> The .len verifies that it's at least that long. We're thus ignoring > additional bytes in the PSK case if they're present, which I suppose > we should fix by checking the exact length in the code separately. > IOW, I'll add this: --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8044,6 +8044,8 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, if (!wiphy_ext_feature_isset(&rdev->wiphy, NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK)) return -EINVAL; + if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) + return -EINVAL; settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); } johannes
