Update Linux CVE patches

2025-09-30 23:48:34 -04:00 · 2017-10-29 22:14:37 -04:00 · 2017-10-29 22:14:37 -04:00 · 3989a1b20b
commit 3989a1b20b
parent 12b63c12b7
958 changed files with 21074 additions and 397 deletions
--- a/Patches/Linux_CVEs/CVE-2017-0440/ANY/1.patch
+++ b/Patches/Linux_CVEs/CVE-2017-0440/ANY/1.patch
@ -0,0 +1,71 @@
+From 054ce0761e900c5f63089393f8b6cadf17d55ade Mon Sep 17 00:00:00 2001
+From: Hanumanth Reddy Pothula <c_hpothu@codeaurora.org>
+Date: Fri, 27 Jan 2017 16:43:45 +0530
+Subject: prima: Avoid overflow of "set_bssid_hotlist" params
+
+qcacld2.0 to prima propgation
+
+The wlan driver supports the following vendor command:
+      QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_SET_BSSID_HOTLIST
+
+This command supplies a "number of APs" attribute as well as a list of
+per-AP attributes.  However there is no validation that the number of
+APs provided won't overflow the destination buffer.  In addition there
+is no validation that the number of APs actually provided matches the
+number of APs expected.
+
+To address these issues:
+* Verify that the expected number of APs doesn't exceed the maximum
+  allowed number of APs
+* Verify that the actual number of APs supplied doesn't exceed the
+  expected number of APs
+* Only process the actual number of supplied APs if it is less than
+  the expected number of APs.
+
+Change-Id: I41e36d11bc3e71928866a27afc2fbf046b59f0f5
+CRs-Fixed: 1095770
+---
+ CORE/HDD/src/wlan_hdd_cfg80211.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
+index 8aa38d1..f130174 100644
+--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
+@@ -3764,10 +3764,20 @@ static int __wlan_hdd_cfg80211_extscan_set_bssid_hotlist(struct wiphy *wiphy,
+ 
+     pReqMsg->numBssid = nla_get_u32(
+               tb[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_NUM_AP]);
+    if (pReqMsg->numBssid > WLAN_EXTSCAN_MAX_HOTLIST_APS) {
+        hddLog(LOGE, FL("Number of AP: %u exceeds max: %u"),
+               pReqMsg->numBssid, WLAN_EXTSCAN_MAX_HOTLIST_APS);
+        goto fail;
+    }
+     hddLog(VOS_TRACE_LEVEL_INFO, FL("Number of AP (%d)"), pReqMsg->numBssid);
+ 
+     nla_for_each_nested(apTh,
+                 tb[QCA_WLAN_VENDOR_ATTR_EXTSCAN_AP_THRESHOLD_PARAM], rem) {
+        if (i == pReqMsg->numBssid) {
+            hddLog(LOGW, FL("Ignoring excess AP"));
+            break;
+        }
+
+         if(nla_parse(tb2, QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_MAX,
+                 nla_data(apTh), nla_len(apTh),
+                 NULL)) {
+@@ -3806,6 +3816,12 @@ static int __wlan_hdd_cfg80211_extscan_set_bssid_hotlist(struct wiphy *wiphy,
+         i++;
+     }
+ 
+    if (i < pReqMsg->numBssid) {
+        hddLog(LOGW, FL("Number of AP %u less than expected %u"),
+               i, pReqMsg->numBssid);
+        pReqMsg->numBssid = i;
+    }
+
+     context = &pHddCtx->ext_scan_context;
+     spin_lock(&hdd_context_lock);
+     INIT_COMPLETION(context->response_event);
+-- 
+cgit v1.1
+