From 45cbad6a1299842b5ae9a8a9c09630af063692f8 Mon Sep 17 00:00:00 2001 From: Juuso Oikarinen Date: Tue, 25 Jan 2011 12:21:22 +0200 Subject: cfg80211: Allow non-zero indexes for device specific pair-wise ciphers Some vendor specific cipher suites require non-zero key indexes for pairwise keys, but as of currently, the cfg80211 does not allow it. As validating they cipher parameters for vendor specific cipher suites is the job of the driver or hardware/firmware, change the cfg80211 to allow also non-zero pairwise key indexes for vendor specific ciphers. Signed-off-by: Juuso Oikarinen Signed-off-by: John W. Linville --- net/wireless/util.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'net/wireless') diff --git a/net/wireless/util.c b/net/wireless/util.c index 4ed065d8bb51..6a750bc6bcfe 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -167,12 +167,15 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, /* * Disallow pairwise keys with non-zero index unless it's WEP - * (because current deployments use pairwise WEP keys with - * non-zero indizes but 802.11i clearly specifies to use zero) + * or a vendor specific cipher (because current deployments use + * pairwise WEP keys with non-zero indices and for vendor specific + * ciphers this should be validated in the driver or hardware level + * - but 802.11i clearly specifies to use zero) */ if (pairwise && key_idx && - params->cipher != WLAN_CIPHER_SUITE_WEP40 && - params->cipher != WLAN_CIPHER_SUITE_WEP104) + ((params->cipher == WLAN_CIPHER_SUITE_TKIP) || + (params->cipher == WLAN_CIPHER_SUITE_CCMP) || + (params->cipher == WLAN_CIPHER_SUITE_AES_CMAC))) return -EINVAL; switch (params->cipher) { -- cgit v1.2.3 From efe1cf0c5743caf4daccb57b399ef63edad41c9d Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Fri, 28 Jan 2011 15:17:11 +0100 Subject: net/wireless/nl80211.c: Avoid call to genlmsg_cancel genlmsg_cancel subtracts some constants from its second argument before calling nlmsg_cancel. nlmsg_cancel then calls nlmsg_trim on the same arguments. nlmsg_trim tests for NULL before doing any computation, but a NULL second argument to genlmsg_cancel is no longer NULL due to the initial subtraction. Nothing else happens in this execution, so the call to genlmsg_cancel is simply unnecessary in this case. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression data; @@ if (data == NULL) { ... * genlmsg_cancel(..., data); ... return ...; } // Signed-off-by: Julia Lawall Signed-off-by: John W. Linville --- net/wireless/nl80211.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'net/wireless') diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 9b62710891a2..864ddfbeff2f 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2718,7 +2718,7 @@ static int nl80211_get_mesh_config(struct sk_buff *skb, hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, NL80211_CMD_GET_MESH_CONFIG); if (!hdr) - goto nla_put_failure; + goto out; pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); if (!pinfoattr) goto nla_put_failure; @@ -2759,6 +2759,7 @@ static int nl80211_get_mesh_config(struct sk_buff *skb, nla_put_failure: genlmsg_cancel(msg, hdr); + out: nlmsg_free(msg); return -ENOBUFS; } @@ -2954,7 +2955,7 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, NL80211_CMD_GET_REG); if (!hdr) - goto nla_put_failure; + goto put_failure; NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, cfg80211_regdomain->alpha2); @@ -3001,6 +3002,7 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) nla_put_failure: genlmsg_cancel(msg, hdr); +put_failure: nlmsg_free(msg); err = -EMSGSIZE; out: -- cgit v1.2.3