Commit 78f686ca authored by Johannes Berg's avatar Johannes Berg

cfg80211: don't put kek/kck/replay counter on the stack

There's no need to put the values on the stack, just pass a
pointer to the data in the nl80211 message. This reduces stack
usage and avoids potential issues with putting sensitive data
on the stack.
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 538c9eb8
......@@ -1980,14 +1980,12 @@ struct cfg80211_wowlan_wakeup {
/**
* struct cfg80211_gtk_rekey_data - rekey data
* @kek: key encryption key
* @kck: key confirmation key
* @replay_ctr: replay counter
* @kek: key encryption key (NL80211_KEK_LEN bytes)
* @kck: key confirmation key (NL80211_KCK_LEN bytes)
* @replay_ctr: replay counter (NL80211_REPLAY_CTR_LEN bytes)
*/
struct cfg80211_gtk_rekey_data {
u8 kek[NL80211_KEK_LEN];
u8 kck[NL80211_KCK_LEN];
u8 replay_ctr[NL80211_REPLAY_CTR_LEN];
const u8 *kek, *kck, *replay_ctr;
};
/**
......
......@@ -8959,13 +8959,9 @@ static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
return -ERANGE;
memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
NL80211_KEK_LEN);
memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
NL80211_KCK_LEN);
memcpy(rekey_data.replay_ctr,
nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
NL80211_REPLAY_CTR_LEN);
rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
wdev_lock(wdev);
if (!wdev->current_bss) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment