DivestOS/Patches/Linux_CVEs/CVE-2016-10283/qcacld-2.0/0001.patch
2017-11-07 18:55:10 -05:00

43 lines
1.8 KiB
Diff

From 93863644b4547324309613361d70ad9dc91f8dfd Mon Sep 17 00:00:00 2001
From: SaidiReddy Yenuga <saidir@codeaurora.org>
Date: Tue, 14 Feb 2017 16:00:57 +0530
Subject: qcacld-2.0: Trim operation classes to max supported in change station
Operation classes supported can be controlled by user, which can
be sent greater than the max supported operations. This results
in stack overflow in change station command.
Add check to validate operations supported param given by user
and if it exceeds max supported value, set it to max supported
value.
CRs-Fixed: 2002052
Change-Id: Idd3a35e38b091546a17d7ec6329f19429e5c289c
---
CORE/HDD/src/wlan_hdd_cfg80211.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 8fc43a7..f82f258 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -13809,6 +13809,15 @@ static int __wlan_hdd_change_station(struct wiphy *wiphy,
"%s: After removing duplcates StaParams.supported_channels_len: %d",
__func__, StaParams.supported_channels_len);
}
+ if (params->supported_oper_classes_len >
+ SIR_MAC_MAX_SUPP_OPER_CLASSES) {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
+ "received oper classes:%d, resetting it to max supported %d",
+ params->supported_oper_classes_len,
+ SIR_MAC_MAX_SUPP_OPER_CLASSES);
+ params->supported_oper_classes_len =
+ SIR_MAC_MAX_SUPP_OPER_CLASSES;
+ }
vos_mem_copy(StaParams.supported_oper_classes,
params->supported_oper_classes,
params->supported_oper_classes_len);
--
cgit v1.1