iw: fix parsing of WEP keys

The current iw4.14 has a fatal bug that could casue a Segmentation fault
when parsing WEP keys. The issue has been fixed by upstream.
[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]

(From OE-Core rev: 6de9eb72f679dd8d8e4de972b1da978522cff8b4)

Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch

@@ -0,0 +1,194 @@
+From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Tue, 12 Jun 2018 09:01:56 +0300
+Subject: [PATCH] connect: fix parsing of WEP keys
+
+The introduction of MFP options added a bug that causes a
+segmentation fault when parsing WEP keys.
+Fix that.
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+Upstream-Status: Backport
+[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
+Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
+---
+ ap.c      |  2 +-
+ connect.c |  7 ++-----
+ ibss.c    |  2 +-
+ iw.h      |  3 ++-
+ util.c    | 36 ++++++++++++++++++------------------
+ 5 files changed, 24 insertions(+), 26 deletions(-)
+
+diff --git a/ap.c b/ap.c
+index 4bab5b9..dcce402 100644
+--- a/ap.c
++++ b/ap.c
+@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
+ 	argv++;
+ 	argc--;
+ 
+-	return parse_keys(msg, argv, argc);
++	return parse_keys(msg, &argv, &argc);
+  nla_put_failure:
+ 	return -ENOSPC;
+ }
+diff --git a/connect.c b/connect.c
+index 339fc73..4a847a1 100644
+--- a/connect.c
++++ b/connect.c
+@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
+ 	argv++;
+ 	argc--;
+ 
+-	ret = parse_keys(msg, argv, argc);
++	ret = parse_keys(msg, &argv, &argc);
+ 	if (ret)
+ 		return ret;
+ 
+-	argc -= 4;
+-	argv += 4;
+-
+ 	if (!argc)
+ 		return 0;
+ 
+@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
+ 	argv++;
+ 	argc--;
+ 
+-	return parse_keys(msg, argv, argc);
++	return parse_keys(msg, &argv, &argc);
+  nla_put_failure:
+ 	return -ENOSPC;
+ }
+diff --git a/ibss.c b/ibss.c
+index 84f1e95..d77fc92 100644
+--- a/ibss.c
++++ b/ibss.c
+@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
+ 	argv++;
+ 	argc--;
+ 
+-	return parse_keys(msg, argv, argc);
++	return parse_keys(msg, &argv, &argc);
+  nla_put_failure:
+ 	return -ENOSPC;
+ }
+diff --git a/iw.h b/iw.h
+index ee7ca20..8767ed3 100644
+--- a/iw.h
++++ b/iw.h
+@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
+ 		   unsigned char **mask);
+ unsigned char *parse_hex(char *hex, size_t *outlen);
+ 
+-int parse_keys(struct nl_msg *msg, char **argv, int argc);
++
++int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
+ int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
+ enum nl80211_chan_width str_to_bw(const char *str);
+ int put_chandef(struct nl_msg *msg, struct chandef *chandef);
+diff --git a/util.c b/util.c
+index 6e0ddff..122c019 100644
+--- a/util.c
++++ b/util.c
+@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
+ 	return -EINVAL;
+ }
+ 
+-int parse_keys(struct nl_msg *msg, char **argv, int argc)
++int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
+ {
+ 	struct nlattr *keys;
+ 	int i = 0;
+ 	bool have_default = false;
+-	char *arg = *argv;
++	char *arg = **argv;
+ 	char keybuf[13];
+ 	int pos = 0;
+ 
+-	if (!argc)
++	if (!*argc)
+ 		return 1;
+ 
+ 	if (!memcmp(&arg[pos], "psk", 3)) {
+ 		char psk_keybuf[32];
+ 		int cipher_suite, akm_suite;
+ 
+-		if (argc < 4)
++		if (*argc < 4)
+ 			goto explain;
+ 
+ 		pos+=3;
+@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ 		NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
+ 		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
+ 
+-		argv++;
+-		argc--;
+-		arg = *argv;
++		*argv += 1;
++		*argc -= 1;
++		arg = **argv;
+ 
+ 		akm_suite = parse_akm_suite(arg);
+ 		if (akm_suite < 0)
+@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ 
+ 		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
+ 
+-		argv++;
+-		argc--;
+-		arg = *argv;
++		*argv += 1;
++		*argc -= 1;
++		arg = **argv;
+ 
+ 		cipher_suite = parse_cipher_suite(arg);
+ 		if (cipher_suite < 0)
+@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ 
+ 		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
+ 
+-		argv++;
+-		argc--;
+-		arg = *argv;
++		*argv += 1;
++		*argc -= 1;
++		arg = **argv;
+ 
+ 		cipher_suite = parse_cipher_suite(arg);
+ 		if (cipher_suite < 0)
+@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ 		struct nlattr *key = nla_nest_start(msg, ++i);
+ 		char *keydata;
+ 
+-		arg = *argv;
++		arg = **argv;
+ 		pos = 0;
+ 
+ 		if (!key)
+@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
+ 
+ 		NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
+ 
+-		argv++;
+-		argc--;
++		*argv += 1;
++		*argc -= 1;
+ 
+ 		/* one key should be TX key */
+-		if (!have_default && !argc)
++		if (!have_default && !*argc)
+ 			NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
+ 
+ 		nla_nest_end(msg, key);
+-	} while (argc);
++	} while (*argc);
+ 
+ 	nla_nest_end(msg, keys);
+ 
+-- 
+2.17.1
+

meta/recipes-connectivity/iw/iw_4.14.bb

@@ -12,6 +12,7 @@ DEPENDS = "libnl"
 SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
            file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
            file://separate-objdir.patch \
+           file://0001-connect-fix-parsing-of-WEP-keys.patch \
 "
 
 SRC_URI[md5sum] = "2067516ca9940fdb8c091ee3250da374"