DivestOS/Patches/Linux_CVEs/CVE-2017-0584/qcacld-2.0/0001.patch

55 lines
1.5 KiB
Diff
Raw Normal View History

From b83b9057d56c057d1dfca79ae197583a83766245 Mon Sep 17 00:00:00 2001
From: Govind Singh <govinds@codeaurora.org>
Date: Thu, 12 Jan 2017 10:30:25 +0530
Subject: qcacld-2.0: Do not copy buffer to user-space if diag read fails
ATH diag procfs read is copying read_buffer to user space
unconditionally, causing kernel heap information leak of
uninitialized read_buffer if hif diag read fails.
Do not copy buffer to user space if diag read fails to
avoid information leak to user space.
Change-Id: I5e07cad4f90e5e9b3c461268b8fa3635c3128b9f
CRs-Fixed: 1104731
---
CORE/SERVICES/HIF/ath_procfs.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/CORE/SERVICES/HIF/ath_procfs.c b/CORE/SERVICES/HIF/ath_procfs.c
index cfdf97a..d1a34dd 100644
--- a/CORE/SERVICES/HIF/ath_procfs.c
+++ b/CORE/SERVICES/HIF/ath_procfs.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013, 2016-2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -113,17 +113,16 @@ static ssize_t ath_procfs_diag_read(struct file *file, char __user *buf,
(A_UINT8 *)read_buffer, count);
}
+ if (rv)
+ return -EIO;
+
if(copy_to_user(buf, read_buffer, count)) {
vos_mem_free(read_buffer);
return -EFAULT;
} else
vos_mem_free(read_buffer);
- if (rv == 0) {
- return count;
- } else {
- return -EIO;
- }
+ return count;
}
static ssize_t ath_procfs_diag_write(struct file *file, const char __user *buf,
--
cgit v1.1