From 6de9eb72f679dd8d8e4de972b1da978522cff8b4 Mon Sep 17 00:00:00 2001 From: Liu Haitao Date: Thu, 3 Jan 2019 13:48:38 +0800 Subject: iw: fix parsing of WEP keys The current iw4.14 has a fatal bug that could casue a Segmentation fault when parsing WEP keys. The issue has been fixed by upstream. [https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44] Signed-off-by: Liu Haitao Signed-off-by: Richard Purdie --- .../iw/0001-connect-fix-parsing-of-WEP-keys.patch | 194 +++++++++++++++++++++ meta/recipes-connectivity/iw/iw_4.14.bb | 1 + 2 files changed, 195 insertions(+) create mode 100644 meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch diff --git a/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch b/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch new file mode 100644 index 0000000000..8cf8f7ab38 --- /dev/null +++ b/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch @@ -0,0 +1,194 @@ +From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001 +From: Emmanuel Grumbach +Date: Tue, 12 Jun 2018 09:01:56 +0300 +Subject: [PATCH] connect: fix parsing of WEP keys + +The introduction of MFP options added a bug that causes a +segmentation fault when parsing WEP keys. +Fix that. + +Signed-off-by: Emmanuel Grumbach +Signed-off-by: Johannes Berg + +Upstream-Status: Backport +[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44] +Signed-off-by: Liu Haitao +--- + ap.c | 2 +- + connect.c | 7 ++----- + ibss.c | 2 +- + iw.h | 3 ++- + util.c | 36 ++++++++++++++++++------------------ + 5 files changed, 24 insertions(+), 26 deletions(-) + +diff --git a/ap.c b/ap.c +index 4bab5b9..dcce402 100644 +--- a/ap.c ++++ b/ap.c +@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state, + argv++; + argc--; + +- return parse_keys(msg, argv, argc); ++ return parse_keys(msg, &argv, &argc); + nla_put_failure: + return -ENOSPC; + } +diff --git a/connect.c b/connect.c +index 339fc73..4a847a1 100644 +--- a/connect.c ++++ b/connect.c +@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state, + argv++; + argc--; + +- ret = parse_keys(msg, argv, argc); ++ ret = parse_keys(msg, &argv, &argc); + if (ret) + return ret; + +- argc -= 4; +- argv += 4; +- + if (!argc) + return 0; + +@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state, + argv++; + argc--; + +- return parse_keys(msg, argv, argc); ++ return parse_keys(msg, &argv, &argc); + nla_put_failure: + return -ENOSPC; + } +diff --git a/ibss.c b/ibss.c +index 84f1e95..d77fc92 100644 +--- a/ibss.c ++++ b/ibss.c +@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state, + argv++; + argc--; + +- return parse_keys(msg, argv, argc); ++ return parse_keys(msg, &argv, &argc); + nla_put_failure: + return -ENOSPC; + } +diff --git a/iw.h b/iw.h +index ee7ca20..8767ed3 100644 +--- a/iw.h ++++ b/iw.h +@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len, + unsigned char **mask); + unsigned char *parse_hex(char *hex, size_t *outlen); + +-int parse_keys(struct nl_msg *msg, char **argv, int argc); ++ ++int parse_keys(struct nl_msg *msg, char **argv[], int *argc); + int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed); + enum nl80211_chan_width str_to_bw(const char *str); + int put_chandef(struct nl_msg *msg, struct chandef *chandef); +diff --git a/util.c b/util.c +index 6e0ddff..122c019 100644 +--- a/util.c ++++ b/util.c +@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str) + return -EINVAL; + } + +-int parse_keys(struct nl_msg *msg, char **argv, int argc) ++int parse_keys(struct nl_msg *msg, char **argv[], int *argc) + { + struct nlattr *keys; + int i = 0; + bool have_default = false; +- char *arg = *argv; ++ char *arg = **argv; + char keybuf[13]; + int pos = 0; + +- if (!argc) ++ if (!*argc) + return 1; + + if (!memcmp(&arg[pos], "psk", 3)) { + char psk_keybuf[32]; + int cipher_suite, akm_suite; + +- if (argc < 4) ++ if (*argc < 4) + goto explain; + + pos+=3; +@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) + NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf); + NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM); + +- argv++; +- argc--; +- arg = *argv; ++ *argv += 1; ++ *argc -= 1; ++ arg = **argv; + + akm_suite = parse_akm_suite(arg); + if (akm_suite < 0) +@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) + + NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite); + +- argv++; +- argc--; +- arg = *argv; ++ *argv += 1; ++ *argc -= 1; ++ arg = **argv; + + cipher_suite = parse_cipher_suite(arg); + if (cipher_suite < 0) +@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) + + NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite); + +- argv++; +- argc--; +- arg = *argv; ++ *argv += 1; ++ *argc -= 1; ++ arg = **argv; + + cipher_suite = parse_cipher_suite(arg); + if (cipher_suite < 0) +@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) + struct nlattr *key = nla_nest_start(msg, ++i); + char *keydata; + +- arg = *argv; ++ arg = **argv; + pos = 0; + + if (!key) +@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc) + + NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata); + +- argv++; +- argc--; ++ *argv += 1; ++ *argc -= 1; + + /* one key should be TX key */ +- if (!have_default && !argc) ++ if (!have_default && !*argc) + NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); + + nla_nest_end(msg, key); +- } while (argc); ++ } while (*argc); + + nla_nest_end(msg, keys); + +-- +2.17.1 + diff --git a/meta/recipes-connectivity/iw/iw_4.14.bb b/meta/recipes-connectivity/iw/iw_4.14.bb index e1b17de4c3..f414a4b1dc 100644 --- a/meta/recipes-connectivity/iw/iw_4.14.bb +++ b/meta/recipes-connectivity/iw/iw_4.14.bb @@ -12,6 +12,7 @@ DEPENDS = "libnl" SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \ file://separate-objdir.patch \ + file://0001-connect-fix-parsing-of-WEP-keys.patch \ " SRC_URI[md5sum] = "2067516ca9940fdb8c091ee3250da374" -- cgit 1.2.3-korg