connect: fix parsing of WEP keys

The introduction of MFP options added a bug that causes a
segmentation fault when parsing WEP keys.
Fix that.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/ap.c b/ap.c
index 4bab5b935ed4cc15275fd972ba5e375949a37a06..dcce402e216c313568fc151f8d310f240c62efae 100644 (file)
--- a/ap.c
+++ b/ap.c
@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
        argv++;
        argc--;
 
-       return parse_keys(msg, argv, argc);
+       return parse_keys(msg, &argv, &argc);
  nla_put_failure:
        return -ENOSPC;
 }

diff --git a/connect.c b/connect.c
index 339fc736819fe1a18fc96b5741c9946837c475dc..4a847a11671ff550f7ee92ac34e3339d9a4938bd 100644 (file)
--- a/connect.c
+++ b/connect.c
@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
        argv++;
        argc--;
 
-       ret = parse_keys(msg, argv, argc);
+       ret = parse_keys(msg, &argv, &argc);
        if (ret)
                return ret;
 
-       argc -= 4;
-       argv += 4;
-
        if (!argc)
                return 0;
 
@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
        argv++;
        argc--;
 
-       return parse_keys(msg, argv, argc);
+       return parse_keys(msg, &argv, &argc);
  nla_put_failure:
        return -ENOSPC;
 }

diff --git a/ibss.c b/ibss.c
index f0e3de8bb43805965537a3ec09690d1f1059fb05..f6cbc4ca88017ecdbcf3df60bcd0e335ebddba57 100644 (file)
--- a/ibss.c
+++ b/ibss.c
@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
        argv++;
        argc--;
 
-       return parse_keys(msg, argv, argc);
+       return parse_keys(msg, &argv, &argc);
  nla_put_failure:
        return -ENOSPC;
 }

diff --git a/iw.h b/iw.h
index b0166da941ba751ad7771d9dcc988bc6d9150e6a..e8dd059e4e63e3771c080cc5dc97d3f65d1d12eb 100644 (file)
--- a/iw.h
+++ b/iw.h
@@ -182,7 +182,7 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
                   unsigned char **mask);
 unsigned char *parse_hex(char *hex, size_t *outlen);
 
-int parse_keys(struct nl_msg *msg, char **argv, int argc);
+int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
 int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
 enum nl80211_chan_width str_to_bw(const char *str);
 int parse_txq_stats(char *buf, int buflen, struct nlattr *tid_stats_attr, int header,

diff --git a/util.c b/util.c
index 388a8bbefc3fecc868816ad46e3727f205ebb95b..92515bc5ee69558b93070ca97c3b497502856200 100644 (file)
--- a/util.c
+++ b/util.c
@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
        return -EINVAL;
 }
 
-int parse_keys(struct nl_msg *msg, char **argv, int argc)
+int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
 {
        struct nlattr *keys;
        int i = 0;
        bool have_default = false;
-       char *arg = *argv;
+       char *arg = **argv;
        char keybuf[13];
        int pos = 0;
 
-       if (!argc)
+       if (!*argc)
                return 1;
 
        if (!memcmp(&arg[pos], "psk", 3)) {
                char psk_keybuf[32];
                int cipher_suite, akm_suite;
 
-               if (argc < 4)
+               if (*argc < 4)
                        goto explain;
 
                pos+=3;
@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
                NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
                NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
 
-               argv++;
-               argc--;
-               arg = *argv;
+               *argv += 1;
+               *argc -= 1;
+               arg = **argv;
 
                akm_suite = parse_akm_suite(arg);
                if (akm_suite < 0)
@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 
                NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
 
-               argv++;
-               argc--;
-               arg = *argv;
+               *argv += 1;
+               *argc -= 1;
+               arg = **argv;
 
                cipher_suite = parse_cipher_suite(arg);
                if (cipher_suite < 0)
@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 
                NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
 
-               argv++;
-               argc--;
-               arg = *argv;
+               *argv += 1;
+               *argc -= 1;
+               arg = **argv;
 
                cipher_suite = parse_cipher_suite(arg);
                if (cipher_suite < 0)
@@ -497,7 +497,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
                struct nlattr *key = nla_nest_start(msg, ++i);
                char *keydata;
 
-               arg = *argv;
+               arg = **argv;
                pos = 0;
 
                if (!key)
@@ -541,15 +541,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
 
                NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
 
-               argv++;
-               argc--;
+               *argv += 1;
+               *argc -= 1;
 
                /* one key should be TX key */
-               if (!have_default && !argc)
+               if (!have_default && !*argc)
                        NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
 
                nla_nest_end(msg, key);
-       } while (argc);
+       } while (*argc);
 
        nla_nest_end(msg, keys);