Commit b6b5555b authored by Johannes Berg's avatar Johannes Berg

cfg80211: disallow shared key authentication with key index 4

Key index 4 can only be used for an IGTK, so the range checks
for shared key authentication should treat 4 as an error, fix
that in the code.
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 4854f175
...@@ -222,7 +222,7 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, ...@@ -222,7 +222,7 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
ASSERT_WDEV_LOCK(wdev); ASSERT_WDEV_LOCK(wdev);
if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
if (!key || !key_len || key_idx < 0 || key_idx > 4) if (!key || !key_len || key_idx < 0 || key_idx > 3)
return -EINVAL; return -EINVAL;
if (wdev->current_bss && if (wdev->current_bss &&
......
...@@ -7388,7 +7388,7 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) ...@@ -7388,7 +7388,7 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
(key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
key.p.key_len != WLAN_KEY_LEN_WEP104)) key.p.key_len != WLAN_KEY_LEN_WEP104))
return -EINVAL; return -EINVAL;
if (key.idx > 4) if (key.idx > 3)
return -EINVAL; return -EINVAL;
} else { } else {
key.p.key_len = 0; key.p.key_len = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment