summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
blob: 8cf8f7ab388d9b44eb714cc0b2db92310e092420 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Tue, 12 Jun 2018 09:01:56 +0300
Subject: [PATCH] connect: fix parsing of WEP keys

The introduction of MFP options added a bug that causes a
segmentation fault when parsing WEP keys.
Fix that.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Upstream-Status: Backport
[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
---
 ap.c      |  2 +-
 connect.c |  7 ++-----
 ibss.c    |  2 +-
 iw.h      |  3 ++-
 util.c    | 36 ++++++++++++++++++------------------
 5 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/ap.c b/ap.c
index 4bab5b9..dcce402 100644
--- a/ap.c
+++ b/ap.c
@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
 	argv++;
 	argc--;
 
-	return parse_keys(msg, argv, argc);
+	return parse_keys(msg, &argv, &argc);
  nla_put_failure:
 	return -ENOSPC;
 }
diff --git a/connect.c b/connect.c
index 339fc73..4a847a1 100644
--- a/connect.c
+++ b/connect.c
@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
 	argv++;
 	argc--;
 
-	ret = parse_keys(msg, argv, argc);
+	ret = parse_keys(msg, &argv, &argc);
 	if (ret)
 		return ret;
 
-	argc -= 4;
-	argv += 4;
-
 	if (!argc)
 		return 0;
 
@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
 	argv++;
 	argc--;
 
-	return parse_keys(msg, argv, argc);
+	return parse_keys(msg, &argv, &argc);
  nla_put_failure:
 	return -ENOSPC;
 }
diff --git a/ibss.c b/ibss.c
index 84f1e95..d77fc92 100644
--- a/ibss.c
+++ b/ibss.c
@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
 	argv++;
 	argc--;
 
-	return parse_keys(msg, argv, argc);
+	return parse_keys(msg, &argv, &argc);
  nla_put_failure:
 	return -ENOSPC;
 }
diff --git a/iw.h b/iw.h
index ee7ca20..8767ed3 100644
--- a/iw.h
+++ b/iw.h
@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
 		   unsigned char **mask);
 unsigned char *parse_hex(char *hex, size_t *outlen);
 
-int parse_keys(struct nl_msg *msg, char **argv, int argc);
+
+int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
 int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
 enum nl80211_chan_width str_to_bw(const char *str);
 int put_chandef(struct nl_msg *msg, struct chandef *chandef);
diff --git a/util.c b/util.c
index 6e0ddff..122c019 100644
--- a/util.c
+++ b/util.c
@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
 	return -EINVAL;
 }
 
-int parse_keys(struct nl_msg *msg, char **argv, int argc)
+int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
 {
 	struct nlattr *keys;
 	int i = 0;
 	bool have_default = false;
-	char *arg = *argv;
+	char *arg = **argv;
 	char keybuf[13];
 	int pos = 0;
 
-	if (!argc)
+	if (!*argc)
 		return 1;
 
 	if (!memcmp(&arg[pos], "psk", 3)) {
 		char psk_keybuf[32];
 		int cipher_suite, akm_suite;
 
-		if (argc < 4)
+		if (*argc < 4)
 			goto explain;
 
 		pos+=3;
@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 		NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
 		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
 
-		argv++;
-		argc--;
-		arg = *argv;
+		*argv += 1;
+		*argc -= 1;
+		arg = **argv;
 
 		akm_suite = parse_akm_suite(arg);
 		if (akm_suite < 0)
@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 
 		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
 
-		argv++;
-		argc--;
-		arg = *argv;
+		*argv += 1;
+		*argc -= 1;
+		arg = **argv;
 
 		cipher_suite = parse_cipher_suite(arg);
 		if (cipher_suite < 0)
@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 
 		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
 
-		argv++;
-		argc--;
-		arg = *argv;
+		*argv += 1;
+		*argc -= 1;
+		arg = **argv;
 
 		cipher_suite = parse_cipher_suite(arg);
 		if (cipher_suite < 0)
@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 		struct nlattr *key = nla_nest_start(msg, ++i);
 		char *keydata;
 
-		arg = *argv;
+		arg = **argv;
 		pos = 0;
 
 		if (!key)
@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 
 		NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
 
-		argv++;
-		argc--;
+		*argv += 1;
+		*argc -= 1;
 
 		/* one key should be TX key */
-		if (!have_default && !argc)
+		if (!have_default && !*argc)
 			NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
 
 		nla_nest_end(msg, key);
-	} while (argc);
+	} while (*argc);
 
 	nla_nest_end(msg, keys);
 
-- 
2.17.1