DivestOS/Patches/Linux_CVEs/CVE-2017-11052/ANY/0001.patch
2017-11-07 17:32:46 -05:00

43 lines
1.7 KiB
Diff

From c1ea8487f35d3f4dea574552afda6a1637f98bbb Mon Sep 17 00:00:00 2001
From: Jeff Johnson <jjohnson@codeaurora.org>
Date: Thu, 15 Jun 2017 12:47:46 -0700
Subject: qcacld-2.0: Properly validate QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR
Currently the QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR nla_policy specifies
a type of NLA_STRING, but the underlying implementation expects a
NUL-terminated string. Update the policy to correctly use a type of
NLA_NUL_STRING with the len updated to remove the allocation needed
for the terminating NUL.
Change-Id: Ic73241511ab73ae63fd7c1a8d6422da91931919c
CRs-Fixed: 2061688
---
CORE/HDD/src/wlan_hdd_nan_datapath.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/CORE/HDD/src/wlan_hdd_nan_datapath.c b/CORE/HDD/src/wlan_hdd_nan_datapath.c
index 2a2e6e4..d29a23a 100644
--- a/CORE/HDD/src/wlan_hdd_nan_datapath.c
+++ b/CORE/HDD/src/wlan_hdd_nan_datapath.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -40,8 +40,8 @@ static const struct nla_policy
qca_wlan_vendor_ndp_policy[QCA_WLAN_VENDOR_ATTR_NDP_PARAMS_MAX + 1] = {
[QCA_WLAN_VENDOR_ATTR_NDP_SUBCMD] = { .type = NLA_U32 },
[QCA_WLAN_VENDOR_ATTR_NDP_TRANSACTION_ID] = { .type = NLA_U16 },
- [QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_STRING,
- .len = IFNAMSIZ },
+ [QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_NUL_STRING,
+ .len = IFNAMSIZ - 1 },
[QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_INSTANCE_ID] = { .type = NLA_U32 },
[QCA_WLAN_VENDOR_ATTR_NDP_CHANNEL] = { .type = NLA_U32 },
[QCA_WLAN_VENDOR_ATTR_NDP_PEER_DISCOVERY_MAC_ADDR] = {
--
cgit v1.1