staging: wilc1000: fix WEP security bug
authorGlen Lee <glen.lee@atmel.com>
Thu, 4 Feb 2016 09:15:28 +0000 (18:15 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 8 Feb 2016 01:34:58 +0000 (17:34 -0800)
Station cannot connect to soft AP mode wilc when it is configured for WEP
security. This patch fixes it by setting the key index within the key value and
change the last else condition with DEFAULTKEY action case, and also do not use
WILC_WFI_wep_default index to set wep key id.

Signed-off-by: Glen Lee <glen.lee@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/wilc1000/host_interface.c
drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
drivers/staging/wilc1000/wilc_wfi_netdevice.h

index 4b1d92cb50d0ad5b6d48a30d98576835ac4de8c6..67bcf889287e0a2497ddfb66e85e6bcbbf601ffc 100644 (file)
@@ -1737,14 +1737,7 @@ static int Handle_Key(struct wilc_vif *vif,
                        strWIDList[1].size = sizeof(char);
                        strWIDList[1].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.auth_type;
 
-                       strWIDList[2].id = (u16)WID_KEY_ID;
-                       strWIDList[2].type = WID_CHAR;
-
-                       strWIDList[2].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index;
-                       strWIDList[2].size = sizeof(char);
-
-                       pu8keybuf = kmemdup(pstrHostIFkeyAttr->attr.wep.key,
-                                           pstrHostIFkeyAttr->attr.wep.key_len,
+                       pu8keybuf = kmalloc(pstrHostIFkeyAttr->attr.wep.key_len + 2,
                                            GFP_KERNEL);
 
                        if (pu8keybuf == NULL) {
@@ -1752,15 +1745,21 @@ static int Handle_Key(struct wilc_vif *vif,
                                return -ENOMEM;
                        }
 
+                       pu8keybuf[0] = pstrHostIFkeyAttr->attr.wep.index;
+                       pu8keybuf[1] = pstrHostIFkeyAttr->attr.wep.key_len;
+
+                       memcpy(&pu8keybuf[2], pstrHostIFkeyAttr->attr.wep.key,
+                              pstrHostIFkeyAttr->attr.wep.key_len);
+
                        kfree(pstrHostIFkeyAttr->attr.wep.key);
 
-                       strWIDList[3].id = (u16)WID_WEP_KEY_VALUE;
-                       strWIDList[3].type = WID_STR;
-                       strWIDList[3].size = pstrHostIFkeyAttr->attr.wep.key_len;
-                       strWIDList[3].val = (s8 *)pu8keybuf;
+                       strWIDList[2].id = (u16)WID_WEP_KEY_VALUE;
+                       strWIDList[2].type = WID_STR;
+                       strWIDList[2].size = pstrHostIFkeyAttr->attr.wep.key_len + 2;
+                       strWIDList[2].val = (s8 *)pu8keybuf;
 
                        result = wilc_send_config_pkt(vif->wilc, SET_CFG,
-                                                     strWIDList, 4,
+                                                     strWIDList, 3,
                                                      wilc_get_vif_idx(vif));
                        kfree(pu8keybuf);
                } else if (pstrHostIFkeyAttr->action & ADDKEY) {
@@ -1797,7 +1796,7 @@ static int Handle_Key(struct wilc_vif *vif,
                        result = wilc_send_config_pkt(vif->wilc, SET_CFG,
                                                      &wid, 1,
                                                      wilc_get_vif_idx(vif));
-               } else {
+               } else if (pstrHostIFkeyAttr->action & DEFAULTKEY) {
                        wid.id = (u16)WID_KEY_ID;
                        wid.type = WID_CHAR;
                        wid.val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index;
index 14e1f14256d29866c6955cf05990bcb6ab65c189..fb940ed4d0efea6f69eb64a52bc44c9221f75e05 100644 (file)
@@ -761,7 +761,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev,
                return s32Error;
        }
 
-       priv->WILC_WFI_wep_default = 0;
        memset(priv->WILC_WFI_wep_key, 0, sizeof(priv->WILC_WFI_wep_key));
        memset(priv->WILC_WFI_wep_key_len, 0, sizeof(priv->WILC_WFI_wep_key_len));
 
@@ -788,7 +787,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev,
                                for (i = 0; i < sme->key_len; i++)
                                        PRINT_D(CORECONFIG_DBG, "WEP Key Value[%d] = %d\n", i, sme->key[i]);
                        }
-                       priv->WILC_WFI_wep_default = sme->key_idx;
                        priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len;
                        memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len);
 
@@ -806,7 +804,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev,
                        pcgroup_encrypt_val = "WEP104";
                        pccipher_group = "WLAN_CIPHER_SUITE_WEP104";
 
-                       priv->WILC_WFI_wep_default = sme->key_idx;
                        priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len;
                        memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len);
 
@@ -986,7 +983,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index,
        case WLAN_CIPHER_SUITE_WEP40:
        case WLAN_CIPHER_SUITE_WEP104:
                if (priv->wdev->iftype == NL80211_IFTYPE_AP) {
-                       priv->WILC_WFI_wep_default = key_index;
                        priv->WILC_WFI_wep_key_len[key_index] = params->key_len;
                        memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len);
 
@@ -1009,7 +1005,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index,
                        break;
                }
                if (memcmp(params->key, priv->WILC_WFI_wep_key[key_index], params->key_len)) {
-                       priv->WILC_WFI_wep_default = key_index;
                        priv->WILC_WFI_wep_key_len[key_index] = params->key_len;
                        memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len);
 
@@ -1336,9 +1331,7 @@ static int set_default_key(struct wiphy *wiphy, struct net_device *netdev, u8 ke
 
        PRINT_D(CFG80211_DBG, "Setting default key with idx = %d\n", key_index);
 
-       if (key_index != priv->WILC_WFI_wep_default) {
-               wilc_set_wep_default_keyid(vif, key_index);
-       }
+       wilc_set_wep_default_keyid(vif, key_index);
 
        return 0;
 }
index 9f8c79e3d19537376ac10847e655dfded6870721..07eda4db1dcd97740e513795bc269989ba31fe11 100644 (file)
@@ -124,7 +124,6 @@ struct wilc_priv {
        struct host_if_drv *hWILCWFIDrv;
        struct host_if_pmkid_attr pmkid_list;
        struct WILC_WFI_stats netstats;
-       u8 WILC_WFI_wep_default;
        u8 WILC_WFI_wep_key[4][WLAN_KEY_LEN_WEP104];
        u8 WILC_WFI_wep_key_len[4];
        /* The real interface that the monitor is on */