Overhaul CVE patches

2025-08-03 20:04:21 -04:00 · 2017-10-29 14:23:02 -04:00 · 2017-10-29 14:23:02 -04:00 · 92a0187dfb
commit 92a0187dfb
parent ce59045163
907 changed files with 301921 additions and 3819 deletions
--- a/Patches/Linux_CVEs/CVE-2017-0437/0.patch
+++ b/Patches/Linux_CVEs/CVE-2017-0437/0.patch
@ -1,128 +0,0 @@
-From 1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77 Mon Sep 17 00:00:00 2001
-From: Jeff Johnson <jjohnson@codeaurora.org>
-Date: Mon, 28 Nov 2016 09:19:02 -0800
-Subject: qcacld-2.0: Avoid overflow of roam subcmd params
-
-Currently when processing the QCA_NL80211_VENDOR_SUBCMD_ROAM vendor
-command, for the following roam commands there are input validation
-issues:
-	QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BSSID_PREFS
-	QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BLACKLIST_BSSID
-
-Both of these commands have a "number of BSSIDs" attribute as well as a
-list of BSSIDs. However there is no validation that the number of
-BSSIDs provided won't overflow the destination buffer.  In addition
-there is no validation that the number of BSSIDs actually provided
-matches the number of BSSIDs expected.
-
-To address these issues, for the above mentioned commands:
-* Verify that the expected number of BSSIDs doesn't exceed the maximum
-  allowed number of BSSIDs
-* Verify that the actual number of BSSIDs supplied doesn't exceed the
-  expected number of BSSIDs
-* Only process the actual number of supplied BSSIDs if it is less than
-  the expected number of BSSIDs.
-
-Change-Id: Ifa6121ee1b1441ec415198897ef815b40cb5aff6
-CRs-Fixed: 1092497
---
- CORE/HDD/src/wlan_hdd_cfg80211.c | 43 ++++++++++++++++++++++++++++++++++------
- 1 file changed, 37 insertions(+), 6 deletions(-)
-
-diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
-index b3c265c..800d123 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
-+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
-@@ -1870,6 +1870,7 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 	struct nlattr *tb2[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX + 1];
- 	int rem, i;
- 	uint32_t buf_len = 0;
-+	uint32_t count;
- 	int ret;
- 
- 	if (VOS_FTM_MODE == hdd_get_conparam()) {
-@@ -2045,15 +2046,25 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 			hddLog(LOGE, FL("attr num of preferred bssid failed"));
- 			goto fail;
- 		}
-		roam_params.num_bssid_favored = nla_get_u32(
-+		count = nla_get_u32(
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_LAZY_ROAM_NUM_BSSID]);
-+		if (count > MAX_BSSID_FAVORED) {
-+			hddLog(LOGE, FL("Preferred BSSID count %u exceeds max %u"),
-+			       count, MAX_BSSID_FAVORED);
-+			goto fail;
-+		}
- 		hddLog(VOS_TRACE_LEVEL_DEBUG,
-			FL("Num of Preferred BSSID (%d)"),
-			roam_params.num_bssid_favored);
-+			FL("Num of Preferred BSSID: %d"), count);
- 		i = 0;
- 		nla_for_each_nested(curr_attr,
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PREFS],
- 			rem) {
-+
-+			if (i == count) {
-+				hddLog(LOGW, FL("Ignoring excess Preferred BSSID"));
-+				break;
-+			}
-+
- 			if (nla_parse(tb2,
- 				QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
- 				nla_data(curr_attr), nla_len(curr_attr),
-@@ -2083,6 +2094,11 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 				roam_params.bssid_favored_factor[i]);
- 			i++;
- 		}
-+		if (i < count)
-+			hddLog(LOGW,
-+			       FL("Num Preferred BSSID %u less than expected %u"),
-+			       i, count);
-+		roam_params.num_bssid_favored = i;
- 		sme_update_roam_params(pHddCtx->hHal, session_id,
- 			roam_params, REASON_ROAM_SET_FAVORED_BSSID);
- 		break;
-@@ -2092,15 +2108,25 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 			hddLog(LOGE, FL("attr num of blacklist bssid failed"));
- 			goto fail;
- 		}
-		roam_params.num_bssid_avoid_list = nla_get_u32(
-+		count = nla_get_u32(
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_NUM_BSSID]);
-+		if (count > MAX_BSSID_AVOID_LIST) {
-+			hddLog(LOGE, FL("Blacklist BSSID count %u exceeds max %u"),
-+			       count, MAX_BSSID_AVOID_LIST);
-+			goto fail;
-+		}
- 		hddLog(VOS_TRACE_LEVEL_DEBUG,
-			FL("Num of blacklist BSSID (%d)"),
-			roam_params.num_bssid_avoid_list);
-+			FL("Num of blacklist BSSID: %d"), count);
- 		i = 0;
- 		nla_for_each_nested(curr_attr,
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS],
- 			rem) {
-+
-+			if (i == count) {
-+				hddLog(LOGW, FL("Ignoring excess Blacklist BSSID"));
-+				break;
-+			}
-+
- 			if (nla_parse(tb2,
- 				QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
- 				nla_data(curr_attr), nla_len(curr_attr),
-@@ -2121,6 +2147,11 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 				roam_params.bssid_avoid_list[i]));
- 			i++;
- 		}
-+		if (i < count)
-+			hddLog(LOGW,
-+			       FL("Num Blacklist BSSID %u less than expected %u"),
-+			       i, count);
-+		roam_params.num_bssid_avoid_list = i;
- 		sme_update_roam_params(pHddCtx->hHal, session_id,
- 			roam_params, REASON_ROAM_SET_BLACKLIST_BSSID);
- 		break;
-- 
-cgit v1.1
-
--- a/Patches/Linux_CVEs/CVE-2017-0437/1.patch
+++ b/Patches/Linux_CVEs/CVE-2017-0437/1.patch
@ -1,127 +0,0 @@
-From 138c690bd39a3f1ba14450e308ebc56bbda1f5b2 Mon Sep 17 00:00:00 2001
-From: Srinivas Girigowda <sgirigow@codeaurora.org>
-Date: Mon, 28 Nov 2016 20:47:30 -0800
-Subject: [PATCH] qcacld-2.0: Avoid overflow of roam subcmd params
-
-Currently when processing the QCA_NL80211_VENDOR_SUBCMD_ROAM vendor
-command, for the following roam commands there are input validation
-issues:
-        QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BSSID_PREFS
-        QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BLACKLIST_BSSID
-
-Both of these commands have a "number of BSSIDs" attribute as well as a
-list of BSSIDs. However there is no validation that the number of
-BSSIDs provided won't overflow the destination buffer.  In addition
-there is no validation that the number of BSSIDs actually provided
-matches the number of BSSIDs expected.
-
-To address these issues, for the above mentioned commands:
-* Verify that the expected number of BSSIDs doesn't exceed the maximum
-  allowed number of BSSIDs
-* Verify that the actual number of BSSIDs supplied doesn't exceed the
-  expected number of BSSIDs
-* Only process the actual number of supplied BSSIDs if it is less than
-  the expected number of BSSIDs.
-
-Change-Id: Ifa6121ee1b1441ec415198897ef815b40cb5aff6
-CRs-Fixed: 1092497
-Bug: 32402310 32402604 32871330
-Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
- .../qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c    | 43 +++++++++++++++++++---
- 1 file changed, 37 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-index 89dba5d54b627..fd23a304b93bd 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-@@ -1799,6 +1799,7 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 	struct nlattr *tb2[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX + 1];
- 	int rem, i;
- 	uint32_t buf_len = 0;
-+	uint32_t count;
- 	int ret;
- 
- 	if (VOS_FTM_MODE == hdd_get_conparam()) {
-@@ -1974,15 +1975,25 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 			hddLog(LOGE, FL("attr num of preferred bssid failed"));
- 			goto fail;
- 		}
-		roam_params.num_bssid_favored = nla_get_u32(
-+		count = nla_get_u32(
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_LAZY_ROAM_NUM_BSSID]);
-+		if (count > MAX_BSSID_FAVORED) {
-+			hddLog(LOGE, FL("Preferred BSSID count %u exceeds max %u"),
-+			       count, MAX_BSSID_FAVORED);
-+			goto fail;
-+		}
- 		hddLog(VOS_TRACE_LEVEL_DEBUG,
-			FL("Num of Preferred BSSID (%d)"),
-			roam_params.num_bssid_favored);
-+			FL("Num of Preferred BSSID: %d"), count);
- 		i = 0;
- 		nla_for_each_nested(curr_attr,
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PREFS],
- 			rem) {
-+
-+			if (i == count) {
-+				hddLog(LOGW, FL("Ignoring excess Preferred BSSID"));
-+				break;
-+			}
-+
- 			if (nla_parse(tb2,
- 				QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
- 				nla_data(curr_attr), nla_len(curr_attr),
-@@ -2012,6 +2023,11 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 				roam_params.bssid_favored_factor[i]);
- 			i++;
- 		}
-+		if (i < count)
-+			hddLog(LOGW,
-+			       FL("Num Preferred BSSID %u less than expected %u"),
-+			       i, count);
-+		roam_params.num_bssid_favored = i;
- 		sme_update_roam_params(pHddCtx->hHal, session_id,
- 			roam_params, REASON_ROAM_SET_FAVORED_BSSID);
- 		break;
-@@ -2021,15 +2037,25 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 			hddLog(LOGE, FL("attr num of blacklist bssid failed"));
- 			goto fail;
- 		}
-		roam_params.num_bssid_avoid_list = nla_get_u32(
-+		count = nla_get_u32(
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_NUM_BSSID]);
-+		if (count > MAX_BSSID_AVOID_LIST) {
-+			hddLog(LOGE, FL("Blacklist BSSID count %u exceeds max %u"),
-+			       count, MAX_BSSID_AVOID_LIST);
-+			goto fail;
-+		}
- 		hddLog(VOS_TRACE_LEVEL_DEBUG,
-			FL("Num of blacklist BSSID (%d)"),
-			roam_params.num_bssid_avoid_list);
-+			FL("Num of blacklist BSSID: %d"), count);
- 		i = 0;
- 		nla_for_each_nested(curr_attr,
- 			tb[QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS],
- 			rem) {
-+
-+			if (i == count) {
-+				hddLog(LOGW, FL("Ignoring excess Blacklist BSSID"));
-+				break;
-+			}
-+
- 			if (nla_parse(tb2,
- 				QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX,
- 				nla_data(curr_attr), nla_len(curr_attr),
-@@ -2050,6 +2076,11 @@ __wlan_hdd_cfg80211_set_ext_roam_params(struct wiphy *wiphy,
- 				roam_params.bssid_avoid_list[i]));
- 			i++;
- 		}
-+		if (i < count)
-+			hddLog(LOGW,
-+			       FL("Num Blacklist BSSID %u less than expected %u"),
-+			       i, count);
-+		roam_params.num_bssid_avoid_list = i;
- 		sme_update_roam_params(pHddCtx->hHal, session_id,
- 			roam_params, REASON_ROAM_SET_BLACKLIST_BSSID);
- 		break;