Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-12-22 06:04:57 -05:00
Code Issues Packages Projects Releases Wiki Activity
92a0187dfb
DivestOS/Patches/Linux_CVEs-New/CVE-2017-0706/ANY/0.patch
Tad 92a0187dfb Overhaul CVE patches
2017-10-29 14:23:02 -04:00

24 lines
4.3 KiB
Diff
Raw Blame History

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Diff - 6a469209ac014b6d93f373e042500f6e8cd6a04a^! - kernel/msm - Git at Google</title><link rel="stylesheet" type="text/css" href="/+static/base.HLL9TqKl0YYybSzmT_wTdw.cache.css"><!-- default customHeadTagPart --></head><body class="Site"><header class="Site-header"><div class="Header"><a class="Header-image" href="/"><img src="//www.gstatic.com/images/branding/lockups/2x/lockup_git_color_108x24dp.png" width="108" height="24" alt="Google Git"></a><div class="Header-menu"> <a class="Header-menuItem" href="https://accounts.google.com/AccountChooser?service=gerritcodereview&amp;continue=https://android.googlesource.com/login/kernel/msm/%2B/6a469209ac014b6d93f373e042500f6e8cd6a04a%255E%2521/">Sign in</a> </div></div></header><div class="Site-content"><div class="Container "><div class="Breadcrumbs"><a class="Breadcrumbs-crumb" href="/?format=HTML">android</a> / <a class="Breadcrumbs-crumb" href="/kernel/">kernel</a> / <a class="Breadcrumbs-crumb" href="/kernel/msm/">msm</a> / <a class="Breadcrumbs-crumb" href="/kernel/msm/+/6a469209ac014b6d93f373e042500f6e8cd6a04a%5E%21/">6a469209ac014b6d93f373e042500f6e8cd6a04a^!</a> / <span class="Breadcrumbs-crumb">.</span></div><div class="u-monospace Metadata"><table><tr><th class="Metadata-title">commit</th><td>6a469209ac014b6d93f373e042500f6e8cd6a04a</td><td><span>[<a href="/kernel/msm/+log/6a469209ac014b6d93f373e042500f6e8cd6a04a/">log</a>]</span> <span>[<a href="/kernel/msm/+archive/6a469209ac014b6d93f373e042500f6e8cd6a04a/.tar.gz">tgz</a>]</span></td></tr><tr><th class="Metadata-title">author</th><td>Insun Song &lt;insun.song@broadcom.com&gt;</td><td>Wed May 03 16:20:41 2017 -0700</td></tr><tr><th class="Metadata-title">committer</th><td>Stuart Scott &lt;stuartscott@google.com&gt;</td><td>Tue May 16 20:12:20 2017 +0000</td></tr><tr><th class="Metadata-title">tree</th><td><a href="/kernel/msm/+/6a469209ac014b6d93f373e042500f6e8cd6a04a/">4d3e208308055cf10fab20c863fa3adfdaadb6fc</a></td></tr><tr><th class="Metadata-title">parent</th><td><a href="/kernel/msm/+/6a469209ac014b6d93f373e042500f6e8cd6a04a%5E">6cda862834f58f5cba217f445c00bb83aaa8a32a</a> <span>[<a href="/kernel/msm/+/6a469209ac014b6d93f373e042500f6e8cd6a04a%5E%21/">diff</a>]</span></td></tr></table></div><pre class="u-pre u-monospace MetadataMessage">net: wireless: bcmdhd: adding boundary check in wl_cfg80211_mgmt_tx
added boundary check for user-input parameter not to corrupt kernel
memmory.
Signed-off-by: Insun Song &lt;insun.song@broadcom.com&gt;
Bug: 35195787
Change-Id: <a href="https://android-review.googlesource.com/#/q/Ia497feae5f502c9a650e50a39fd0620fa976d908">Ia497feae5f502c9a650e50a39fd0620fa976d908</a>
</pre><pre class="u-pre u-monospace Diff"><a name="F0" class="Diff-fileIndex"></a>diff --git <a href="/kernel/msm/+/6cda862834f58f5cba217f445c00bb83aaa8a32a/drivers/net/wireless/bcmdhd/wl_cfg80211.c">a/drivers/net/wireless/bcmdhd/wl_cfg80211.c</a> <a href="/kernel/msm/+/6a469209ac014b6d93f373e042500f6e8cd6a04a/drivers/net/wireless/bcmdhd/wl_cfg80211.c">b/drivers/net/wireless/bcmdhd/wl_cfg80211.c</a>
index 9081988..a73b030 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
</pre><pre class="u-pre u-monospace Diff-unified"><span class="Diff-hunk">@@ -5830,6 +5830,10 @@
</span><span class="Diff-change"> </span>
<span class="Diff-change"> WL_DBG((&quot;Enter \n&quot;));</span>
<span class="Diff-change"> </span>
<span class="Diff-insert">+ if (len &gt; (ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN)) {</span>
<span class="Diff-insert">+ WL_ERR((&quot;bad length:%zu\n&quot;, len));</span>
<span class="Diff-insert">+ return BCME_BADARG;</span>
<span class="Diff-insert">+ }</span>
<span class="Diff-change"> dev = cfgdev_to_wlc_ndev(cfgdev, cfg);</span>
<span class="Diff-change"> </span>
<span class="Diff-change"> /* set bsscfg idx for iovar (wlan0: P2PAPI_BSSCFG_PRIMARY, p2p: P2PAPI_BSSCFG_DEVICE) */</span>
</pre></div> <!-- Container --></div> <!-- Site-content --><!-- default customFooter --><footer class="Site-footer"><div class="Footer"><span class="Footer-poweredBy">Powered by <a href="https://gerrit.googlesource.com/gitiles/">Gitiles</a></span><span class="Footer-formats"><a class="u-monospace Footer-formatsItem" href="?format=TEXT">txt</a> <a class="u-monospace Footer-formatsItem" href="?format=JSON">json</a></span></div></footer></body></html>
Reference in New Issue View Git Blame Copy Permalink