This cipher can be used only as a group management frame cipher and as such, there is no point in validating that it is not used with non-zero key-index. Instead, verify that it is not used as a pairwise cipher regardless of the key index.
Signed-off-by: Jouni Malinen <[email protected]> --- net/wireless/util.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/wireless/util.c b/net/wireless/util.c index 3535e8a..f608ba0 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -236,8 +236,11 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, */ if (pairwise && key_idx && ((params->cipher == WLAN_CIPHER_SUITE_TKIP) || - (params->cipher == WLAN_CIPHER_SUITE_CCMP) || - (params->cipher == WLAN_CIPHER_SUITE_AES_CMAC))) + (params->cipher == WLAN_CIPHER_SUITE_CCMP))) + return -EINVAL; + + /* Disallow BIP (group-only) cipher as pairwise cipher */ + if (pairwise && params->cipher == WLAN_CIPHER_SUITE_AES_CMAC) return -EINVAL; switch (params->cipher) { -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
