Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_msm8996 / ec3cbb9ce241da90b9d43e49996fae5082c6b6f7^! / . / drivers / net / wireless / rndis_wlan.c
commitec3cbb9ce241da90b9d43e49996fae5082c6b6f7[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Tue Oct 18 09:47:29 2011 +0300
committerJohn W. Linville <linville@tuxdriver.com>Tue Nov 08 15:53:58 2011 -0500
treea3f8740257c83acae7f47d35523aae803cebb0eb
parent48ef5c427ac2cfd12c150b38263d3ebb0d989647 [diff] [blame]
rndis_wlan: add range check in del_key()

Wifi drivers can have up to 6 keys but the rndis_wlan only has 4 so
it needs to have its own checks to make sure we don't go out of
bounds.  The add_key() function already checks but I added some
checks to del_key() and set_default_key().

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index 0c13840..83f3e52 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c

@@ -414,6 +414,7 @@
 #define RNDIS_WLAN_ALG_TKIP	(1<<1)
 #define RNDIS_WLAN_ALG_CCMP	(1<<2)
 
+#define RNDIS_WLAN_NUM_KEYS		4
 #define RNDIS_WLAN_KEY_MGMT_NONE	0
 #define RNDIS_WLAN_KEY_MGMT_802_1X	(1<<0)
 #define RNDIS_WLAN_KEY_MGMT_PSK		(1<<1)
@@ -516,7 +517,7 @@
 
 	/* encryption stuff */
 	int  encr_tx_key_index;
-	struct rndis_wlan_encr_key encr_keys[4];
+	struct rndis_wlan_encr_key encr_keys[RNDIS_WLAN_NUM_KEYS];
 	int  wpa_version;
 
 	u8 command_buffer[COMMAND_BUFFER_SIZE];
@@ -1535,6 +1536,9 @@
 	bool is_wpa;
 	int ret;
 
+	if (index >= RNDIS_WLAN_NUM_KEYS)
+		return -ENOENT;
+
 	if (priv->encr_keys[index].len == 0)
 		return 0;
 
@@ -2451,6 +2455,9 @@
 
 	netdev_dbg(usbdev->net, "%s(%i)\n", __func__, key_index);
 
+	if (key_index >= RNDIS_WLAN_NUM_KEYS)
+		return -ENOENT;
+
 	priv->encr_tx_key_index = key_index;
 
 	if (is_wpa_key(priv, key_index))