commit 386b1f273850380a1887044673922843736c6d0a
author Johannes Berg <johannes.berg@intel.com> Tue Sep 13 16:10:02 2016 +0200
committer Johannes Berg <johannes.berg@intel.com> Tue Sep 13 20:20:52 2016 +0200
tree 7577832e5cf40171c289d05f41b36a55ba154074
parent 42ee231cd12c2e1eb015163d04a65950e895d4b7

nl80211: only allow WEP keys during connect command

This was already documented that way in nl80211.h, but the
parsing code still accepted other key types. Change it to
really only accept WEP keys as documented.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

net/wireless/nl80211.c

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 524f5d2..6cb33ae 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -881,16 +881,19 @@
 						     parse.idx, false, NULL);
 		if (err)
 			goto error;
+		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
+		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
+			err = -EINVAL;
+			goto error;
+		}
 		result->params[parse.idx].cipher = parse.p.cipher;
 		result->params[parse.idx].key_len = parse.p.key_len;
 		result->params[parse.idx].key = result->data[parse.idx];
 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
 
-		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
-		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
-			if (no_ht)
-				*no_ht = true;
-		}
+		/* must be WEP key if we got here */
+		if (no_ht)
+			*no_ht = true;
 	}
 
 	return result;