forked from lede-project/source
-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'lede-17.01' into release
- Loading branch information
Showing
252 changed files
with
5,826 additions
and
1,303 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,6 +23,7 @@ reload() { | |
restart() { | ||
trap '' TERM | ||
stop "$@" | ||
trap - TERM | ||
start "$@" | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
From: Hector Marco-Gisbert <[email protected]> | ||
Date: Fri, 13 Nov 2015 16:21:09 +0100 | ||
Subject: [PATCH] Fix security issue when reading username and password | ||
|
||
This patch fixes two integer underflows at: | ||
* grub-core/lib/crypto.c | ||
* grub-core/normal/auth.c | ||
|
||
Resolves: CVE-2015-8370 | ||
|
||
Signed-off-by: Hector Marco-Gisbert <[email protected]> | ||
Signed-off-by: Ismael Ripoll-Ripoll <[email protected]> | ||
--- | ||
grub-core/lib/crypto.c | 2 +- | ||
grub-core/normal/auth.c | 2 +- | ||
2 files changed, 2 insertions(+), 2 deletions(-) | ||
|
||
--- a/grub-core/lib/crypto.c | ||
+++ b/grub-core/lib/crypto.c | ||
@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned | ||
break; | ||
} | ||
|
||
- if (key == '\b') | ||
+ if (key == '\b' && cur_len) | ||
{ | ||
if (cur_len) | ||
cur_len--; | ||
--- a/grub-core/normal/auth.c | ||
+++ b/grub-core/normal/auth.c | ||
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned | ||
break; | ||
} | ||
|
||
- if (key == '\b') | ||
+ if (key == '\b' && cur_len) | ||
{ | ||
if (cur_len) | ||
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,9 +13,10 @@ PKG_RELEASE:=1 | |
|
||
PKG_SOURCE_PROTO:=git | ||
PKG_SOURCE_URL:=https://github.com/dtaht/sch_cake.git | ||
PKG_SOURCE_DATE:=2018-01-07 | ||
PKG_SOURCE_VERSION:=568ed96467f41aad37556b0db11fc008e05941e9 | ||
PKG_MIRROR_HASH:=8f3f962824826d07b1029379d91e01bf97fe0bfce1233af5cfa7a54cb1c3632c | ||
PKG_SOURCE_DATE:=2018-07-16 | ||
PKG_SOURCE_VERSION:=f39ab9a402ad51d7c17d4cde18ca15b2b7022030 | ||
PKG_MIRROR_HASH:=fc22fc6eb7a24f4595c2777f33758ebcf9a2a404c16d00aa37ae389cd7f9c78f | ||
PKG_MAINTAINER:=Kevin Darbyshire-Bryant <[email protected]> | ||
|
||
include $(INCLUDE_DIR)/package.mk | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
61 changes: 61 additions & 0 deletions
61
...ac80211/patches/318-v4.11-0007-brcmfmac-use-local-iftype-avoiding-use-after-free-of.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
From d77facb88448cdeaaa3adba5b9704a48ac2ac8d6 Mon Sep 17 00:00:00 2001 | ||
From: Arend Van Spriel <[email protected]> | ||
Date: Tue, 28 Mar 2017 09:11:30 +0100 | ||
Subject: [PATCH] brcmfmac: use local iftype avoiding use-after-free of virtual | ||
interface | ||
|
||
A use-after-free was found using KASAN. In brcmf_p2p_del_if() the virtual | ||
interface is removed using call to brcmf_remove_interface(). After that | ||
the virtual interface instance has been freed and should not be referenced. | ||
Solve this by storing the nl80211 iftype in local variable, which is used | ||
in a couple of places anyway. | ||
|
||
Cc: [email protected] # 4.10.x, 4.9.x | ||
Reported-by: Daniel J Blueman <[email protected]> | ||
Reviewed-by: Hante Meuleman <[email protected]> | ||
Reviewed-by: Pieter-Paul Giesberts <[email protected]> | ||
Reviewed-by: Franky Lin <[email protected]> | ||
Signed-off-by: Arend van Spriel <[email protected]> | ||
Signed-off-by: Kalle Valo <[email protected]> | ||
--- | ||
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 8 +++++--- | ||
1 file changed, 5 insertions(+), 3 deletions(-) | ||
|
||
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | ||
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | ||
@@ -2240,14 +2240,16 @@ int brcmf_p2p_del_vif(struct wiphy *wiph | ||
struct brcmf_cfg80211_info *cfg = wiphy_priv(wiphy); | ||
struct brcmf_p2p_info *p2p = &cfg->p2p; | ||
struct brcmf_cfg80211_vif *vif; | ||
+ enum nl80211_iftype iftype; | ||
bool wait_for_disable = false; | ||
int err; | ||
|
||
brcmf_dbg(TRACE, "delete P2P vif\n"); | ||
vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev); | ||
|
||
+ iftype = vif->wdev.iftype; | ||
brcmf_cfg80211_arm_vif_event(cfg, vif); | ||
- switch (vif->wdev.iftype) { | ||
+ switch (iftype) { | ||
case NL80211_IFTYPE_P2P_CLIENT: | ||
if (test_bit(BRCMF_VIF_STATUS_DISCONNECTING, &vif->sme_state)) | ||
wait_for_disable = true; | ||
@@ -2277,7 +2279,7 @@ int brcmf_p2p_del_vif(struct wiphy *wiph | ||
BRCMF_P2P_DISABLE_TIMEOUT); | ||
|
||
err = 0; | ||
- if (vif->wdev.iftype != NL80211_IFTYPE_P2P_DEVICE) { | ||
+ if (iftype != NL80211_IFTYPE_P2P_DEVICE) { | ||
brcmf_vif_clear_mgmt_ies(vif); | ||
err = brcmf_p2p_release_p2p_if(vif); | ||
} | ||
@@ -2293,7 +2295,7 @@ int brcmf_p2p_del_vif(struct wiphy *wiph | ||
brcmf_remove_interface(vif->ifp, true); | ||
|
||
brcmf_cfg80211_arm_vif_event(cfg, NULL); | ||
- if (vif->wdev.iftype != NL80211_IFTYPE_P2P_DEVICE) | ||
+ if (iftype != NL80211_IFTYPE_P2P_DEVICE) | ||
p2p->bss_idx[P2PAPI_BSSCFG_CONNECTION].vif = NULL; | ||
|
||
return err; |
Oops, something went wrong.