DivestOS/Patches/Linux_CVEs/CVE-2017-11052/ANY/1.patch

42 lines
1.9 KiB
Diff
Raw Normal View History

From c18c5935d437e4b06ec630d755a42b49e11bd071 Mon Sep 17 00:00:00 2001
From: Jeff Johnson <jjohnson@codeaurora.org>
Date: Thu, 15 Jun 2017 12:47:46 -0700
Subject: [PATCH] qcacld-2.0: Properly validate
QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR
Currently the QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR nla_policy specifies
a type of NLA_STRING, but the underlying implementation expects a
NUL-terminated string. Update the policy to correctly use a type of
NLA_NUL_STRING with the len updated to remove the allocation needed
for the terminating NUL.
Bug: 37687303
Change-Id: Ic73241511ab73ae63fd7c1a8d6422da91931919c
CRs-Fixed: 2061688
---
drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c
index 1b5e4db3100c7..469ae96818cf4 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -38,8 +38,8 @@ static const struct nla_policy
qca_wlan_vendor_ndp_policy[QCA_WLAN_VENDOR_ATTR_NDP_PARAMS_MAX + 1] = {
[QCA_WLAN_VENDOR_ATTR_NDP_SUBCMD] = { .type = NLA_U32 },
[QCA_WLAN_VENDOR_ATTR_NDP_TRANSACTION_ID] = { .type = NLA_U16 },
- [QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_STRING,
- .len = IFNAMSIZ },
+ [QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_NUL_STRING,
+ .len = IFNAMSIZ - 1 },
[QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_INSTANCE_ID] = { .type = NLA_U32 },
[QCA_WLAN_VENDOR_ATTR_NDP_CHANNEL_SPEC_CHANNEL] = { .type = NLA_U32 },
[QCA_WLAN_VENDOR_ATTR_NDP_PEER_DISCOVERY_MAC_ADDR] = {