DivestOS/Patches/Linux_CVEs/CVE-2017-0571/0.patch

From 4b29d0111186ebef75a9af7da8257697386ac4a4 Mon Sep 17 00:00:00 2001
From: Insun Song <insun.song@broadcom.com>
Date: Wed, 25 Jan 2017 11:41:49 -0800
Subject: [PATCH] net: wireless: bcmdhd: fix buffer overrun in wlfc reordering

added boundary check not to override allocated buffer

Signed-off-by: Insun Song <insun.song@broadcom.com>
Change-Id: Iad44141ba4e4cd224eda292c05ffe525bf74227d
Bug: 34203305
---
 drivers/net/wireless/bcmdhd/dhd_wlfc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/bcmdhd/dhd_wlfc.c b/drivers/net/wireless/bcmdhd/dhd_wlfc.c
index 741ebc8642275..3b9cfe85f7635 100644
--- a/drivers/net/wireless/bcmdhd/dhd_wlfc.c
+++ b/drivers/net/wireless/bcmdhd/dhd_wlfc.c
@@ -2458,7 +2458,7 @@ static void
 _dhd_wlfc_reorderinfo_indicate(uint8 *val, uint8 len, uchar *info_buf, uint *info_len)
 {
 	if (info_len) {
-		if (info_buf) {
+		if (info_buf && (len <= WLHOST_REORDERDATA_TOTLEN)) {
 			bcopy(val, info_buf, len);
 			*info_len = len;
 		}