Commit 92ea8df1 authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: mac80211: reject WEP or pairwise keys with key ID > 3 



We don't really care too much right now since our data
structures are set up to not have a problem with this,
but clearly it's wrong to accept WEP and pairwise keys
with key ID > 3.

However, with MLD we need to split into per-link (GTK,
IGTK, BIGTK) and per interface/MLD (including WEP) keys
so make sure this is not a problem.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 8092a0ee

net/mac80211/key.c

+13 −5
Original line number Diff line number Diff line
@@ -433,13 +433,25 @@ static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 
	int idx;

	int ret = 0;

	bool defunikey, defmultikey, defmgmtkey, defbeaconkey;

	bool is_wep;



	/* caller must provide at least one old/new */

	if (WARN_ON(!new && !old))

		return 0;



	if (new)

	if (new) {

		idx = new->conf.keyidx;

		list_add_tail_rcu(&new->list, &sdata->key_list);

		is_wep = new->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||

			 new->conf.cipher == WLAN_CIPHER_SUITE_WEP104;

	} else {

		idx = old->conf.keyidx;

		is_wep = old->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||

			 old->conf.cipher == WLAN_CIPHER_SUITE_WEP104;

	}



	if ((is_wep || pairwise) && idx >= NUM_DEFAULT_KEYS)

		return -EINVAL;



	WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
@@ -451,8 +463,6 @@ static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 
	}



	if (old) {

		idx = old->conf.keyidx;



		if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {

			ieee80211_key_disable_hw_accel(old);
@@ -460,8 +470,6 @@ static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 
				ret = ieee80211_key_enable_hw_accel(new);

		}

	} else {

		/* new must be provided in case old is not */

		idx = new->conf.keyidx;

		if (!new->local->wowlan)

			ret = ieee80211_key_enable_hw_accel(new);

	}