Duplicate entries in wiphy->cipher_suites do not describe any
additional capability, but cfg80211 currently accepts them and leaves
individual consumers to deal with them.
One such consumer is the WEXT compatibility code, which appends a WEP
key length for each WEP cipher entry it sees. Repeated WEP entries can
therefore overflow the fixed iw_range::encoding_size array returned by
SIOCGIWRANGE.
Reject duplicate cipher suite entries in wiphy_register() instead.
This keeps the cipher suite invariant in one place and makes malformed
wiphy descriptions fail early with -EINVAL, rather than relying on a
single cfg80211 user to handle duplicates correctly.
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Co-developed-by: Yuan Tan <yuantan098@gmail.com>
Signed-off-by: Yuan Tan <yuantan098@gmail.com>
Suggested-by: Xin Liu <bird@lzu.edu.cn>
Signed-off-by: Yuqi Xu <xuyuqiabc@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Link: https://patch.msgid.link/20260413123000.1480661-1-n05ec@lzu.edu.cn
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
return ret;
}
+static bool wiphy_cipher_suites_valid(const struct wiphy *wiphy)
+{
+ int i, j;
+
+ if (wiphy->n_cipher_suites && !wiphy->cipher_suites)
+ return false;
+
+ for (i = 0; i < wiphy->n_cipher_suites; i++) {
+ for (j = 0; j < i; j++) {
+ if (wiphy->cipher_suites[i] ==
+ wiphy->cipher_suites[j])
+ return false;
+ }
+ }
+
+ return true;
+}
+
int wiphy_register(struct wiphy *wiphy)
{
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
if (res)
return res;
+ if (!wiphy_cipher_suites_valid(wiphy))
+ return -EINVAL;
+
/* sanity check supported bands/channels */
for (band = 0; band < NUM_NL80211_BANDS; band++) {
const struct ieee80211_sband_iftype_data *iftd;
projects / thirdparty / linux.git / commitdiff
