Overhaul CVE patches

Patches/Linux_CVEs/CVE-2017-0439/0.patch

@@ -1,57 +0,0 @@
-From 81b6b5538d3227ed4b925fcceedb109abb2a4c61 Mon Sep 17 00:00:00 2001
-From: Jeff Johnson <jjohnson@codeaurora.org>
-Date: Fri, 18 Nov 2016 11:35:01 -0800
-Subject: qcacld-2.0: Avoid overflow of passpoint network list
-
-Currently when processing a passpoint vendor command the "num
-networks" attribute is limit checked and if it exceeds a MAX value
-then the command is rejected. Otherwise this value is used to
-calculate the size of the buffer allocated to hold the internal
-representation of the request. However later when the network
-attributes are parsed there is no check to make sure the number of
-networks processed does not exceed the "num networks" used to allocate
-memory, and as a result a buffer overflow can occur. Address this
-issue by aborting the network parsing once "num networks" records have
-been parsed.
-
-Change-Id: I38d9f19b08b42fa9a850eb70a42920fbc3b99cf6
-CRs-Fixed: 1092059
----
- CORE/HDD/src/wlan_hdd_cfg80211.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
-index a2ff8fe..54c5e54 100644
---- a/CORE/HDD/src/wlan_hdd_cfg80211.c
-+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
-@@ -5127,11 +5127,19 @@ static int hdd_extscan_passpoint_fill_network_list(
- 	struct nlattr *networks;
- 	int rem1, len;
- 	uint8_t index;
-+	uint32_t expected_networks;
- 
-+	expected_networks = req_msg->num_networks;
- 	index = 0;
- 	nla_for_each_nested(networks,
- 		tb[QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NETWORK_ARRAY],
- 		rem1) {
-+
-+		if (index == expected_networks) {
-+			hddLog(LOGW, FL("ignoring excess networks"));
-+			break;
-+		}
-+
- 		if (nla_parse(network,
- 			QCA_WLAN_VENDOR_ATTR_PNO_MAX,
- 			nla_data(networks), nla_len(networks), NULL)) {
-@@ -5193,6 +5201,7 @@ static int hdd_extscan_passpoint_fill_network_list(
- 
- 		index++;
- 	}
-+	req_msg->num_networks = index;
- 	return 0;
- }
- 
--- 
-cgit v1.1
-

Patches/Linux_CVEs/CVE-2017-0439/1.patch

@@ -1,56 +0,0 @@
-From 5b3f9bb678b1f5a57f7664965ee6e082553c1e40 Mon Sep 17 00:00:00 2001
-From: Srinivas Girigowda <sgirigow@codeaurora.org>
-Date: Mon, 21 Nov 2016 19:10:09 -0800
-Subject: [PATCH] qcacld-2.0: Avoid overflow of passpoint network list
-
-Currently when processing a passpoint vendor command the "num
-networks" attribute is limit checked and if it exceeds a MAX value
-then the command is rejected. Otherwise this value is used to
-calculate the size of the buffer allocated to hold the internal
-representation of the request. However later when the network
-attributes are parsed there is no check to make sure the number of
-networks processed does not exceed the "num networks" used to allocate
-memory, and as a result a buffer overflow can occur. Address this
-issue by aborting the network parsing once "num networks" records have
-been parsed.
-
-Change-Id: I38d9f19b08b42fa9a850eb70a42920fbc3b99cf6
-CRs-Fixed: 1092059
-Bug: 32450647
-Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
----
- drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-index 82275c27ae587..89dba5d54b627 100644
---- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c
-@@ -4992,11 +4992,19 @@ static int hdd_extscan_passpoint_fill_network_list(
- 	struct nlattr *networks;
- 	int rem1, len;
- 	uint8_t index;
-+	uint32_t expected_networks;
- 
-+	expected_networks = req_msg->num_networks;
- 	index = 0;
- 	nla_for_each_nested(networks,
- 		tb[QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NETWORK_ARRAY],
- 		rem1) {
-+
-+		if (index == expected_networks) {
-+			hddLog(LOGW, FL("ignoring excess networks"));
-+			break;
-+		}
-+
- 		if (nla_parse(network,
- 			QCA_WLAN_VENDOR_ATTR_PNO_MAX,
- 			nla_data(networks), nla_len(networks), NULL)) {
-@@ -5058,6 +5066,7 @@ static int hdd_extscan_passpoint_fill_network_list(
- 
- 		index++;
- 	}
-+	req_msg->num_networks = index;
- 	return 0;
- }
-