DivestOS/Patches/Linux_CVEs/CVE-2017-11015/qcacld-3.0/0003.patch

54 lines
2.1 KiB
Diff
Raw Normal View History

2017-11-07 17:32:46 -05:00
From ec58bc99e29d89f8e164954999ef8a45cec21754 Mon Sep 17 00:00:00 2001
From: Krishna Kumaar Natarajan <kknatara@codeaurora.org>
Date: Wed, 5 Jul 2017 16:47:45 -0700
Subject: qcacld-3.0: Update lim_compute_crc32() to pass uint16_t
Update lim_compute_crc32() to pass uint16_t as a length type.
Currently uint8_t is being passed as length and there will be type
mismatch when authentication frame to be encrypted will be larger
than 255 bytes.
Change-Id: Ic009197c13a2d70c9015a184acff2e82bf80eaba
CRs-Fixed: 2060959
---
core/mac/src/pe/lim/lim_security_utils.c | 2 +-
core/mac/src/pe/lim/lim_security_utils.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/core/mac/src/pe/lim/lim_security_utils.c b/core/mac/src/pe/lim/lim_security_utils.c
index c5938c2..1a2964c 100644
--- a/core/mac/src/pe/lim/lim_security_utils.c
+++ b/core/mac/src/pe/lim/lim_security_utils.c
@@ -596,7 +596,7 @@ lim_encrypt_auth_frame(tpAniSirGlobal pMac, uint8_t keyId, uint8_t *pKey,
* @return None
*/
-void lim_compute_crc32(uint8_t *pDest, uint8_t *pSrc, uint8_t len)
+void lim_compute_crc32(uint8_t *pDest, uint8_t *pSrc, uint16_t len)
{
uint32_t crc;
int i;
diff --git a/core/mac/src/pe/lim/lim_security_utils.h b/core/mac/src/pe/lim/lim_security_utils.h
index c5b30ba..c3410ea 100644
--- a/core/mac/src/pe/lim/lim_security_utils.h
+++ b/core/mac/src/pe/lim/lim_security_utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2015, 2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -58,7 +58,7 @@ void lim_restore_from_auth_state(tpAniSirGlobal,
uint8_t lim_delete_open_auth_pre_auth_node(tpAniSirGlobal mac_ctx);
/* Encryption/Decryption related functions */
-void lim_compute_crc32(uint8_t *, uint8_t *, uint8_t);
+void lim_compute_crc32(uint8_t *, uint8_t *, uint16_t);
void lim_rc4(uint8_t *, uint8_t *, uint8_t *, uint32_t, uint16_t);
void lim_encrypt_auth_frame(tpAniSirGlobal, uint8_t, uint8_t *, uint8_t *,
uint8_t *, uint32_t);
--
cgit v1.1