More patches

This commit is contained in:
Tad 2017-11-10 12:23:07 -05:00
parent 8ead3072ca
commit 7d4faa1ef8
6 changed files with 90 additions and 0 deletions

View File

@ -0,0 +1,52 @@
From ac39bfffe109a6cffcaf3b537505130712161dce Mon Sep 17 00:00:00 2001
From: Sridhar Selvaraj <sselvara@codeaurora.org>
Date: Fri, 14 Jul 2017 16:08:23 +0530
Subject: [PATCH] qcacld-2.0: Update limComputeCrc32 to pass uint16_t
qcacld-3.0 to qcacld-2.0 propagation
Update limComputeCrc32() to pass uint16_t as a length type.
Currently uint8_t is being passed as length and there will be type
mismatch when authentication frame to be encrypted will be larger
than 255 bytes.
Change-Id: Ic009197c13a2d70c9015a184acff2e82bf80eaba
CRs-Fixed: 2072937
---
drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c | 2 +-
drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
index 85f12dfb876..8f754c77e9f 100644
--- a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
+++ b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
@@ -609,7 +609,7 @@ limEncryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 keyId, tANI_U8 *pKey, tANI_U8 *
*/
void
-limComputeCrc32(tANI_U8 *pDest, tANI_U8 * pSrc, tANI_U8 len)
+limComputeCrc32(tANI_U8 *pDest, tANI_U8 * pSrc, tANI_U16 len)
{
tANI_U32 crc;
int i;
diff --git a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
index 5eafbd7b747..dd097607a18 100644
--- a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
+++ b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2015, 2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -73,7 +73,7 @@ void limRestoreFromAuthState(tpAniSirGlobal,
// Encryption/Decryption related functions
tCfgWepKeyEntry *limLookUpKeyMappings(tSirMacAddr);
-void limComputeCrc32(tANI_U8 *, tANI_U8 *, tANI_U8);
+void limComputeCrc32(tANI_U8 *, tANI_U8 *, tANI_U16);
void limRC4(tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32, tANI_U16);
void limEncryptAuthFrame(tpAniSirGlobal, tANI_U8, tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32);
tANI_U8 limDecryptAuthFrame(tpAniSirGlobal, tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32, tANI_U16);

View File

@ -0,0 +1,33 @@
From d0cd3ede7c17ee7fcf0f9b6d125d027bc28640be Mon Sep 17 00:00:00 2001
From: Sridhar Selvaraj <sselvara@codeaurora.org>
Date: Fri, 14 Jul 2017 15:53:09 +0530
Subject: [PATCH] qcacld-2.0: Update SIR_MAC_AUTH_CHALLENGE_LENGTH as per IEEE
spec
qcacld-3.0 to qcacld-2.0 propagation
Update SIR_MAC_AUTH_CHALLENGE_LENGTH to 253 as per IEEE spec.
Currently value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128.
This may result in potential buffer overflow since frame parser
allows challenge text of length upto 253 but driver can not handle
challenge text longer than 128 bytes.
Change-Id: I7baf860fdde51a14a6573b4f0f26817f5071193e
CRs-Fixed: 2072937
---
drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h b/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
index cd548457338..7ee9a613e64 100644
--- a/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
+++ b/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
@@ -579,7 +579,7 @@
#define SIR_MAC_MAX_NUMBER_OF_RATES 12
#define SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS 4
#define SIR_MAC_KEY_LENGTH 13 // WEP Maximum key length size
-#define SIR_MAC_AUTH_CHALLENGE_LENGTH 128
+#define SIR_MAC_AUTH_CHALLENGE_LENGTH 253
#define SIR_MAC_WEP_IV_LENGTH 4
#define SIR_MAC_WEP_ICV_LENGTH 4

View File

@ -1447,6 +1447,8 @@ CVE-2017-11013
CVE-2017-11014
Link - qcacld-3.0 - https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ec58bc99e29d89f8e164954999ef8a45cec21754
CVE-2017-11015
Link - prima - https://github.com/LineageOS/lge-kernel-mako/commit/ac39bfffe109a6cffcaf3b537505130712161dce
Link - prima - https://github.com/LineageOS/lge-kernel-mako/commit/d0cd3ede7c17ee7fcf0f9b6d125d027bc28640be
Link - qcacld-3.0 - https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ec58bc99e29d89f8e164954999ef8a45cec21754
Link - qcacld-3.0 - https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1ef6add65a36de6c4da788f776de2b5b5c528d8e
CVE-2017-11018

View File

@ -19,6 +19,9 @@
echo "Rebranding..."
cd $base"bootable/recovery"
sed -i 's|Android Recovery|DivestOS Recovery|' *_ui.cpp;
cd $base"build"
sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
sed -i 's|echo "ro.build.host=`hostname`"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host