nl80211: only allow WEP keys during connect command

This was already documented that way in nl80211.h, but the parsing code still accepted other key types. Change it to really only accept WEP keys as documented. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2016-09-13 17:10:02 +0300
committer: Johannes Berg <johannes.berg@intel.com> 2016-09-13 21:20:52 +0300
commit: 386b1f273850380a1887044673922843736c6d0a (patch)
tree: 7577832e5cf40171c289d05f41b36a55ba154074
parent: 42ee231cd12c2e1eb015163d04a65950e895d4b7 (diff)
download: linux-386b1f273850380a1887044673922843736c6d0a.tar.xz
1 files changed, 8 insertions, 5 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 524f5d238c14..6cb33ae38ae3 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -881,16 +881,19 @@ nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
 						     parse.idx, false, NULL);
 		if (err)
 			goto error;
+		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
+		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
+			err = -EINVAL;
+			goto error;
+		}
 		result->params[parse.idx].cipher = parse.p.cipher;
 		result->params[parse.idx].key_len = parse.p.key_len;
 		result->params[parse.idx].key = result->data[parse.idx];
 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
 
-		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
-		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
-			if (no_ht)
-				*no_ht = true;
-		}
+		/* must be WEP key if we got here */
+		if (no_ht)
+			*no_ht = true;
 	}
 
 	return result;
author	Johannes Berg <johannes.berg@intel.com>	2016-09-13 17:10:02 +0300
committer	Johannes Berg <johannes.berg@intel.com>	2016-09-13 21:20:52 +0300
commit	386b1f273850380a1887044673922843736c6d0a (patch)
tree	7577832e5cf40171c289d05f41b36a55ba154074
parent	42ee231cd12c2e1eb015163d04a65950e895d4b7 (diff)
download	linux-386b1f273850380a1887044673922843736c6d0a.tar.xz