DivestOS/Patches/Linux_CVEs-New/CVE-2017-11001/ANY/0.patch

50 lines
1.7 KiB
Diff
Raw Normal View History

From d5d2c9baff89932e822ceae74b1569af07d55f19 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Fri, 7 Jul 2017 11:58:04 -0700
Subject: qcacld-2.0: Fix out of bound read issue in get link properties
Length of the MAC address is not checked which may cause out of bound
read issue.
To resolve this add a check for MAC address length.
CRs-Fixed: 2051433
Change-Id: I58454b84c28b157cef35984d612a9bc6fdd9ec56
Bug: 36815555
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
index c153928..6d99f2d 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -8481,7 +8481,8 @@ static int __wlan_hdd_cfg80211_wifi_logger_start(struct wiphy *wiphy,
static const struct
nla_policy
qca_wlan_vendor_attr_policy[QCA_WLAN_VENDOR_ATTR_MAX+1] = {
- [QCA_WLAN_VENDOR_ATTR_MAC_ADDR] = { .type = NLA_UNSPEC },
+ [QCA_WLAN_VENDOR_ATTR_MAC_ADDR] = {
+ .type = NLA_BINARY, .len = VOS_MAC_ADDR_SIZE },
};
/**
@@ -8536,6 +8537,13 @@ static int __wlan_hdd_cfg80211_get_link_properties(struct wiphy *wiphy,
return -EINVAL;
}
+ if (nla_len(tb[QCA_WLAN_VENDOR_ATTR_MAC_ADDR]) < sizeof(peer_mac)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ FL("Attribute peerMac is invalid=%d"),
+ adapter->device_mode);
+ return -EINVAL;
+ }
+
memcpy(peer_mac, nla_data(tb[QCA_WLAN_VENDOR_ATTR_MAC_ADDR]),
sizeof(peer_mac));
hddLog(VOS_TRACE_LEVEL_INFO,
--
cgit v1.1