DivestOS/Patches/Linux_CVEs/CVE-2016-10283/ANY/0002.patch
2017-11-07 17:32:46 -05:00

44 lines
1.6 KiB
Diff

From d60a5839ba987e2c9d365fef950cae0c9ad11010 Mon Sep 17 00:00:00 2001
From: SaidiReddy Yenuga <saidir@codeaurora.org>
Date: Tue, 21 Feb 2017 13:05:26 +0530
Subject: qcacld-3.0: Trim operation classes to max supported in change station
qcacld-2.0 to qcacld-3.0 Propagation.
Operation classes supported can be controlled by user, which can
be sent greater than the max supported operations. This results
in stack overflow in change station command.
Add check to validate operations supported param given by user
and if it exceeds max supported value, set it to max supported
value.
CRs-Fixed: 2002052
Change-Id: Idd3a35e38b091546a17d7ec6329f19429e5c289c
---
core/hdd/src/wlan_hdd_cfg80211.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c
index 2ac8896..8f13919 100644
--- a/core/hdd/src/wlan_hdd_cfg80211.c
+++ b/core/hdd/src/wlan_hdd_cfg80211.c
@@ -10513,6 +10513,14 @@ static int __wlan_hdd_change_station(struct wiphy *wiphy,
hdd_notice("After removing duplcates StaParams.supported_channels_len: %d",
StaParams.supported_channels_len);
}
+ if (params->supported_oper_classes_len >
+ CDS_MAX_SUPP_OPER_CLASSES) {
+ hdd_notice("received oper classes:%d, resetting it to max supported: %d",
+ params->supported_oper_classes_len,
+ CDS_MAX_SUPP_OPER_CLASSES);
+ params->supported_oper_classes_len =
+ CDS_MAX_SUPP_OPER_CLASSES;
+ }
qdf_mem_copy(StaParams.supported_oper_classes,
params->supported_oper_classes,
params->supported_oper_classes_len);
--
cgit v1.1