DivestOS/Patches/Linux_CVEs-New/CVE-2017-9694/ANY/0.patch

36 lines
1.5 KiB
Diff
Raw Normal View History

From 7f60f02336d5506aeb81c5fec9e213f729fb83e6 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Thu, 25 May 2017 15:12:16 -0700
Subject: [PATCH] qcacld-2.0: Add lost AP sample size entry to nla policy
Incorrect validation of
QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE
results in assigning an unchecked user-controller value.
This can lead to buffer overflow.
validate
QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE.
CRs-Fixed: 2045470
Change-Id: I7c33b6d78054672e9effbe9100c29e5604c250c6
Bug: 36818198
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
index d5e63ef797c91..3580d2b73494b 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -852,6 +852,9 @@ wlan_hdd_extscan_config_policy[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_
[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_LOW] = { .type = NLA_S32 },
[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SSID_THRESHOLD_PARAM_RSSI_HIGH] = { .type = NLA_S32 },
[QCA_WLAN_VENDOR_ATTR_EXTSCAN_CONFIGURATION_FLAGS] = { .type = NLA_U32 },
+ [QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE] = {
+ .type = NLA_U32
+ },
};
static const struct nla_policy