Commit f1c1f17a authored by Johannes Berg's avatar Johannes Berg

cfg80211: allow connect keys only with default (TX) key

There's no point in allowing connect keys when one of them
isn't also configured as the TX key, it would just confuse
drivers and probably cause them to pick something for TX.
Disallow this confusing and erroneous configuration.

As wpa_supplicant will always send NL80211_ATTR_KEYS, even
when there are no keys inside, allow that and treat it as
though the attribute isn't present at all.
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 89b706fb
...@@ -114,6 +114,9 @@ static int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev, ...@@ -114,6 +114,9 @@ static int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev,
} }
} }
if (WARN_ON(connkeys && connkeys->def < 0))
return -EINVAL;
if (WARN_ON(wdev->connect_keys)) if (WARN_ON(wdev->connect_keys))
kzfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = connkeys; wdev->connect_keys = connkeys;
...@@ -289,7 +292,7 @@ int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev, ...@@ -289,7 +292,7 @@ int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
wdev->wext.ibss.privacy = wdev->wext.default_key != -1; wdev->wext.ibss.privacy = wdev->wext.default_key != -1;
if (wdev->wext.keys) { if (wdev->wext.keys && wdev->wext.keys->def != -1) {
ck = kmemdup(wdev->wext.keys, sizeof(*ck), GFP_KERNEL); ck = kmemdup(wdev->wext.keys, sizeof(*ck), GFP_KERNEL);
if (!ck) if (!ck)
return -ENOMEM; return -ENOMEM;
......
...@@ -848,6 +848,15 @@ nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, ...@@ -848,6 +848,15 @@ nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
struct nlattr *key; struct nlattr *key;
struct cfg80211_cached_keys *result; struct cfg80211_cached_keys *result;
int rem, err, def = 0; int rem, err, def = 0;
bool have_key = false;
nla_for_each_nested(key, keys, rem) {
have_key = true;
break;
}
if (!have_key)
return NULL;
result = kzalloc(sizeof(*result), GFP_KERNEL); result = kzalloc(sizeof(*result), GFP_KERNEL);
if (!result) if (!result)
...@@ -895,6 +904,11 @@ nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, ...@@ -895,6 +904,11 @@ nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
*no_ht = true; *no_ht = true;
} }
if (result->def < 0) {
err = -EINVAL;
goto error;
}
return result; return result;
error: error:
kfree(result); kfree(result);
......
...@@ -1043,6 +1043,9 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev, ...@@ -1043,6 +1043,9 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
connect->crypto.ciphers_pairwise[0] = cipher; connect->crypto.ciphers_pairwise[0] = cipher;
} }
} }
} else {
if (WARN_ON(connkeys))
return -EINVAL;
} }
wdev->connect_keys = connkeys; wdev->connect_keys = connkeys;
......
...@@ -42,7 +42,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, ...@@ -42,7 +42,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
if (!wdev->wext.connect.ssid_len) if (!wdev->wext.connect.ssid_len)
return 0; return 0;
if (wdev->wext.keys) { if (wdev->wext.keys && wdev->wext.keys->def != -1) {
ck = kmemdup(wdev->wext.keys, sizeof(*ck), GFP_KERNEL); ck = kmemdup(wdev->wext.keys, sizeof(*ck), GFP_KERNEL);
if (!ck) if (!ck)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment