From: Zhu Yi <yi.zhu@intel.com>
To: linville@tuxdriver.com
Cc: linux-wireless@vger.kernel.org,
Emmanuel Grumbach <emmanuel.grumbach@intel.com>,
Tomas Winkler <tomas.winkler@intel.com>
Subject: [PATCH 19/29] iwlwifi: add bad length check for WEP keys
Date: Thu, 12 Jun 2008 09:47:09 +0800 [thread overview]
Message-ID: <1213235239-2954-20-git-send-email-yi.zhu@intel.com> (raw)
In-Reply-To: <1213235239-2954-19-git-send-email-yi.zhu@intel.com>
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This patch adds a check for bad length in set key flow. This solves the
Oops reported by Thomas Backlund, Joonwoo Park and Ian Schram.
It also adds some debug printing that can be useful.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
---
drivers/net/wireless/iwlwifi/iwl-commands.h | 1 +
drivers/net/wireless/iwlwifi/iwl-sta.c | 18 +++++++++++++++++-
2 files changed, 18 insertions(+), 1 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/iwl-commands.h b/drivers/net/wireless/iwlwifi/iwl-commands.h
index a093f5b..b58f796 100644
--- a/drivers/net/wireless/iwlwifi/iwl-commands.h
+++ b/drivers/net/wireless/iwlwifi/iwl-commands.h
@@ -1002,6 +1002,7 @@ struct iwl_wep_cmd {
#define WEP_KEY_WEP_TYPE 1
#define WEP_KEYS_MAX 4
#define WEP_INVALID_OFFSET 0xff
+#define WEP_KEY_LEN_64 5
#define WEP_KEY_LEN_128 13
/******************************************************************************
diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c b/drivers/net/wireless/iwlwifi/iwl-sta.c
index b3caed4..3e257cf 100644
--- a/drivers/net/wireless/iwlwifi/iwl-sta.c
+++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
@@ -488,6 +488,8 @@ int iwl_remove_default_wep_key(struct iwl_priv *priv,
priv->default_wep_key--;
memset(&priv->wep_keys[keyconf->keyidx], 0, sizeof(priv->wep_keys[0]));
ret = iwl_send_static_wepkey_cmd(priv, 1);
+ IWL_DEBUG_WEP("Remove default WEP key: idx=%d ret=%d\n",
+ keyconf->keyidx, ret);
spin_unlock_irqrestore(&priv->sta_lock, flags);
return ret;
@@ -500,6 +502,12 @@ int iwl_set_default_wep_key(struct iwl_priv *priv,
int ret;
unsigned long flags;
+ if (keyconf->keylen != WEP_KEY_LEN_128 &&
+ keyconf->keylen != WEP_KEY_LEN_64) {
+ IWL_DEBUG_WEP("Bad WEP key length %d\n", keyconf->keylen);
+ return -EINVAL;
+ }
+
keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
keyconf->hw_key_idx = HW_KEY_DEFAULT;
priv->stations[IWL_AP_ID].keyinfo.alg = ALG_WEP;
@@ -516,6 +524,8 @@ int iwl_set_default_wep_key(struct iwl_priv *priv,
keyconf->keylen);
ret = iwl_send_static_wepkey_cmd(priv, 0);
+ IWL_DEBUG_WEP("Set default WEP key: len=%d idx=%d ret=%d\n",
+ keyconf->keylen, keyconf->keyidx, ret);
spin_unlock_irqrestore(&priv->sta_lock, flags);
return ret;
@@ -662,6 +672,9 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
key_flags = le16_to_cpu(priv->stations[sta_id].sta.key.key_flags);
keyidx = (key_flags >> STA_KEY_FLG_KEYID_POS) & 0x3;
+ IWL_DEBUG_WEP("Remove dynamic key: idx=%d sta=%d\n",
+ keyconf->keyidx, sta_id);
+
if (keyconf->keyidx != keyidx) {
/* We need to remove a key with index different that the one
* in the uCode. This means that the key we need to remove has
@@ -686,7 +699,6 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
- IWL_DEBUG_INFO("hwcrypto: clear ucode station key info\n");
ret = iwl_send_add_sta(priv, &priv->stations[sta_id].sta, CMD_ASYNC);
spin_unlock_irqrestore(&priv->sta_lock, flags);
return ret;
@@ -716,6 +728,10 @@ int iwl_set_dynamic_key(struct iwl_priv *priv,
ret = -EINVAL;
}
+ IWL_DEBUG_WEP("Set dynamic key: alg= %d len=%d idx=%d sta=%d ret=%d\n",
+ keyconf->alg, keyconf->keylen, keyconf->keyidx,
+ sta_id, ret);
+
return ret;
}
EXPORT_SYMBOL(iwl_set_dynamic_key);
--
1.5.3.6
next prev parent reply other threads:[~2008-06-12 1:49 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-12 1:46 [PATCH 00/29] iwlwifi driver 06/12 updates Zhu Yi
2008-06-12 1:46 ` [PATCH 01/29] iwlwifi: removing IWL4965_HT config Zhu Yi
2008-06-12 1:46 ` [PATCH 02/29] iwlwifi: removes the RUN_TIME_CALIB ifdef Zhu Yi
2008-06-12 1:46 ` [PATCH 03/29] iwlwifi: clean up in setup/cancel deferred work Zhu Yi
2008-06-12 1:46 ` [PATCH 04/29] iwlwifi: add possibility to disable tx_power calibration Zhu Yi
2008-06-12 1:46 ` [PATCH 05/29] iwlwifi: map sw and hw ampdu queues Zhu Yi
2008-06-12 1:46 ` [PATCH 06/29] iwlwifi: add TX aggregation code for 5000 HW Zhu Yi
2008-06-12 1:46 ` [PATCH 07/29] iwlwifi: use ieee80211_conf to examine rate capabilities Zhu Yi
2008-06-12 1:46 ` [PATCH 08/29] iwlwifi: fix allow iwlwifi to aggregate according to tid load Zhu Yi
2008-06-12 1:46 ` [PATCH 09/29] iwlwifi: remove unused flag Zhu Yi
2008-06-12 1:47 ` [PATCH 10/29] iwlwifi: remove redundant flags regarding to FAT channel Zhu Yi
2008-06-12 1:47 ` [PATCH 11/29] iwlwifi: fix bug when moving from 11gn to 11a or 11an to 11g Zhu Yi
2008-06-12 1:47 ` [PATCH 12/29] iwlwifi: format log prints for easier parsing Zhu Yi
2008-06-12 1:47 ` [PATCH 13/29] iwlwifi: fix resume SW RF-kill Zhu Yi
2008-06-12 1:47 ` [PATCH 14/29] iwlwifi: fix resart flow after fw error Zhu Yi
2008-06-12 1:47 ` [PATCH 15/29] iwlwifi enabling IBSS (Ad-Hoc) mode Zhu Yi
2008-06-12 1:47 ` [PATCH 16/29] iwlwifi: Fix mode changes (ad-hoc <--> managed) Zhu Yi
2008-06-12 1:47 ` [PATCH 17/29] iwlwifi: refactor tx aggregation response flow Zhu Yi
2008-06-12 1:47 ` [PATCH 18/29] iwlwifi: refactor setting tx power Zhu Yi
2008-06-12 1:47 ` Zhu Yi [this message]
2008-06-12 1:47 ` [PATCH 20/29] iwlwifi: move scan to iwl-scan.c iwlcore Zhu Yi
2008-06-12 1:47 ` [PATCH 21/29] iwlwifi: move rate helpers to iwlcore Zhu Yi
2008-06-12 1:47 ` [PATCH 22/29] iwlwifi: cleans up scanning code Zhu Yi
2008-06-12 1:47 ` [PATCH 23/29] iwlwifi: move iwl4965_rf_kill_ct_config to iwl-core.c Zhu Yi
2008-06-12 1:47 ` [PATCH 24/29] iwlwifi: retfactor get_temperature functions Zhu Yi
2008-06-12 1:47 ` [PATCH 25/29] iwlwifi: remove dead code iwl4965_calc_db_from_ratio Zhu Yi
2008-06-12 1:47 ` [PATCH 26/29] mac80211 : fix for iwconfig in ad-hoc mode Zhu Yi
2008-06-12 1:47 ` [PATCH 27/29] iwlwifi: fix software rf_kill problem when interface is down Zhu Yi
2008-06-12 1:47 ` [PATCH 28/29] iwlwifi: general code clean up Zhu Yi
2008-06-12 1:47 ` [PATCH 29/29] iwlwifi: remove iwlcore_low_level_notify Zhu Yi
2008-06-12 2:14 ` [PATCH 26/29] mac80211 : fix for iwconfig in ad-hoc mode Dan Williams
2008-06-12 5:15 ` [PATCH 00/29] iwlwifi driver 06/12 updates Harvey Harrison
2008-06-12 5:26 ` Zhu Yi
2008-06-12 14:00 ` John W. Linville
2008-06-13 1:30 ` Zhu Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1213235239-2954-20-git-send-email-yi.zhu@intel.com \
--to=yi.zhu@intel.com \
--cc=emmanuel.grumbach@intel.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).