From 59518570d0a2dabe39625c235c1ee49c56ae0bfd Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni.malinen@atheros.com>
Date: Fri, 20 Mar 2009 21:21:17 +0200
Subject: [PATCH] --- yaml --- r: 136167 b: refs/heads/master c:
 255e737eab645ec6037baeca04a5e0a7c3b1f459 h: refs/heads/master i:   136165:
 d5210ebe853f06ea96dab76cb3bcab2d93ed12c8   136163:
 c2f880f0775f4a4bc7e145b66eb8605f8314c8d9   136159:
 c8bb8b69ee727c8cf749fb6007417c32dd8f7459 v: v3

---
 [refs]                       |  2 +-
 trunk/net/wireless/nl80211.c | 32 ++++++++++++++++++++++++++------
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/[refs] b/[refs]
index 0e126019b9d4..7155d2680597 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 65fc73ac4a310945dfeceac961726c2765ad2ec0
+refs/heads/master: 255e737eab645ec6037baeca04a5e0a7c3b1f459
diff --git a/trunk/net/wireless/nl80211.c b/trunk/net/wireless/nl80211.c
index 44c79972be57..6f38ee7a3c92 100644
--- a/trunk/net/wireless/nl80211.c
+++ b/trunk/net/wireless/nl80211.c
@@ -2614,6 +2614,14 @@ static int nl80211_dump_scan(struct sk_buff *skb,
 	return err;
 }
 
+static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
+{
+	return auth_type == NL80211_AUTHTYPE_OPEN_SYSTEM ||
+		auth_type == NL80211_AUTHTYPE_SHARED_KEY ||
+		auth_type == NL80211_AUTHTYPE_FT ||
+		auth_type == NL80211_AUTHTYPE_NETWORK_EAP;
+}
+
 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
 {
 	struct cfg80211_registered_device *drv;
@@ -2666,6 +2674,10 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
 		req.auth_type =
 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
+		if (!nl80211_valid_auth_type(req.auth_type)) {
+			err = -EINVAL;
+			goto out;
+		}
 	}
 
 	err = drv->ops->auth(&drv->wiphy, dev, &req);
@@ -2718,10 +2730,6 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
 		}
 	}
 
-	if (nla_len(info->attrs[NL80211_ATTR_SSID]) > IEEE80211_MAX_SSID_LEN) {
-		err = -EINVAL;
-		goto out;
-	}
 	req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
 	req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
 
@@ -2769,9 +2777,15 @@ static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
 
 	req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
 
-	if (info->attrs[NL80211_ATTR_REASON_CODE])
+	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
 		req.reason_code =
 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
+		if (req.reason_code == 0) {
+			/* Reason Code 0 is reserved */
+			err = -EINVAL;
+			goto out;
+		}
+	}
 
 	if (info->attrs[NL80211_ATTR_IE]) {
 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
@@ -2817,9 +2831,15 @@ static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
 
 	req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
 
-	if (info->attrs[NL80211_ATTR_REASON_CODE])
+	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
 		req.reason_code =
 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
+		if (req.reason_code == 0) {
+			/* Reason Code 0 is reserved */
+			err = -EINVAL;
+			goto out;
+		}
+	}
 
 	if (info->attrs[NL80211_ATTR_IE]) {
 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);