_SEQ length
Validate RSC (NL80211_ATTR_KEY_SEQ) length in nl80211/cfg80211 instead of having to do this in all the drivers. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/nl80211.c1
-rw-r--r--net/wireless/util.c15
2 files changed, 16 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 0e22b5f5880f..1cf57f53a283 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -77,6 +77,7 @@ static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
+ [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
diff --git a/net/wireless/util.c b/net/wireless/util.c
index beb226e78cd7..b94c8604ad7c 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -181,5 +181,20 @@ int cfg80211_validate_key_settings(struct key_params *params, int key_idx,
return -EINVAL;
}
+ if (params->seq) {
+ switch (params->cipher) {
+ case WLAN_CIPHER_SUITE_WEP40:
+ case WLAN_CIPHER_SUITE_WEP104:
+ /* These ciphers do not use key sequence */
+ return -EINVAL;
+ case WLAN_CIPHER_SUITE_TKIP:
+ case WLAN_CIPHER_SUITE_CCMP:
+ case WLAN_CIPHER_SUITE_AES_CMAC:
+ if (params->seq_len != 6)
+ return -EINVAL;
+ break;
+ }
+ }
+
return 0;
}