nl80211: Do not try to add too large NL80211_ATTR_PMK for set/del PMKSA

The current cfg80211 limit for the maximum NL80211_ATTR_PMK length is
48, so anything larger than that will result in the operation completely
failing. Since the PMKSA entries can be used without the PMK for most
purposes (the main use case for PMK currently is offloaded FILS
authentication), try to go ahead by configuring only the PMKID for the
case where 64-octet PMK is needed (which is currently limited to only
DPP with NIST P-521 and brainpoolP512r1 curves). This can fix DPP
connections with drivers that expect to get the PMKID through this
interface while still leaving the actual 4-way handshake for user space.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index d01a0e18f46a9502e47aeca6d983234d07325e96..dfa11834c0967521cc351c39b0a9d97ebb070aab 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -7615,6 +7615,7 @@ static int nl80211_pmkid(struct i802_bss *bss, int cmd,
                         struct wpa_pmkid_params *params)
 {
        struct nl_msg *msg;
+       const size_t PMK_MAX_LEN = 48; /* current cfg80211 limit */
 
        if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
            (params->pmkid &&
@@ -7626,7 +7627,7 @@ static int nl80211_pmkid(struct i802_bss *bss, int cmd,
            (params->fils_cache_id &&
             nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2,
                     params->fils_cache_id)) ||
-           (params->pmk_len &&
+           (params->pmk_len && params->pmk_len <= PMK_MAX_LEN &&
             nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) {
                nlmsg_free(msg);
                return -ENOBUFS;