On 21-2-2017 15:47, Johannes Berg wrote: > >> The .len verifies that it's at least that long. We're thus ignoring >> additional bytes in the PSK case if they're present, which I suppose >> we should fix by checking the exact length in the code separately. >> libnl seems to have the notion of min_len and max_len in its policy definition, but the kernel does not so .len is actually min_len indeed. > IOW, I'll add this: > > --- a/net/wireless/nl80211.c > +++ b/net/wireless/nl80211.c > @@ -8044,6 +8044,8 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, > if (!wiphy_ext_feature_isset(&rdev->wiphy, > NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK)) > return -EINVAL; > + if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) > + return -EINVAL; Makes sense. Regards, Arend > settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); > } > > > johannes >
