DivestOS/Patches/Linux_CVEs/CVE-2017-11053/ANY/1.patch

From 6a16567622ff6ccc2a23bd8884b0781995a481b1 Mon Sep 17 00:00:00 2001
From: Srinivas Girigowda <sgirigow@codeaurora.org>
Date: Thu, 3 Aug 2017 16:59:51 -0700
Subject: [PATCH] qcacld-2.0: Fix kernel memory corruption

Buffer overflow in ConvertQosMapsetFrame function
when num_dscp_exceptions value is less than 16.

Fix is to return from function if num_dscp_exceptions
is less than 16.

Change-Id: I2fcce60b7fe5e988348cee786e9a4d493d9512fe
CRs-Fixed: 2061544
Bug: 36895857
Signed-off-by: Srinivas Girigowda <sgirigow@codeaurora.org>
---
 .../staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/utilsParser.c  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/utilsParser.c b/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/utilsParser.c
index 6c9993935b481..887e33ada81ae 100644
--- a/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/utilsParser.c
+++ b/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/utilsParser.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2015, 2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -706,6 +706,10 @@ void ConvertQosMapsetFrame(tpAniSirGlobal pMac, tSirQosMapSet* Qos, tDot11fIEQos
     tANI_U8 i,j=0;
     if (dot11fIE->num_dscp_exceptions > 58)
         dot11fIE->num_dscp_exceptions = 58;
+
+	if (dot11fIE->num_dscp_exceptions < 16)
+		return;
+
     Qos->num_dscp_exceptions = (dot11fIE->num_dscp_exceptions - 16)/2;
     for (i = 0; i < Qos->num_dscp_exceptions; i++)
     {