Switch to new CVE patchset

Patches/Linux_CVEs/CVE-2016-2471/ANY/0001.patch

@@ -0,0 +1,43 @@
+From 2c8961821b7691a95cbf5ecc6996e8229d6d5303 Mon Sep 17 00:00:00 2001
+From: Arun Khandavalli <akhandav@qti.qualcomm.com>
+Date: Mon, 9 Nov 2015 10:28:18 +0530
+Subject: wlan: validate essid length before processing scan req
+
+Presently we are not validating the length of the essid received
+and directly copying the buffer without size checking.
+Perform bound checking before processing the scan req.
+
+Change-Id: I786e4feb67bf039df3d217138a412da54f51787d
+CRs-fixed: 890228
+---
+ CORE/HDD/src/wlan_hdd_scan.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CORE/HDD/src/wlan_hdd_scan.c b/CORE/HDD/src/wlan_hdd_scan.c
+index 8d3fa84..709fdec 100644
+--- a/CORE/HDD/src/wlan_hdd_scan.c
++++ b/CORE/HDD/src/wlan_hdd_scan.c
+@@ -740,7 +740,8 @@ int __iw_set_scan(struct net_device *dev, struct iw_request_info *info,
+ 
+       if (wrqu->data.flags & IW_SCAN_THIS_ESSID)  {
+ 
+-          if(scanReq->essid_len) {
++          if(scanReq->essid_len  &&
++               (scanReq->essid_len <= SIR_MAC_MAX_SSID_LENGTH)) {
+               scanRequest.SSIDs.numOfSSIDs = 1;
+               scanRequest.SSIDs.SSIDList =( tCsrSSIDInfo *)vos_mem_malloc(sizeof(tCsrSSIDInfo));
+               if(scanRequest.SSIDs.SSIDList) {
+@@ -754,6 +755,10 @@ int __iw_set_scan(struct net_device *dev, struct iw_request_info *info,
+                 VOS_ASSERT(0);
+               }
+           }
++          else
++          {
++            hddLog(LOGE, FL("Invalid essid length : %d"), scanReq->essid_len);
++          }
+       }
+ 
+        /* set min and max channel time */
+-- 
+cgit v1.1
+