DivestOS/Patches/Linux_CVEs/CVE-2017-11013/prima/0001.patch

88 lines
3.1 KiB
Diff
Raw Normal View History

2017-11-07 17:32:46 -05:00
From 64297e4caffdf6b1a90807bbdb65a66b43582228 Mon Sep 17 00:00:00 2001
From: Sridhar Selvaraj <sselvara@codeaurora.org>
Date: Fri, 30 Jun 2017 19:11:21 +0530
Subject: prima: Skip an IE if found more its max times in a frame
Check if a IE has been encountered more than max possible for that IE
while parsing a frame.
Change-Id: I1054c7df18780469849be55fc4343f09ac502a49
CRs-Fixed: 2069927
---
CORE/MAC/src/include/dot11f.h | 6 +++---
CORE/SYS/legacy/src/utils/src/dot11f.c | 9 +++++++--
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/CORE/MAC/src/include/dot11f.h b/CORE/MAC/src/include/dot11f.h
index ab2228e..52c714e 100644
--- a/CORE/MAC/src/include/dot11f.h
+++ b/CORE/MAC/src/include/dot11f.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -30,7 +30,7 @@
*
*
* This file was automatically generated by 'framesc'
- * Mon Nov 10 19:49:53 2014 from the following file(s):
+ * Tue Jul 4 11:19:48 2017 from the following file(s):
*
* dot11f.frms
*
@@ -84,8 +84,8 @@ typedef tANI_U32 tDOT11F_U64[2];
#define DOT11F_BUFFER_OVERFLOW ( 0x10000005 )
#define DOT11F_MANDATORY_TLV_MISSING ( 0x00001000 )
#define DOT11F_FAILED(code) ( (code) & 0x10000000 )
-#define DOT11F_WARNED(code) ( ( ( 0 == (code) ) & 0x10000000 ) && code)
#define DOT11F_SUCCEEDED(code) ( (code) == 0 )
+#define DOT11F_WARNED(code) (!DOT11F_SUCCEEDED(code) && !DOT11F_FAILED(code))
/*********************************************************************
* Fixed Fields *
diff --git a/CORE/SYS/legacy/src/utils/src/dot11f.c b/CORE/SYS/legacy/src/utils/src/dot11f.c
index a4fbb05..f3f621c 100644
--- a/CORE/SYS/legacy/src/utils/src/dot11f.c
+++ b/CORE/SYS/legacy/src/utils/src/dot11f.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -28,7 +28,7 @@
*
*
* This file was automatically generated by 'framesc'
- * Mon Nov 10 19:49:53 2014 from the following file(s):
+ * Tue Jul 4 11:19:48 2017 from the following file(s):
*
* dot11f.frms
*
@@ -20733,6 +20733,10 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx,
}
countOffset = ( (0 != pIe->arraybound) * ( *(tANI_U16* )(pFrm + pIe->countOffset)));
+ if (0 != pIe->arraybound && countOffset >= pIe->arraybound) {
+ status |= DOT11F_DUPLICATE_IE;
+ goto skip_dup_ie;
+ }
switch (pIe->sig)
{
case SigIeAPName:
@@ -21207,6 +21211,7 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx,
status |= DOT11F_UNKNOWN_IES;
}
+skip_dup_ie:
pBufRemaining += len;
if (len > nBufRemaining)
--
cgit v1.1