DivestOS/Patches/Linux_CVEs/CVE-2017-11052/ANY/1.patch

From c18c5935d437e4b06ec630d755a42b49e11bd071 Mon Sep 17 00:00:00 2001
From: Jeff Johnson <jjohnson@codeaurora.org>
Date: Thu, 15 Jun 2017 12:47:46 -0700
Subject: [PATCH] qcacld-2.0: Properly validate
 QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR

Currently the QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR nla_policy specifies
a type of NLA_STRING, but the underlying implementation expects a
NUL-terminated string. Update the policy to correctly use a type of
NLA_NUL_STRING with the len updated to remove the allocation needed
for the terminating NUL.

Bug: 37687303
Change-Id: Ic73241511ab73ae63fd7c1a8d6422da91931919c
CRs-Fixed: 2061688
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c
index 1b5e4db3100c7..469ae96818cf4 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_nan_datapath.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -38,8 +38,8 @@ static const struct nla_policy
 qca_wlan_vendor_ndp_policy[QCA_WLAN_VENDOR_ATTR_NDP_PARAMS_MAX + 1] = {
 	[QCA_WLAN_VENDOR_ATTR_NDP_SUBCMD] = { .type = NLA_U32 },
 	[QCA_WLAN_VENDOR_ATTR_NDP_TRANSACTION_ID] = { .type = NLA_U16 },
-	[QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_STRING,
-					.len = IFNAMSIZ },
+	[QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR] = { .type = NLA_NUL_STRING,
+					.len = IFNAMSIZ - 1 },
 	[QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_INSTANCE_ID] = { .type = NLA_U32 },
 	[QCA_WLAN_VENDOR_ATTR_NDP_CHANNEL_SPEC_CHANNEL] = { .type = NLA_U32 },
 	[QCA_WLAN_VENDOR_ATTR_NDP_PEER_DISCOVERY_MAC_ADDR] = {