2008-06-27 23:50:20

by Tomas Winkler

[permalink] [raw]
Subject: [PATCH 1/1] mac80211: don't accept WEP keys other than WEP40 and WEP104

From: Emmanuel Grumbach <[email protected]>

This patch makes mac80211 refuse a WEP key whose length is not WEP40 nor
WEP104.

Signed-off-by: Emmanuel Grumbach <[email protected]>
Signed-off-by: Tomas Winkler <[email protected]>
---
include/net/mac80211.h | 9 +++++++++
net/mac80211/wext.c | 7 +++++++
2 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 02c79e6..6a6c4bc 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -557,6 +557,15 @@ enum ieee80211_key_alg {
ALG_CCMP,
};

+/**
+ * enum ieee80211_key_len - key length
+ * @WEP40: WEP 5 byte long key
+ * @WEP104: WEP 13 byte long key
+ */
+enum ieee80211_key_len {
+ LEN_WEP40 = 5,
+ LEN_WEP104 = 13,
+};

/**
* enum ieee80211_key_flags - key flags
diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c
index df0531c..1babb97 100644
--- a/net/mac80211/wext.c
+++ b/net/mac80211/wext.c
@@ -95,6 +95,13 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
}
}

+ if (alg == ALG_WEP &&
+ key_len != LEN_WEP40 && key_len != LEN_WEP104) {
+ ieee80211_key_free(key);
+ err = -EINVAL;
+ goto out_unlock;
+ }
+
ieee80211_key_link(key, sdata, sta);

if (set_tx_key || (!sta && !sdata->default_key && key))
--
1.5.4.1

---------------------------------------------------------------------
Intel Israel (74) Limited

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.



2008-06-30 11:06:33

by Johannes Berg

[permalink] [raw]
Subject: Re: [PATCH 1/1] mac80211: don't accept WEP keys other than WEP40 and WEP104


> > I don't think zero-keylen will have WEP there, will it? I don't really
> > know though.
>
> This patch pushes the length check to ieee80211_set_encryption.
> Unlike John's patch
> where check was done in ieee80211_ioctl_siwencode.
> The benefit of this is that both ENCODE end ENCODEEXT are treated.
> The zero length key i.e. changing index is already taken care of in
> ieee80211_ioctl_siwencode

Alright, thanks for the explanation.

johannes


Attachments:
signature.asc (836.00 B)
This is a digitally signed message part

2008-06-28 07:57:42

by Johannes Berg

[permalink] [raw]
Subject: Re: [PATCH 1/1] mac80211: don't accept WEP keys other than WEP40 and WEP104

On Sat, 2008-06-28 at 08:46 +0200, drago01 wrote:

> > +/**
> > + * enum ieee80211_key_len - key length
> > + * @WEP40: WEP 5 byte long key
> > + * @WEP104: WEP 13 byte long key
> > + */
> > +enum ieee80211_key_len {
> > + LEN_WEP40 = 5,
> > + LEN_WEP104 = 13,
> > +};


> > + if (alg == ALG_WEP &&

> What about 0 ?
> See http://marc.info/?l=linux-wireless&m=121458316301507&w=2


I don't think zero-keylen will have WEP there, will it? I don't really
know though.

johannes


Attachments:
signature.asc (836.00 B)
This is a digitally signed message part

2008-06-29 09:57:17

by Tomas Winkler

[permalink] [raw]
Subject: Re: [PATCH 1/1] mac80211: don't accept WEP keys other than WEP40 and WEP104

On Sat, Jun 28, 2008 at 10:57 AM, Johannes Berg
<[email protected]> wrote:
> On Sat, 2008-06-28 at 08:46 +0200, drago01 wrote:
>
>> > +/**
>> > + * enum ieee80211_key_len - key length
>> > + * @WEP40: WEP 5 byte long key
>> > + * @WEP104: WEP 13 byte long key
>> > + */
>> > +enum ieee80211_key_len {
>> > + LEN_WEP40 = 5,
>> > + LEN_WEP104 = 13,
>> > +};
>
>
>> > + if (alg == ALG_WEP &&
>
>> What about 0 ?
>> See http://marc.info/?l=linux-wireless&m=121458316301507&w=2
>
>
> I don't think zero-keylen will have WEP there, will it? I don't really
> know though.

This patch pushes the length check to ieee80211_set_encryption.
Unlike John's patch
where check was done in ieee80211_ioctl_siwencode.
The benefit of this is that both ENCODE end ENCODEEXT are treated.
The zero length key i.e. changing index is already taken care of in
ieee80211_ioctl_siwencode

<snip>
if (erq->flags & IW_ENCODE_DISABLED)
remove = 1;
else if (erq->length == 0) {
/* No key data - just set the default TX key index */
ieee80211_set_default_key(sdata, idx);
return 0;
}
</snip>

Tomas

2008-06-28 06:46:36

by drago01

[permalink] [raw]
Subject: Re: [PATCH 1/1] mac80211: don't accept WEP keys other than WEP40 and WEP104

On Sat, Jun 28, 2008 at 1:50 AM, Tomas Winkler <[email protected]> wrote:
> From: Emmanuel Grumbach <[email protected]>
>
> This patch makes mac80211 refuse a WEP key whose length is not WEP40 nor
> WEP104.
>
> Signed-off-by: Emmanuel Grumbach <[email protected]>
> Signed-off-by: Tomas Winkler <[email protected]>
> ---
> include/net/mac80211.h | 9 +++++++++
> net/mac80211/wext.c | 7 +++++++
> 2 files changed, 16 insertions(+), 0 deletions(-)
>
> diff --git a/include/net/mac80211.h b/include/net/mac80211.h
> index 02c79e6..6a6c4bc 100644
> --- a/include/net/mac80211.h
> +++ b/include/net/mac80211.h
> @@ -557,6 +557,15 @@ enum ieee80211_key_alg {
> ALG_CCMP,
> };
>
> +/**
> + * enum ieee80211_key_len - key length
> + * @WEP40: WEP 5 byte long key
> + * @WEP104: WEP 13 byte long key
> + */
> +enum ieee80211_key_len {
> + LEN_WEP40 = 5,
> + LEN_WEP104 = 13,
> +};

What about 0 ?
See http://marc.info/?l=linux-wireless&m=121458316301507&w=2