wifi: mac80211: reject WEP or pairwise keys with key ID > 3

We don't really care too much right now since our data
structures are set up to not have a problem with this,
but clearly it's wrong to accept WEP and pairwise keys
with key ID > 3.

However, with MLD we need to split into per-link (GTK,
IGTK, BIGTK) and per interface/MLD (including WEP) keys
so make sure this is not a problem.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index c3476de4b14d8e341f4e3cec27723c00ac62c277..fba5de5ba37b25444b4a1338bbb93b161e81d7c2 100644 (file)
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -433,13 +433,25 @@ static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
        int idx;
        int ret = 0;
        bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
+       bool is_wep;
 
        /* caller must provide at least one old/new */
        if (WARN_ON(!new && !old))
                return 0;
 
-       if (new)
+       if (new) {
+               idx = new->conf.keyidx;
                list_add_tail_rcu(&new->list, &sdata->key_list);
+               is_wep = new->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
+                        new->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
+       } else {
+               idx = old->conf.keyidx;
+               is_wep = old->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
+                        old->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
+       }
+
+       if ((is_wep || pairwise) && idx >= NUM_DEFAULT_KEYS)
+               return -EINVAL;
 
        WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
 
@@ -451,8 +463,6 @@ static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
        }
 
        if (old) {
-               idx = old->conf.keyidx;
-
                if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
                        ieee80211_key_disable_hw_accel(old);
 
@@ -460,8 +470,6 @@ static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
                                ret = ieee80211_key_enable_hw_accel(new);
                }
        } else {
-               /* new must be provided in case old is not */
-               idx = new->conf.keyidx;
                if (!new->local->wowlan)
                        ret = ieee80211_key_enable_hw_accel(new);
        }