| From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001 |
| From: Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
| Date: Tue, 12 Jun 2018 09:01:56 +0300 |
| Subject: [PATCH] connect: fix parsing of WEP keys |
| |
| The introduction of MFP options added a bug that causes a |
| segmentation fault when parsing WEP keys. |
| Fix that. |
| |
| Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| |
| Upstream-Status: Backport |
| [https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44] |
| Signed-off-by: Liu Haitao <haitao.liu@windriver.com> |
| --- |
| ap.c | 2 +- |
| connect.c | 7 ++----- |
| ibss.c | 2 +- |
| iw.h | 3 ++- |
| util.c | 36 ++++++++++++++++++------------------ |
| 5 files changed, 24 insertions(+), 26 deletions(-) |
| |
| diff --git a/ap.c b/ap.c |
| index 4bab5b9..dcce402 100644 |
| --- a/ap.c |
| +++ b/ap.c |
| @@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state, |
| argv++; |
| argc--; |
| |
| - return parse_keys(msg, argv, argc); |
| + return parse_keys(msg, &argv, &argc); |
| nla_put_failure: |
| return -ENOSPC; |
| } |
| diff --git a/connect.c b/connect.c |
| index 339fc73..4a847a1 100644 |
| --- a/connect.c |
| +++ b/connect.c |
| @@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state, |
| argv++; |
| argc--; |
| |
| - ret = parse_keys(msg, argv, argc); |
| + ret = parse_keys(msg, &argv, &argc); |
| if (ret) |
| return ret; |
| |
| - argc -= 4; |
| - argv += 4; |
| - |
| if (!argc) |
| return 0; |
| |
| @@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state, |
| argv++; |
| argc--; |
| |
| - return parse_keys(msg, argv, argc); |
| + return parse_keys(msg, &argv, &argc); |
| nla_put_failure: |
| return -ENOSPC; |
| } |
| diff --git a/ibss.c b/ibss.c |
| index 84f1e95..d77fc92 100644 |
| --- a/ibss.c |
| +++ b/ibss.c |
| @@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state, |
| argv++; |
| argc--; |
| |
| - return parse_keys(msg, argv, argc); |
| + return parse_keys(msg, &argv, &argc); |
| nla_put_failure: |
| return -ENOSPC; |
| } |
| diff --git a/iw.h b/iw.h |
| index ee7ca20..8767ed3 100644 |
| --- a/iw.h |
| +++ b/iw.h |
| @@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len, |
| unsigned char **mask); |
| unsigned char *parse_hex(char *hex, size_t *outlen); |
| |
| -int parse_keys(struct nl_msg *msg, char **argv, int argc); |
| + |
| +int parse_keys(struct nl_msg *msg, char **argv[], int *argc); |
| int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed); |
| enum nl80211_chan_width str_to_bw(const char *str); |
| int put_chandef(struct nl_msg *msg, struct chandef *chandef); |
| diff --git a/util.c b/util.c |
| index 6e0ddff..122c019 100644 |
| --- a/util.c |
| +++ b/util.c |
| @@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str) |
| return -EINVAL; |
| } |
| |
| -int parse_keys(struct nl_msg *msg, char **argv, int argc) |
| +int parse_keys(struct nl_msg *msg, char **argv[], int *argc) |
| { |
| struct nlattr *keys; |
| int i = 0; |
| bool have_default = false; |
| - char *arg = *argv; |
| + char *arg = **argv; |
| char keybuf[13]; |
| int pos = 0; |
| |
| - if (!argc) |
| + if (!*argc) |
| return 1; |
| |
| if (!memcmp(&arg[pos], "psk", 3)) { |
| char psk_keybuf[32]; |
| int cipher_suite, akm_suite; |
| |
| - if (argc < 4) |
| + if (*argc < 4) |
| goto explain; |
| |
| pos+=3; |
| @@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) |
| NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf); |
| NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM); |
| |
| - argv++; |
| - argc--; |
| - arg = *argv; |
| + *argv += 1; |
| + *argc -= 1; |
| + arg = **argv; |
| |
| akm_suite = parse_akm_suite(arg); |
| if (akm_suite < 0) |
| @@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) |
| |
| NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite); |
| |
| - argv++; |
| - argc--; |
| - arg = *argv; |
| + *argv += 1; |
| + *argc -= 1; |
| + arg = **argv; |
| |
| cipher_suite = parse_cipher_suite(arg); |
| if (cipher_suite < 0) |
| @@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) |
| |
| NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite); |
| |
| - argv++; |
| - argc--; |
| - arg = *argv; |
| + *argv += 1; |
| + *argc -= 1; |
| + arg = **argv; |
| |
| cipher_suite = parse_cipher_suite(arg); |
| if (cipher_suite < 0) |
| @@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) |
| struct nlattr *key = nla_nest_start(msg, ++i); |
| char *keydata; |
| |
| - arg = *argv; |
| + arg = **argv; |
| pos = 0; |
| |
| if (!key) |
| @@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) |
| |
| NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata); |
| |
| - argv++; |
| - argc--; |
| + *argv += 1; |
| + *argc -= 1; |
| |
| /* one key should be TX key */ |
| - if (!have_default && !argc) |
| + if (!have_default && !*argc) |
| NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); |
| |
| nla_nest_end(msg, key); |
| - } while (argc); |
| + } while (*argc); |
| |
| nla_nest_end(msg, keys); |
| |
| -- |
| 2.17.1 |
| |