Switch to new CVE patchset

2025-09-27 19:50:52 -04:00 · 2017-11-07 17:32:46 -05:00 · 2017-11-07 17:32:46 -05:00 · 11c7037780
commit 11c7037780
parent 57ce42402b
1215 changed files with 60697 additions and 14533 deletions
--- a/Patches/Linux_CVEs/CVE-2017-0441/ANY/0001.patch
+++ b/Patches/Linux_CVEs/CVE-2017-0441/ANY/0001.patch
--- a/Patches/Linux_CVEs/CVE-2017-0441/ANY/0002.patch
+++ b/Patches/Linux_CVEs/CVE-2017-0441/ANY/0002.patch
@ -0,0 +1,76 @@
+From e578706506f98a4962220066d92d81e853ac7212 Mon Sep 17 00:00:00 2001
+From: Jeff Johnson <jjohnson@codeaurora.org>
+Date: Tue, 29 Nov 2016 08:54:18 -0800
+Subject: qcacld-3.0: Avoid overflow of "significant change" params
+
+This is a qcacld-2.0 to qcacld-3.0 propagation.
+
+The wlan driver supports the following vendor command:
+	QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_SET_SIGNIFICANT_CHANGE
+
+This command supplies a "number of APs" attribute as well as a list of
+per-AP attributes.  However there is no validation that the number of
+APs provided won't overflow the destination buffer.  In addition there
+is no validation that the number of APs actually provided matches the
+number of APs expected.
+
+To address these issues:
+* Verify that the expected number of APs doesn't exceed the maximum
+  allowed number of APs
+* Verify that the actual number of APs supplied doesn't exceed the
+  expected number of APs
+* Only process the actual number of supplied APs if it is less than
+  the expected number of APs.
+
+Change-Id: I0513ffbc4a38f1d7ddbc0815d3618fc9a2ea4f77
+CRs-Fixed: 1095009
+---
+ core/hdd/src/wlan_hdd_ext_scan.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/core/hdd/src/wlan_hdd_ext_scan.c b/core/hdd/src/wlan_hdd_ext_scan.c
+index 86a51f7..320ea3c 100644
+--- a/core/hdd/src/wlan_hdd_ext_scan.c
+++ b/core/hdd/src/wlan_hdd_ext_scan.c
+@@ -2320,6 +2320,13 @@ __wlan_hdd_cfg80211_extscan_set_significant_change(struct wiphy *wiphy,
+ 	pReqMsg->numAp =
+ 		nla_get_u32(tb
+ 		    [QCA_WLAN_VENDOR_ATTR_EXTSCAN_SIGNIFICANT_CHANGE_PARAMS_NUM_AP]);
+	if (pReqMsg->numAp > WLAN_EXTSCAN_MAX_SIGNIFICANT_CHANGE_APS) {
+		hdd_err("Number of AP %u exceeds max %u",
+			pReqMsg->numAp,
+			WLAN_EXTSCAN_MAX_SIGNIFICANT_CHANGE_APS);
+		goto fail;
+	}
+
+ 	pReqMsg->sessionId = pAdapter->sessionId;
+ 	hdd_notice("Number of AP %d Session Id %d",
+ 		pReqMsg->numAp, pReqMsg->sessionId);
+@@ -2328,6 +2335,12 @@ __wlan_hdd_cfg80211_extscan_set_significant_change(struct wiphy *wiphy,
+ 	nla_for_each_nested(apTh,
+ 			    tb[QCA_WLAN_VENDOR_ATTR_EXTSCAN_AP_THRESHOLD_PARAM],
+ 			    rem) {
+
+		if (i == pReqMsg->numAp) {
+			hdd_warn("Ignoring excess AP");
+			break;
+		}
+
+ 		if (nla_parse
+ 		    (tb2, QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_MAX,
+ 		    nla_data(apTh), nla_len(apTh),
+@@ -2372,6 +2385,11 @@ __wlan_hdd_cfg80211_extscan_set_significant_change(struct wiphy *wiphy,
+ 
+ 		i++;
+ 	}
+	if (i < pReqMsg->numAp) {
+		hdd_warn("Number of AP %u less than expected %u",
+			 i, pReqMsg->numAp);
+		pReqMsg->numAp = i;
+	}
+ 
+ 	context = &ext_scan_context;
+ 	spin_lock(&context->context_lock);
+-- 
+cgit v1.1
+
--- a/Patches/Linux_CVEs/CVE-2017-0441/ANY/1.patch
+++ b/Patches/Linux_CVEs/CVE-2017-0441/ANY/1.patch
@ -1,93 +0,0 @@
-From 26e873d1ea24db46362ed80fc53f74c1201af0b1 Mon Sep 17 00:00:00 2001
-From: Srinivas Girigowda <sgirigow@codeaurora.org>
-Date: Wed, 30 Nov 2016 19:20:45 -0800
-Subject: [PATCH] qcacld-2.0: Avoid overflow of "significant change" params
-
-The wlan driver supports the following vendor command:
-        QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_SET_SIGNIFICANT_CHANGE
-
-This command supplies a "number of APs" attribute as well as a list of
-per-AP attributes.  However there is no validation that the number of
-APs provided won't overflow the destination buffer.  In addition there
-is no validation that the number of APs actually provided matches the
-number of APs expected.
-
-To address these issues:
-* Verify that the expected number of APs doesn't exceed the maximum
-  allowed number of APs
-* Verify that the actual number of APs supplied doesn't exceed the
-  expected number of APs
-* Only process the actual number of supplied APs if it is less than
-  the expected number of APs.
-
-Change-Id: I0513ffbc4a38f1d7ddbc0815d3618fc9a2ea4f77
-CRs-Fixed: 1095009
-Bug: 32872662
-Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
- .../staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c  | 16 ++++++++++++++++
- drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c       |  8 ++++----
- 2 files changed, 20 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-index fd23a304b93bd..301ef98c20d13 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-@@ -3201,6 +3201,11 @@ static int __wlan_hdd_cfg80211_extscan_set_significant_change(
-     }
-     pReqMsg->numAp = nla_get_u32(
-             tb[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SIGNIFICANT_CHANGE_PARAMS_NUM_AP]);
-+    if (pReqMsg->numAp > WLAN_EXTSCAN_MAX_SIGNIFICANT_CHANGE_APS) {
-+        hddLog(LOGE, FL("Number of AP %u exceeds max %u"),
-+               pReqMsg->numAp, WLAN_EXTSCAN_MAX_SIGNIFICANT_CHANGE_APS);
-+        goto fail;
-+    }
- 
-     pReqMsg->sessionId = pAdapter->sessionId;
-     hddLog(LOG1, FL("Number of AP %d Session Id %d"), pReqMsg->numAp,
-@@ -3209,6 +3214,12 @@ static int __wlan_hdd_cfg80211_extscan_set_significant_change(
-     i = 0;
-     nla_for_each_nested(apTh,
-                 tb[QCA_WLAN_VENDOR_ATTR_EXTSCAN_AP_THRESHOLD_PARAM], rem) {
-+
-+        if (i == pReqMsg->numAp) {
-+            hddLog(LOGW, FL("Ignoring excess AP"));
-+            break;
-+        }
-+
-         if (nla_parse(tb2,
-                 QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_MAX,
-                 nla_data(apTh), nla_len(apTh),
-@@ -3248,6 +3259,11 @@ static int __wlan_hdd_cfg80211_extscan_set_significant_change(
- 
-         i++;
-     }
-+    if (i < pReqMsg->numAp) {
-+        hddLog(LOGW, FL("Number of AP %u less than expected %u"),
-+               i, pReqMsg->numAp);
-+        pReqMsg->numAp = i;
-+    }
- 
-     context = &pHddCtx->ext_scan_context;
-     spin_lock(&hdd_context_lock);
-diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c
-index f1c4eb4e2c5db..53898a83d9d45 100644
--- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c
-+++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c
-@@ -27390,12 +27390,12 @@ VOS_STATUS wma_get_buf_extscan_change_monitor_cmd(tp_wma_handle wma_handle,
- 	u_int8_t *buf_ptr;
- 	int j;
- 	int len = sizeof(*cmd);
-	int numap = psigchange->numAp;
-+	uint32_t numap = psigchange->numAp;
- 	tSirAPThresholdParam  *src_ap = psigchange->ap;
- 
-	if (!numap) {
-		WMA_LOGE("%s: Invalid number of bssid's",
-			__func__);
-+	if (!numap || (numap > WLAN_EXTSCAN_MAX_SIGNIFICANT_CHANGE_APS)) {
-+		WMA_LOGE("%s: Invalid number of APs: %d",
-+			__func__, numap);
- 		return VOS_STATUS_E_INVAL;
- 	}
- 	len += WMI_TLV_HDR_SIZE;