DivestOS/Patches/Linux_CVEs/CVE-2017-9694/0.patch

From 7f60f02336d5506aeb81c5fec9e213f729fb83e6 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Thu, 25 May 2017 15:12:16 -0700
Subject: [PATCH] qcacld-2.0: Add lost AP sample size entry to nla policy

Incorrect validation of
QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE
results in assigning an unchecked user-controller value.
This can lead to buffer overflow.

validate
  QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE.

CRs-Fixed: 2045470
Change-Id: I7c33b6d78054672e9effbe9100c29e5604c250c6
Bug: 36818198
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
index d5e63ef797c91..3580d2b73494b 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -852,6 +852,9 @@ wlan_hdd_extscan_config_policy[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_
     [QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_LOW] = { .type = NLA_S32 },
     [QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_HIGH] = { .type = NLA_S32 },
     [QCA_WLAN_VENDOR_ATTR_EXTSCAN_CONFIGURATION_FLAGS] = { .type = NLA_U32 },
+    [QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE] = {
+		.type = NLA_U32
+	},
 };
 
 static const struct nla_policy
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From 7f60f02336d5506aeb81c5fec9e213f729fb83e6 Mon Sep 17 00:00:00 2001`
			`From: Srinivas Girigowda <sgirigow@codeaurora.org>`
			`Date: Thu, 25 May 2017 15:12:16 -0700`
			`Subject: [PATCH] qcacld-2.0: Add lost AP sample size entry to nla policy`

			`Incorrect validation of`
			`QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE`
			`results in assigning an unchecked user-controller value.`
			`This can lead to buffer overflow.`

			`validate`
			`QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE.`

			`CRs-Fixed: 2045470`
			`Change-Id: I7c33b6d78054672e9effbe9100c29e5604c250c6`
			`Bug: 36818198`
			`Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>`
			`---`
			`drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c`
			`index d5e63ef797c91..3580d2b73494b 100644`
			`--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c`
			`+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c`
			`@@ -852,6 +852,9 @@ wlan_hdd_extscan_config_policy[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_`
			`[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_LOW] = { .type = NLA_S32 },`
			`[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_HIGH] = { .type = NLA_S32 },`
			`[QCA_WLAN_VENDOR_ATTR_EXTSCAN_CONFIGURATION_FLAGS] = { .type = NLA_U32 },`
			`+ [QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE] = {`
			`+ .type = NLA_U32`
			`+ },`
			`};`

			`static const struct nla_policy`