cfg80211: disallow shared key authentication with key index 4
authorJohannes Berg <johannes.berg@intel.com>
Tue, 13 Sep 2016 14:25:58 +0000 (16:25 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Tue, 13 Sep 2016 18:20:51 +0000 (20:20 +0200)
Key index 4 can only be used for an IGTK, so the range checks
for shared key authentication should treat 4 as an error, fix
that in the code.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/mlme.c
net/wireless/nl80211.c

index c284d883c349bf732d7fa0ad60615aff4abf0b4a..d6abb0704db5cbcde3afb5d26c4917cd6bd96b5b 100644 (file)
@@ -222,7 +222,7 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
        ASSERT_WDEV_LOCK(wdev);
 
        if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
-               if (!key || !key_len || key_idx < 0 || key_idx > 4)
+               if (!key || !key_len || key_idx < 0 || key_idx > 3)
                        return -EINVAL;
 
        if (wdev->current_bss &&
index 7ebad350abc1072499e0503d6e9c508af4757107..c11c1ef6daa720175eb697afce401ba01370ea7c 100644 (file)
@@ -7388,7 +7388,7 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
                    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
                     key.p.key_len != WLAN_KEY_LEN_WEP104))
                        return -EINVAL;
-               if (key.idx > 4)
+               if (key.idx > 3)
                        return -EINVAL;
        } else {
                key.p.key_len = 0;