Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
3989a1b20b
DivestOS/Patches/Linux_CVEs/CVE-2014-9902/ANY/0.patch
Tad 3989a1b20b Update Linux CVE patches
2017-10-29 22:14:37 -04:00

62 lines
2.0 KiB
Diff
Raw Blame History

From 3b1c44a3a7129dc25abe2c23543f6f66c59e8f50 Mon Sep 17 00:00:00 2001
From: Kiran Kumar Lokere <klokere@codeaurora.org>
Date: Thu, 7 Nov 2013 19:01:17 -0800
Subject: Fix the buffer overflow issue observed in static code analysis.
Fix the possible buffer overflow in IE parsing.
Change-Id: I1a386ac09dbe30562fbd84739eb8d61c6a09b001
CRs-Fixed: 553937, 553941
---
CORE/MAC/src/include/dot11f.h | 2 +-
CORE/SYS/legacy/src/utils/src/dot11f.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/CORE/MAC/src/include/dot11f.h b/CORE/MAC/src/include/dot11f.h
index 3a82e65..cc89258 100644
--- a/CORE/MAC/src/include/dot11f.h
+++ b/CORE/MAC/src/include/dot11f.h
@@ -52,7 +52,7 @@
*
*
* This file was automatically generated by 'framesc'
- * Tue Jul 2 15:39:44 2013 from the following file(s):
+ * Thu Nov 7 16:38:38 2013 from the following file(s):
*
* dot11f.frms
*
diff --git a/CORE/SYS/legacy/src/utils/src/dot11f.c b/CORE/SYS/legacy/src/utils/src/dot11f.c
index 411f593..1b89baa 100644
--- a/CORE/SYS/legacy/src/utils/src/dot11f.c
+++ b/CORE/SYS/legacy/src/utils/src/dot11f.c
@@ -29,7 +29,7 @@
*
*
* This file was automatically generated by 'framesc'
- * Tue Jul 2 15:39:44 2013 from the following file(s):
+ * Thu Nov 7 16:38:38 2013 from the following file(s):
*
* dot11f.frms
*
@@ -2976,7 +2976,7 @@ tANI_U32 dot11fUnpackIeCountry(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8 ielen
else
{
pDst->num_triplets = (tANI_U8)( ielen / 3 );
- if (ielen / 3 > 84){
+ if (ielen > 84 * 3){
pDst->present = 0;
return DOT11F_SKIPPED_BAD_IE;
}
@@ -4650,7 +4650,7 @@ tANI_U32 dot11fUnpackIeSuppChannels(tpAniSirGlobal pCtx, tANI_U8 *pBuf, tANI_U8
if (pDst->present) status = DOT11F_DUPLICATE_IE;
pDst->present = 1;
pDst->num_bands = (tANI_U8)( ielen / 2 );
- if (ielen / 2 > 48){
+ if (ielen > 48 * 2){
pDst->present = 0;
return DOT11F_SKIPPED_BAD_IE;
}
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink