diff options
author | Johannes Berg <johannes.berg@intel.com> | 2016-09-13 17:25:58 +0300 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2016-09-13 21:20:51 +0300 |
commit | b6b5555bc89f52e49244104ca4d7764c7b0f11cd (patch) | |
tree | 9d1f60df03f7ab85f2885af62ac63a22942c3437 | |
parent | 4854f175c3182816d906c4bc34be5f30556346a5 (diff) | |
download | linux-b6b5555bc89f52e49244104ca4d7764c7b0f11cd.tar.xz |
cfg80211: disallow shared key authentication with key index 4
Key index 4 can only be used for an IGTK, so the range checks
for shared key authentication should treat 4 as an error, fix
that in the code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r-- | net/wireless/mlme.c | 2 | ||||
-rw-r--r-- | net/wireless/nl80211.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index c284d883c349..d6abb0704db5 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -222,7 +222,7 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, ASSERT_WDEV_LOCK(wdev); if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) - if (!key || !key_len || key_idx < 0 || key_idx > 4) + if (!key || !key_len || key_idx < 0 || key_idx > 3) return -EINVAL; if (wdev->current_bss && diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 7ebad350abc1..c11c1ef6daa7 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -7388,7 +7388,7 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || key.p.key_len != WLAN_KEY_LEN_WEP104)) return -EINVAL; - if (key.idx > 4) + if (key.idx > 3) return -EINVAL; } else { key.p.key_len = 0; |