From patchwork Mon Jan 25 07:35:29 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Glen Lee X-Patchwork-Id: 8104261 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id A90B69F818 for ; Mon, 25 Jan 2016 07:44:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A89A7203A1 for ; Mon, 25 Jan 2016 07:44:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9424D203A0 for ; Mon, 25 Jan 2016 07:44:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755517AbcAYHok (ORCPT ); Mon, 25 Jan 2016 02:44:40 -0500 Received: from eusmtp01.atmel.com ([212.144.249.243]:41243 "EHLO eusmtp01.atmel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752634AbcAYHoj (ORCPT ); Mon, 25 Jan 2016 02:44:39 -0500 Received: from glen-ubuntu.corp.atmel.com (10.161.101.13) by eusmtp01.atmel.com (10.161.101.31) with Microsoft SMTP Server id 14.3.235.1; Mon, 25 Jan 2016 08:44:35 +0100 From: Glen Lee To: CC: , , , , , , , Subject: [PATCH V2 25/26] staging: wilc1000: fix WEP security bug Date: Mon, 25 Jan 2016 16:35:29 +0900 Message-ID: <1453707330-13526-26-git-send-email-glen.lee@atmel.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1453707330-13526-1-git-send-email-glen.lee@atmel.com> References: <1453707330-13526-1-git-send-email-glen.lee@atmel.com> MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Station cannot connect to soft AP mode wilc when it is configured for WEP security. This patch fixes it by setting the key index within the key value and change the last else condition with DEFAULTKEY action case, and also do not use WILC_WFI_wep_default index to set wep key id. Signed-off-by: Glen Lee --- drivers/staging/wilc1000/host_interface.c | 27 +++++++++++------------ drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 9 +------- drivers/staging/wilc1000/wilc_wfi_netdevice.h | 1 - 3 files changed, 14 insertions(+), 23 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 9112f6d..031d0b4 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -1741,14 +1741,7 @@ static int Handle_Key(struct wilc_vif *vif, strWIDList[1].size = sizeof(char); strWIDList[1].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.auth_type; - strWIDList[2].id = (u16)WID_KEY_ID; - strWIDList[2].type = WID_CHAR; - - strWIDList[2].val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index; - strWIDList[2].size = sizeof(char); - - pu8keybuf = kmemdup(pstrHostIFkeyAttr->attr.wep.key, - pstrHostIFkeyAttr->attr.wep.key_len, + pu8keybuf = kmalloc(pstrHostIFkeyAttr->attr.wep.key_len + 2, GFP_KERNEL); if (pu8keybuf == NULL) { @@ -1756,15 +1749,21 @@ static int Handle_Key(struct wilc_vif *vif, return -ENOMEM; } + pu8keybuf[0] = pstrHostIFkeyAttr->attr.wep.index; + pu8keybuf[1] = pstrHostIFkeyAttr->attr.wep.key_len; + + memcpy(&pu8keybuf[2], pstrHostIFkeyAttr->attr.wep.key, + pstrHostIFkeyAttr->attr.wep.key_len); + kfree(pstrHostIFkeyAttr->attr.wep.key); - strWIDList[3].id = (u16)WID_WEP_KEY_VALUE; - strWIDList[3].type = WID_STR; - strWIDList[3].size = pstrHostIFkeyAttr->attr.wep.key_len; - strWIDList[3].val = (s8 *)pu8keybuf; + strWIDList[2].id = (u16)WID_WEP_KEY_VALUE; + strWIDList[2].type = WID_STR; + strWIDList[2].size = pstrHostIFkeyAttr->attr.wep.key_len + 2; + strWIDList[2].val = (s8 *)pu8keybuf; result = wilc_send_config_pkt(vif->wilc, SET_CFG, - strWIDList, 4, + strWIDList, 3, wilc_get_vif_idx(vif)); kfree(pu8keybuf); } else if (pstrHostIFkeyAttr->action & ADDKEY) { @@ -1801,7 +1800,7 @@ static int Handle_Key(struct wilc_vif *vif, result = wilc_send_config_pkt(vif->wilc, SET_CFG, &wid, 1, wilc_get_vif_idx(vif)); - } else { + } else if (pstrHostIFkeyAttr->action & DEFAULTKEY) { wid.id = (u16)WID_KEY_ID; wid.type = WID_CHAR; wid.val = (s8 *)&pstrHostIFkeyAttr->attr.wep.index; diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c index dbfcb3b..6e7f5d6 100644 --- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c +++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c @@ -761,7 +761,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev, return s32Error; } - priv->WILC_WFI_wep_default = 0; memset(priv->WILC_WFI_wep_key, 0, sizeof(priv->WILC_WFI_wep_key)); memset(priv->WILC_WFI_wep_key_len, 0, sizeof(priv->WILC_WFI_wep_key_len)); @@ -788,7 +787,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev, for (i = 0; i < sme->key_len; i++) PRINT_D(CORECONFIG_DBG, "WEP Key Value[%d] = %d\n", i, sme->key[i]); } - priv->WILC_WFI_wep_default = sme->key_idx; priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len; memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len); @@ -806,7 +804,6 @@ static int connect(struct wiphy *wiphy, struct net_device *dev, pcgroup_encrypt_val = "WEP104"; pccipher_group = "WLAN_CIPHER_SUITE_WEP104"; - priv->WILC_WFI_wep_default = sme->key_idx; priv->WILC_WFI_wep_key_len[sme->key_idx] = sme->key_len; memcpy(priv->WILC_WFI_wep_key[sme->key_idx], sme->key, sme->key_len); @@ -986,7 +983,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index, case WLAN_CIPHER_SUITE_WEP40: case WLAN_CIPHER_SUITE_WEP104: if (priv->wdev->iftype == NL80211_IFTYPE_AP) { - priv->WILC_WFI_wep_default = key_index; priv->WILC_WFI_wep_key_len[key_index] = params->key_len; memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len); @@ -1009,7 +1005,6 @@ static int add_key(struct wiphy *wiphy, struct net_device *netdev, u8 key_index, break; } if (memcmp(params->key, priv->WILC_WFI_wep_key[key_index], params->key_len)) { - priv->WILC_WFI_wep_default = key_index; priv->WILC_WFI_wep_key_len[key_index] = params->key_len; memcpy(priv->WILC_WFI_wep_key[key_index], params->key, params->key_len); @@ -1336,9 +1331,7 @@ static int set_default_key(struct wiphy *wiphy, struct net_device *netdev, u8 ke PRINT_D(CFG80211_DBG, "Setting default key with idx = %d\n", key_index); - if (key_index != priv->WILC_WFI_wep_default) { - wilc_set_wep_default_keyid(vif, key_index); - } + wilc_set_wep_default_keyid(vif, key_index); return 0; } diff --git a/drivers/staging/wilc1000/wilc_wfi_netdevice.h b/drivers/staging/wilc1000/wilc_wfi_netdevice.h index 9f8c79e..07eda4d 100644 --- a/drivers/staging/wilc1000/wilc_wfi_netdevice.h +++ b/drivers/staging/wilc1000/wilc_wfi_netdevice.h @@ -124,7 +124,6 @@ struct wilc_priv { struct host_if_drv *hWILCWFIDrv; struct host_if_pmkid_attr pmkid_list; struct WILC_WFI_stats netstats; - u8 WILC_WFI_wep_default; u8 WILC_WFI_wep_key[4][WLAN_KEY_LEN_WEP104]; u8 WILC_WFI_wep_key_len[4]; /* The real interface that the monitor is on */