DivestOS/Patches/Linux_CVEs/CVE-2016-8452/ANY/2.patch

103 lines
4.4 KiB
Diff
Raw Normal View History

From 1216822e1d051247ae1f6e194f16d2fc40f1eba2 Mon Sep 17 00:00:00 2001
From: SaidiReddy Yenuga <c_saidir@qti.qualcomm.com>
Date: Wed, 7 Dec 2016 16:21:07 +0530
Subject: wlan: Use heap memory for station_info instead of stack
qcacld-2.0 to prima propagation.
From kernel 3.19-rc4, size of struct station_info is around 600 bytes,
so stack frame size of such routine use this struct will easily
exceed 1024 bytes, the default value of stack frame size.
So use heap memory for this struct instead.
Change-Id: Ibe8a4f5189fcc9d5554f7a5d851c93be8fa8dbad
CRs-Fixed: 1050323
---
CORE/HDD/src/wlan_hdd_assoc.c | 19 ++++++++++++++-----
CORE/HDD/src/wlan_hdd_hostapd.c | 19 +++++++++++++------
2 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c
index 933a2df..cd5686f 100644
--- a/CORE/HDD/src/wlan_hdd_assoc.c
+++ b/CORE/HDD/src/wlan_hdd_assoc.c
@@ -2730,7 +2730,7 @@ static eHalStatus roamRoamConnectStatusUpdateHandler( hdd_adapter_t *pAdapter, t
case eCSR_ROAM_RESULT_IBSS_NEW_PEER:
{
hdd_station_ctx_t *pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pAdapter);
- struct station_info staInfo;
+ struct station_info *staInfo;
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
"IBSS New Peer indication from SME with peerMac " MAC_ADDRESS_STR " BSSID: " MAC_ADDRESS_STR " and stationID= %d",
@@ -2764,13 +2764,22 @@ static eHalStatus roamRoamConnectStatusUpdateHandler( hdd_adapter_t *pAdapter, t
break;
}
pHddStaCtx->ibss_sta_generation++;
- memset(&staInfo, 0, sizeof(staInfo));
- staInfo.filled = 0;
- staInfo.generation = pHddStaCtx->ibss_sta_generation;
+
+ staInfo = vos_mem_malloc(sizeof(*staInfo));
+ if (staInfo == NULL) {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "memory allocation for station_info failed");
+ return eHAL_STATUS_FAILED_ALLOC;
+ }
+
+ memset(staInfo, 0, sizeof(*staInfo));
+ staInfo->filled = 0;
+ staInfo->generation = pHddStaCtx->ibss_sta_generation;
cfg80211_new_sta(pAdapter->dev,
(const u8 *)pRoamInfo->peerMac,
- &staInfo, GFP_KERNEL);
+ staInfo, GFP_KERNEL);
+ vos_mem_free(staInfo);
if ( eCSR_ENCRYPT_TYPE_WEP40_STATICKEY == pHddStaCtx->ibss_enc_key.encType
||eCSR_ENCRYPT_TYPE_WEP104_STATICKEY == pHddStaCtx->ibss_enc_key.encType
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index e67db4d..427a350 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -1065,21 +1065,28 @@ VOS_STATUS hdd_hostapd_SAPEventCB( tpSap_Event pSapEvent, v_PVOID_t usrDataForCa
#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38))
{
- struct station_info staInfo;
+ struct station_info *staInfo;
v_U16_t iesLen = pSapEvent->sapevt.sapStationAssocReassocCompleteEvent.iesLen;
- memset(&staInfo, 0, sizeof(staInfo));
+ staInfo = vos_mem_malloc(sizeof(*staInfo));
+ if (staInfo == NULL) {
+ hddLog(LOGE, FL("alloc station_info failed"));
+ return VOS_STATUS_E_NOMEM;
+ }
+
+ memset(staInfo, 0, sizeof(*staInfo));
if (iesLen <= MAX_ASSOC_IND_IE_LEN )
{
- staInfo.assoc_req_ies =
+ staInfo->assoc_req_ies =
(const u8 *)&pSapEvent->sapevt.sapStationAssocReassocCompleteEvent.ies[0];
- staInfo.assoc_req_ies_len = iesLen;
+ staInfo->assoc_req_ies_len = iesLen;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,31))
- staInfo.filled |= STATION_INFO_ASSOC_REQ_IES;
+ staInfo->filled |= STATION_INFO_ASSOC_REQ_IES;
#endif
cfg80211_new_sta(dev,
(const u8 *)&pSapEvent->sapevt.sapStationAssocReassocCompleteEvent.staMac.bytes[0],
- &staInfo, GFP_KERNEL);
+ staInfo, GFP_KERNEL);
+ vos_mem_free(staInfo);
}
else
{
--
cgit v1.1