poky/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch - openbmc/openbmc - Gitiles

 From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
 From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
 Date: Tue, 12 Jun 2018 09:01:56 +0300
 Subject: [PATCH] connect: fix parsing of WEP keys

 The introduction of MFP options added a bug that causes a
 segmentation fault when parsing WEP keys.
 Fix that.

 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
 Signed-off-by: Johannes Berg <johannes.berg@intel.com>

 Upstream-Status: Backport
 [https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
 Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
 ---
  ap.c      |  2 +-
  connect.c |  7 ++-----
  ibss.c    |  2 +-
  iw.h      |  3 ++-
  util.c    | 36 ++++++++++++++++++------------------
  5 files changed, 24 insertions(+), 26 deletions(-)

 diff --git a/ap.c b/ap.c
 index 4bab5b9..dcce402 100644
 --- a/ap.c
 +++ b/ap.c
 @@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
  	argv++;
  	argc--;

 -	return parse_keys(msg, argv, argc);
 +	return parse_keys(msg, &argv, &argc);
   nla_put_failure:
  	return -ENOSPC;
  }
 diff --git a/connect.c b/connect.c
 index 339fc73..4a847a1 100644
 --- a/connect.c
 +++ b/connect.c
 @@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
  	argv++;
  	argc--;

 -	ret = parse_keys(msg, argv, argc);
 +	ret = parse_keys(msg, &argv, &argc);
  	if (ret)
  		return ret;

 -	argc -= 4;
 -	argv += 4;
 -
  	if (!argc)
  		return 0;

 @@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
  	argv++;
  	argc--;

 -	return parse_keys(msg, argv, argc);
 +	return parse_keys(msg, &argv, &argc);
   nla_put_failure:
  	return -ENOSPC;
  }
 diff --git a/ibss.c b/ibss.c
 index 84f1e95..d77fc92 100644
 --- a/ibss.c
 +++ b/ibss.c
 @@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
  	argv++;
  	argc--;

 -	return parse_keys(msg, argv, argc);
 +	return parse_keys(msg, &argv, &argc);
   nla_put_failure:
  	return -ENOSPC;
  }
 diff --git a/iw.h b/iw.h
 index ee7ca20..8767ed3 100644
 --- a/iw.h
 +++ b/iw.h
 @@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
  		   unsigned char **mask);
  unsigned char *parse_hex(char *hex, size_t *outlen);

 -int parse_keys(struct nl_msg *msg, char **argv, int argc);
 +
 +int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
  int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
  enum nl80211_chan_width str_to_bw(const char *str);
  int put_chandef(struct nl_msg *msg, struct chandef *chandef);
 diff --git a/util.c b/util.c
 index 6e0ddff..122c019 100644
 --- a/util.c
 +++ b/util.c
 @@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
  	return -EINVAL;
  }

 -int parse_keys(struct nl_msg *msg, char **argv, int argc)
 +int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
  {
  	struct nlattr *keys;
  	int i = 0;
  	bool have_default = false;
 -	char *arg = *argv;
 +	char *arg = **argv;
  	char keybuf[13];
  	int pos = 0;

 -	if (!argc)
 +	if (!*argc)
  		return 1;

  	if (!memcmp(&arg[pos], "psk", 3)) {
  		char psk_keybuf[32];
  		int cipher_suite, akm_suite;

 -		if (argc < 4)
 +		if (*argc < 4)
  			goto explain;

  		pos+=3;
 @@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
  		NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
  		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);

 -		argv++;
 -		argc--;
 -		arg = *argv;
 +		*argv += 1;
 +		*argc -= 1;
 +		arg = **argv;

  		akm_suite = parse_akm_suite(arg);
  		if (akm_suite < 0)
 @@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)

  		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);

 -		argv++;
 -		argc--;
 -		arg = *argv;
 +		*argv += 1;
 +		*argc -= 1;
 +		arg = **argv;

  		cipher_suite = parse_cipher_suite(arg);
  		if (cipher_suite < 0)
 @@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)

  		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);

 -		argv++;
 -		argc--;
 -		arg = *argv;
 +		*argv += 1;
 +		*argc -= 1;
 +		arg = **argv;

  		cipher_suite = parse_cipher_suite(arg);
  		if (cipher_suite < 0)
 @@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
  		struct nlattr *key = nla_nest_start(msg, ++i);
  		char *keydata;

 -		arg = *argv;
 +		arg = **argv;
  		pos = 0;

  		if (!key)
 @@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)

  		NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);

 -		argv++;
 -		argc--;
 +		*argv += 1;
 +		*argc -= 1;

  		/* one key should be TX key */
 -		if (!have_default && !argc)
 +		if (!have_default && !*argc)
  			NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);

  		nla_nest_end(msg, key);
 -	} while (argc);
 +	} while (*argc);

  	nla_nest_end(msg, keys);

 --
 2.17.1
	From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
	From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
	Date: Tue, 12 Jun 2018 09:01:56 +0300
	Subject: [PATCH] connect: fix parsing of WEP keys

	The introduction of MFP options added a bug that causes a
	segmentation fault when parsing WEP keys.
	Fix that.

	Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
	Signed-off-by: Johannes Berg <johannes.berg@intel.com>

	Upstream-Status: Backport
	[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
	Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
	---
	ap.c \| 2 +-
	connect.c \| 7 ++-----
	ibss.c \| 2 +-
	iw.h \| 3 ++-
	util.c \| 36 ++++++++++++++++++------------------
	5 files changed, 24 insertions(+), 26 deletions(-)

	diff --git a/ap.c b/ap.c
	index 4bab5b9..dcce402 100644
	--- a/ap.c
	+++ b/ap.c
	@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
	argv++;
	argc--;

	- return parse_keys(msg, argv, argc);
	+ return parse_keys(msg, &argv, &argc);
	nla_put_failure:
	return -ENOSPC;
	}
	diff --git a/connect.c b/connect.c
	index 339fc73..4a847a1 100644
	--- a/connect.c
	+++ b/connect.c
	@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
	argv++;
	argc--;

	- ret = parse_keys(msg, argv, argc);
	+ ret = parse_keys(msg, &argv, &argc);
	if (ret)
	return ret;

	- argc -= 4;
	- argv += 4;
	-
	if (!argc)
	return 0;

	@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
	argv++;
	argc--;

	- return parse_keys(msg, argv, argc);
	+ return parse_keys(msg, &argv, &argc);
	nla_put_failure:
	return -ENOSPC;
	}
	diff --git a/ibss.c b/ibss.c
	index 84f1e95..d77fc92 100644
	--- a/ibss.c
	+++ b/ibss.c
	@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
	argv++;
	argc--;

	- return parse_keys(msg, argv, argc);
	+ return parse_keys(msg, &argv, &argc);
	nla_put_failure:
	return -ENOSPC;
	}
	diff --git a/iw.h b/iw.h
	index ee7ca20..8767ed3 100644
	--- a/iw.h
	+++ b/iw.h
	@@ -180,7 +180,8 @@ int parse_hex_mask(char hexmask, unsigned char result, size_t result_len,
	unsigned char **mask);
	unsigned char parse_hex(char hex, size_t *outlen);

	-int parse_keys(struct nl_msg msg, char *argv, int argc);
	+
	+int parse_keys(struct nl_msg msg, char argv[], int argc);
	int parse_freqchan(struct chandef chandef, bool chan, int argc, char argv, int parsed);
	enum nl80211_chan_width str_to_bw(const char *str);
	int put_chandef(struct nl_msg msg, struct chandef chandef);
	diff --git a/util.c b/util.c
	index 6e0ddff..122c019 100644
	--- a/util.c
	+++ b/util.c
	@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
	return -EINVAL;
	}

	-int parse_keys(struct nl_msg msg, char *argv, int argc)
	+int parse_keys(struct nl_msg msg, char argv[], int argc)
	{
	struct nlattr *keys;
	int i = 0;
	bool have_default = false;
	- char arg = argv;
	+ char arg = *argv;
	char keybuf[13];
	int pos = 0;

	- if (!argc)
	+ if (!*argc)
	return 1;

	if (!memcmp(&arg[pos], "psk", 3)) {
	char psk_keybuf[32];
	int cipher_suite, akm_suite;

	- if (argc < 4)
	+ if (*argc < 4)
	goto explain;

	pos+=3;
	@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg msg, char *argv, int argc)
	NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
	NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);

	- argv++;
	- argc--;
	- arg = *argv;
	+ *argv += 1;
	+ *argc -= 1;
	+ arg = **argv;

	akm_suite = parse_akm_suite(arg);
	if (akm_suite < 0)
	@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg msg, char *argv, int argc)

	NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);

	- argv++;
	- argc--;
	- arg = *argv;
	+ *argv += 1;
	+ *argc -= 1;
	+ arg = **argv;

	cipher_suite = parse_cipher_suite(arg);
	if (cipher_suite < 0)
	@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg msg, char *argv, int argc)

	NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);

	- argv++;
	- argc--;
	- arg = *argv;
	+ *argv += 1;
	+ *argc -= 1;
	+ arg = **argv;

	cipher_suite = parse_cipher_suite(arg);
	if (cipher_suite < 0)
	@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg msg, char *argv, int argc)
	struct nlattr *key = nla_nest_start(msg, ++i);
	char *keydata;

	- arg = *argv;
	+ arg = **argv;
	pos = 0;

	if (!key)
	@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg msg, char *argv, int argc)

	NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);

	- argv++;
	- argc--;
	+ *argv += 1;
	+ *argc -= 1;

	/* one key should be TX key */
	- if (!have_default && !argc)
	+ if (!have_default && !*argc)
	NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);

	nla_nest_end(msg, key);
	- } while (argc);
	+ } while (*argc);

	nla_nest_end(msg, keys);

	--
	2.17.1