diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 9b73601..7670882 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -148,16 +148,38 @@ static int wpa_supplicant_wps_cred(void *ctx, } switch (cred->encr_type) { + u8 key_idx; case WPS_ENCR_NONE: break; case WPS_ENCR_WEP: - if (cred->key_len > 0 && cred->key_len <= MAX_WEP_KEY_LEN && - cred->key_idx < NUM_WEP_KEYS) { - os_memcpy(ssid->wep_key[cred->key_idx], cred->key, + if (cred->key_len <= 0) + break; + if (cred->key_len != 5 && cred->key_len != 13 && + cred->key_len != 10 && cred->key_len != 26) { + wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length %i", + cred->key_len); + return -1; + } + if (cred->key_idx >= NUM_WEP_KEYS) { + wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %i", + cred->key_idx); + return -1; + } + key_idx = cred->key_idx; + if (cred->key_len == 10 || cred->key_len == 26) { + if (hexstr2bin((char*)cred->key, ssid->wep_key[key_idx], + cred->key_len / 2) < 0) { + wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key %i", + key_idx); + return -1; + } + ssid->wep_key_len[key_idx] = cred->key_len / 2; + } else { + os_memcpy(ssid->wep_key[key_idx], cred->key, cred->key_len); - ssid->wep_key_len[cred->key_idx] = cred->key_len; - ssid->wep_tx_keyidx = cred->key_idx; + ssid->wep_key_len[key_idx] = cred->key_len; } + ssid->wep_tx_keyidx = key_idx; break; case WPS_ENCR_TKIP: ssid->pairwise_cipher = WPA_CIPHER_TKIP;