mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
41 lines
1.4 KiB
Diff
41 lines
1.4 KiB
Diff
From 99c00329bc13c526305dc826950c2cc117e6725d Mon Sep 17 00:00:00 2001
|
|
From: yeshwanth sriram guntuka <ysriramg@codeaurora.org>
|
|
Date: Mon, 3 Jul 2017 11:44:31 +0530
|
|
Subject: qcacld-2.0: Fix kernel memory corruption
|
|
|
|
Buffer overflow in ConvertQosMapsetFrame function
|
|
when num_dscp_exceptions value is less than 16.
|
|
|
|
Fix is to return from function if num_dscp_exceptions
|
|
is less than 16.
|
|
|
|
Change-Id: I2fcce60b7fe5e988348cee786e9a4d493d9512fe
|
|
CRs-Fixed: 2061544
|
|
---
|
|
CORE/SYS/legacy/src/utils/src/utilsParser.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/CORE/SYS/legacy/src/utils/src/utilsParser.c b/CORE/SYS/legacy/src/utils/src/utilsParser.c
|
|
index 6c99939..e64ce33 100644
|
|
--- a/CORE/SYS/legacy/src/utils/src/utilsParser.c
|
|
+++ b/CORE/SYS/legacy/src/utils/src/utilsParser.c
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
- * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
|
|
+ * Copyright (c) 2011-2015, 2017 The Linux Foundation. All rights reserved.
|
|
*
|
|
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
|
|
*
|
|
@@ -706,6 +706,8 @@ void ConvertQosMapsetFrame(tpAniSirGlobal pMac, tSirQosMapSet* Qos, tDot11fIEQos
|
|
tANI_U8 i,j=0;
|
|
if (dot11fIE->num_dscp_exceptions > 58)
|
|
dot11fIE->num_dscp_exceptions = 58;
|
|
+ if (dot11fIE->num_dscp_exceptions < 16)
|
|
+ return;
|
|
Qos->num_dscp_exceptions = (dot11fIE->num_dscp_exceptions - 16)/2;
|
|
for (i = 0; i < Qos->num_dscp_exceptions; i++)
|
|
{
|
|
--
|
|
cgit v1.1
|
|
|