DivestOS/Patches/Linux_CVEs/CVE-2014-9901/ANY/0.patch
2017-10-29 22:14:37 -04:00

295 lines
13 KiB
Diff

From 637f0f7931dd7265ac1c250dc2884d6389c66bde Mon Sep 17 00:00:00 2001
From: Panvar Vivek <vpanwa@codeaurora.org>
Date: Thu, 12 Dec 2013 17:17:40 +0530
Subject: wlan: Replace snprintf with scnprintf
The function snprintf() do not write more than size bytes (including
the terminating null byte ('\0')). If the output was truncated due
to this limit then the return value is the number of characters
(excluding the terminating null byte) which would have been written
to the final string if enough space had been available. Thus, a
return value of size or more means that the output was truncated.
Change-Id: Iccf9648961e2ac9eeffa0f824a80fd3798be3870
CRs-Fixed: 548711
---
CORE/HDD/src/wlan_hdd_cfg.c | 2 +-
CORE/HDD/src/wlan_hdd_hostapd.c | 6 ++--
CORE/HDD/src/wlan_hdd_scan.c | 2 +-
CORE/HDD/src/wlan_hdd_tdls.c | 9 +++---
CORE/HDD/src/wlan_hdd_wext.c | 70 ++++++++++++++++++++++++++++++-----------
5 files changed, 62 insertions(+), 27 deletions(-)
diff --git a/CORE/HDD/src/wlan_hdd_cfg.c b/CORE/HDD/src/wlan_hdd_cfg.c
index 0fa44de..31d0adc 100644
--- a/CORE/HDD/src/wlan_hdd_cfg.c
+++ b/CORE/HDD/src/wlan_hdd_cfg.c
@@ -3240,7 +3240,7 @@ VOS_STATUS hdd_cfg_get_config(hdd_context_t *pHddCtx, char *pBuf, int buflen)
{
snprintf(valueStr, CFG_VALUE_MAX_LEN, "(unhandled)");
}
- curlen = snprintf(configStr, CFG_ENTRY_MAX_LEN,
+ curlen = scnprintf(configStr, CFG_ENTRY_MAX_LEN,
"%s=[%s]%s\n",
pRegEntry->RegName,
valueStr,
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index cc2fb0e..d9c965a 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -2350,7 +2350,7 @@ static iw_softap_ap_stats(struct net_device *dev,
WLANSAP_GetStatistics((WLAN_HDD_GET_CTX(pHostapdAdapter))->pvosContext, &statBuffer, (v_BOOL_t)wrqu->data.flags);
- len = snprintf(pstatbuf, len,
+ len = scnprintf(pstatbuf, len,
"RUF=%d RMF=%d RBF=%d "
"RUB=%d RMB=%d RBB=%d "
"TUF=%d TMF=%d TBF=%d "
@@ -3481,7 +3481,7 @@ VOS_STATUS hdd_softap_get_sta_info(hdd_adapter_t *pAdapter, v_U8_t *pBuf, int bu
int len = 0;
const char sta_info_header[] = "staId staAddress\n";
- len = snprintf(pBuf, buf_len, sta_info_header);
+ len = scnprintf(pBuf, buf_len, sta_info_header);
pBuf += len;
buf_len -= len;
@@ -3489,7 +3489,7 @@ VOS_STATUS hdd_softap_get_sta_info(hdd_adapter_t *pAdapter, v_U8_t *pBuf, int bu
{
if(pAdapter->aStaInfo[i].isUsed)
{
- len = snprintf(pBuf, buf_len, "%*d .%02x:%02x:%02x:%02x:%02x:%02x\n",
+ len = scnprintf(pBuf, buf_len, "%*d .%02x:%02x:%02x:%02x:%02x:%02x\n",
strlen("staId"),
pAdapter->aStaInfo[i].ucSTAId,
pAdapter->aStaInfo[i].macAddrSTA.bytes[0],
diff --git a/CORE/HDD/src/wlan_hdd_scan.c b/CORE/HDD/src/wlan_hdd_scan.c
index 8c1d259..9c60557 100644
--- a/CORE/HDD/src/wlan_hdd_scan.c
+++ b/CORE/HDD/src/wlan_hdd_scan.c
@@ -534,7 +534,7 @@ static eHalStatus hdd_IndicateScanResult(hdd_scan_info_t *scanInfo, tCsrScanResu
/* AGE */
event.cmd = IWEVCUSTOM;
p = custom;
- p += snprintf(p, MAX_CUSTOM_LEN, " Age: %lu",
+ p += scnprintf(p, MAX_CUSTOM_LEN, " Age: %lu",
vos_timer_get_system_ticks() - descriptor->nReceivedTime);
event.u.data.length = p - custom;
current_event = iwe_stream_add_point (scanInfo->info,current_event, end,
diff --git a/CORE/HDD/src/wlan_hdd_tdls.c b/CORE/HDD/src/wlan_hdd_tdls.c
index 9a6149f..f616af2 100644
--- a/CORE/HDD/src/wlan_hdd_tdls.c
+++ b/CORE/HDD/src/wlan_hdd_tdls.c
@@ -1400,11 +1400,12 @@ int wlan_hdd_tdls_get_all_peers(hdd_adapter_t *pAdapter, char *buf, int buflen)
init_len = buflen;
- len = snprintf(buf, buflen, "\n%-18s%-3s%-4s%-3s%-5s\n", "MAC", "Id", "cap", "up", "RSSI");
+ len = scnprintf(buf, buflen, "\n%-18s%-3s%-4s%-3s%-5s\n",
+ "MAC", "Id", "cap", "up", "RSSI");
buf += len;
buflen -= len;
/* 1234567890123456789012345678901234567 */
- len = snprintf(buf, buflen, "---------------------------------\n");
+ len = scnprintf(buf, buflen, "---------------------------------\n");
buf += len;
buflen -= len;
@@ -1417,7 +1418,7 @@ int wlan_hdd_tdls_get_all_peers(hdd_adapter_t *pAdapter, char *buf, int buflen)
pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
if (NULL == pHddTdlsCtx) {
mutex_unlock(&tdls_lock);
- len = snprintf(buf, buflen, "TDLS not enabled\n");
+ len = scnprintf(buf, buflen, "TDLS not enabled\n");
return len;
}
for (i = 0; i < 256; i++) {
@@ -1428,7 +1429,7 @@ int wlan_hdd_tdls_get_all_peers(hdd_adapter_t *pAdapter, char *buf, int buflen)
if (buflen < 32+1)
break;
- len = snprintf(buf, buflen,
+ len = scnprintf(buf, buflen,
MAC_ADDRESS_STR"%3d%4s%3s%5d\n",
MAC_ADDR_ARRAY(curr_peer->peerMac),
curr_peer->staId,
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 0cd68bd..b141df0 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -413,7 +413,7 @@ void hdd_wlan_get_version(hdd_adapter_t *pAdapter, union iwreq_data *wrqu,
pHWversion = "Unknown";
}
- wrqu->data.length = snprintf(extra, WE_MAX_STR_LEN,
+ wrqu->data.length = scnprintf(extra, WE_MAX_STR_LEN,
"Host SW:%s, FW:%s, HW:%s",
QWLAN_VERSIONSTR,
pSWversion,
@@ -2551,7 +2551,7 @@ static int iw_get_rssi(struct net_device *dev,
{
/* we are not connected or our SSID is too long
so we cannot report an rssi */
- rc = snprintf(cmd, len, "OK");
+ rc = scnprintf(cmd, len, "OK");
}
else
{
@@ -2566,7 +2566,7 @@ static int iw_get_rssi(struct net_device *dev,
{
/* append the rssi to the ssid in the format required by
the WiFI Framework */
- rc = snprintf(&cmd[ssidlen], len - ssidlen, " rssi %d", s7Rssi);
+ rc = scnprintf(&cmd[ssidlen], len - ssidlen, " rssi %d", s7Rssi);
}
else
{
@@ -4412,19 +4412,19 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
if ( WLAN_ADAPTER == adapter_num )
{
useAdapter = pAdapter;
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n\n wlan0 States:-");
len += buf;
}
else if ( P2P_ADAPTER == adapter_num )
{
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n\n p2p0 States:-");
len += buf;
if( !pHddCtx )
{
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n pHddCtx is NULL");
len += buf;
break;
@@ -4435,7 +4435,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
useAdapter = hdd_get_adapter(pHddCtx, WLAN_HDD_P2P_CLIENT);
if ( !useAdapter )
{
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n Device not configured as P2P_CLIENT.");
len += buf;
break;
@@ -4447,7 +4447,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR( useAdapter );
if( !pHddStaCtx )
{
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n pHddStaCtx is NULL");
len += buf;
break;
@@ -4455,7 +4455,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
tlState = smeGetTLSTAState(hHal, pHddStaCtx->conn_info.staId[0]);
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n HDD Conn State - %s "
"\n \n SME State:"
"\n Neighbour Roam State - %s"
@@ -4478,7 +4478,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
}
/* Printing Lim State starting with global lim states */
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n \n LIM STATES:-"
"\n Global Sme State - %s "\
"\n Global mlm State - %s "\
@@ -4493,7 +4493,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
{
if ( pMac->lim.gpSession[count].valid )
{
- buf = snprintf(extra + len, WE_MAX_STR_LEN - len,
+ buf = scnprintf(extra + len, WE_MAX_STR_LEN - len,
"\n Lim Valid Session %d:-"
"\n PE Sme State - %s "
"\n PE Mlm State - %s "
@@ -4574,6 +4574,7 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
VOS_STATUS status;
v_U8_t i, len;
char* buf ;
+
tChannelListInfo channel_list;
status = iw_softap_get_channel_list(dev, info, wrqu, (char *)&channel_list);
@@ -4585,20 +4586,23 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
buf = extra;
/**
- * Maximum channels = WNI_CFG_VALID_CHANNEL_LIST_LEN. Maximum buffer
- * needed = 5 * number of channels. Check if sufficient buffer is available and
- * then proceed to fill the buffer.
- */
+ * Maximum channels = WNI_CFG_VALID_CHANNEL_LIST_LEN. Maximum buffer
+ * needed = 5 * number of channels. Check if sufficient buffer is available and
+ * then proceed to fill the buffer.
+ */
if(WE_MAX_STR_LEN < (5 * WNI_CFG_VALID_CHANNEL_LIST_LEN))
{
- hddLog(VOS_TRACE_LEVEL_ERROR, "%s Insufficient Buffer to populate channel list\n",__func__);
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s Insufficient Buffer to populate channel list\n",
+ __func__);
return -EINVAL;
}
- len = snprintf(buf, 5, "%u ", channel_list.num_channels);
+ len = scnprintf(buf, WE_MAX_STR_LEN, "%u ",
+ channel_list.num_channels);
buf += len;
for(i = 0 ; i < channel_list.num_channels; i++)
{
- len = snprintf(buf, 5,
+ len = scnprintf(buf, WE_MAX_STR_LEN,
"%u ", channel_list.channels[i]);
buf += len;
}
@@ -4632,6 +4636,36 @@ static int iw_get_char_setnone(struct net_device *dev, struct iw_request_info *i
break;
}
#endif
+#ifdef FEATURE_CESIUM_PROPRIETARY
+ case WE_GET_IBSS_STA_INFO:
+ {
+ hdd_station_ctx_t *pHddStaCtx =
+ WLAN_HDD_GET_STATION_CTX_PTR(pAdapter);
+ int idx = 0;
+ int length = 0;
+
+ for (idx = 0; idx < HDD_MAX_NUM_IBSS_STA; idx++)
+ {
+ if (0 != pHddStaCtx->conn_info.staId[ idx ])
+ {
+ length += scnprintf
+ (
+ (extra + length), WE_MAX_STR_LEN - length,
+ "%d .%02x:%02x:%02x:%02x:%02x:%02x\n",
+ pHddStaCtx->conn_info.staId[ idx ],
+ pHddStaCtx->conn_info.peerMacAddress[idx].bytes[0],
+ pHddStaCtx->conn_info.peerMacAddress[idx].bytes[1],
+ pHddStaCtx->conn_info.peerMacAddress[idx].bytes[2],
+ pHddStaCtx->conn_info.peerMacAddress[idx].bytes[3],
+ pHddStaCtx->conn_info.peerMacAddress[idx].bytes[4],
+ pHddStaCtx->conn_info.peerMacAddress[idx].bytes[5]
+ );
+ }
+ }
+ wrqu->data.length = strlen(extra)+1;
+ break;
+ }
+#endif
default:
{
hddLog(LOGE, "Invalid IOCTL command %d \n", sub_cmd );
--
cgit v1.1