DivestOS/Patches/Linux_CVEs/CVE-2017-11015/qcacld-2.0/0004.patch

From a50ca3ce494ab6bb6b2e37cdd0428aa6d6260bef Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Mon, 21 Aug 2017 21:25:55 -0700
Subject: [PATCH] qcacld-2.0: Update SIR_MAC_AUTH_CHALLENGE_LENGTH as per IEEE
 spec

qcacld-3.0 to qcacld-2.0 propagation

Update SIR_MAC_AUTH_CHALLENGE_LENGTH to 253 as per IEEE spec.
Currently value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128.
This may result in potential buffer overflow since frame parser
allows challenge text of length upto 253 but driver can not handle
challenge text longer than 128 bytes.

Change-Id: I7baf860fdde51a14a6573b4f0f26817f5071193e
CRs-Fixed: 2072937
Bug: 64438728
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/MAC/inc/sirMacProtDef.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirMacProtDef.h b/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirMacProtDef.h
index bb43167c255cc..c5d8ad5dbcbc0 100644
--- a/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirMacProtDef.h
+++ b/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirMacProtDef.h
@@ -584,7 +584,7 @@
 #define SIR_MAC_MAX_NUMBER_OF_RATES          12
 #define SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS      4
 #define SIR_MAC_KEY_LENGTH                   13   // WEP Maximum key length size
-#define SIR_MAC_AUTH_CHALLENGE_LENGTH        128
+#define SIR_MAC_AUTH_CHALLENGE_LENGTH        253
 #define SIR_MAC_WEP_IV_LENGTH                4
 #define SIR_MAC_WEP_ICV_LENGTH               4