On Tue, 2008-06-17 at 21:10 +0300, Jouni Malinen wrote: > On Tue, Jun 17, 2008 at 07:05:47PM +0200, Johannes Berg wrote: > > > > @@ -603,30 +605,38 @@ static int nl80211_set_key(struct sk_buf > > > - if (key_idx > 3) > > > + if (key_idx > 5) > > > return -EINVAL; > > > > - if (!info->attrs[NL80211_ATTR_KEY_DEFAULT]) > > > + if (!info->attrs[NL80211_ATTR_KEY_DEFAULT] && > > > + !info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]) > > > I think this should probably check the key index depending on the type, > > i.e. only permit 4 and 5 for mgmt and 0-3 for data keys. > > Yes, I started doing that, but did not cover all places yet. It's > somewhat unclear to me where this type of validation should live, i.e., > what piece of code should know that key indexes 4 and 5 are used for > IGTK at this point taken into account that the index could actually be > 0..65535.. Anyway, it may be safer to do it here than to trust on other > places being able to handle odd indexes for data frame TX key index. I tend to think cfg80211 should do it since I don't see a reasonable use for it when the specs/drafts don't specify anything else. I think this is part of the mistake WEXT made with requiring the drivers to check the input sanity everywhere and duplicating that code into all drivers etc. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
