android_kernel_xiaomi_sm8350

History

Srinivas Dasari 6f6a3e666d qcacld-3.0: Use NLA_EXACT_LEN instead of NLA_UNSPEC in new kernels The change If6d559a3aa7b8719a515e00e271e313c02f8135f has modified few attribute types from NLA_UNSPEC to NLA_BINARY. But NLA_BINARY validates only for max length and doesn't validate min length. This could cause buffer overread if userspace sends less data as the driver reads fixed length(e.g. 6 bytes for mac_addr) always. Use VENDOR_NLA_POLICY_MAC_ADDR(NLA_POLICY_ETH_ADDR) or NLA_EXACT_LEN instead of NLA_UNSPEC which validates for exact length. Change-Id: I92cc29716dff29037d14ffd2e269761149c7f74b CRs-Fixed: 2700695	2020-06-04 23:22:48 -07:00
..
inc	qcacld-3.0: Add policy attribute to INTEROP_ISSUES_AP	2020-03-06 04:08:06 -08:00
src	qcacld-3.0: Use NLA_EXACT_LEN instead of NLA_UNSPEC in new kernels	2020-06-04 23:22:48 -07:00

Srinivas Dasari 6f6a3e666d qcacld-3.0: Use NLA_EXACT_LEN instead of NLA_UNSPEC in new kernels

The change If6d559a3aa7b8719a515e00e271e313c02f8135f has modified
few attribute types from NLA_UNSPEC to NLA_BINARY. But NLA_BINARY
validates only for max length and doesn't validate min length.
This could cause buffer overread if userspace sends less data as
the driver reads fixed length(e.g. 6 bytes for mac_addr) always.
Use VENDOR_NLA_POLICY_MAC_ADDR(NLA_POLICY_ETH_ADDR) or
NLA_EXACT_LEN instead of NLA_UNSPEC which validates for
exact length.

Change-Id: I92cc29716dff29037d14ffd2e269761149c7f74b
CRs-Fixed: 2700695

2020-06-04 23:22:48 -07:00

inc

qcacld-3.0: Add policy attribute to INTEROP_ISSUES_AP

2020-03-06 04:08:06 -08:00

src

qcacld-3.0: Use NLA_EXACT_LEN instead of NLA_UNSPEC in new kernels

2020-06-04 23:22:48 -07:00