Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 0d1b61e51a97cc1eaa83dbaf31a4345e3b1e1768^! / . / ap
commit0d1b61e51a97cc1eaa83dbaf31a4345e3b1e1768[log] [tgz]
authorxf.li <xf.li@mobiletek.cn>Wed Aug 20 05:45:58 2025 -0700
committerxf.li <xf.li@mobiletek.cn>Wed Aug 20 05:45:58 2025 -0700
treec81b0a3e0506d7ba7e86c9ca96f090779160c1a2
parenta4a0f3894083802a94595114cf521a3f23c3468f [diff]
[Bugfix][T106][task-view-1936] Fix the R155 security issue

Only Configure:No
Affected branch:master/SIHA_SDK5.1_BASE
Affected module:unknow
Is it affected on both ZXIC and MTK:only ZXIC
Self-test:Yes
Doc Update:no

Change-Id: I30d465850302b3120d78136e369e9b873211631e

diff --git a/ap/libc/glibc/glibc-2.23/resolv/nss_dns/dns-network.c b/ap/libc/glibc/glibc-2.23/resolv/nss_dns/dns-network.c
old mode 100644
new mode 100755
index 2eb2f67..3942c70
--- a/ap/libc/glibc/glibc-2.23/resolv/nss_dns/dns-network.c
+++ b/ap/libc/glibc/glibc-2.23/resolv/nss_dns/dns-network.c

@@ -118,17 +118,15 @@
   } net_buffer;
   querybuf *orig_net_buffer;
   int anslen;
-  char *qbuf;
   enum nss_status status;
 
   if (__res_maybe_init (&_res, 0) == -1)
     return NSS_STATUS_UNAVAIL;
 
-  qbuf = strdupa (name);
 
   net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
 
-  anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
+  anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, // CVE-2016-3075
 			       1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
   if (anslen < 0)
     {

diff --git a/ap/libc/glibc/glibc-2.23/resolv/res_init.c b/ap/libc/glibc/glibc-2.23/resolv/res_init.c
old mode 100644
new mode 100755
index e0b6a80..88bfed1
--- a/ap/libc/glibc/glibc-2.23/resolv/res_init.c
+++ b/ap/libc/glibc/glibc-2.23/resolv/res_init.c

@@ -594,7 +594,7 @@
 		statp->_vcsock = -1;
 		statp->_flags &= ~(RES_F_VC | RES_F_CONN);
 	}
-	for (ns = 0; ns < statp->_u._ext.nscount; ns++)
+	for (ns = 0; ns < statp->nscount; ns++) // CVE-2016-5417
 		if (statp->_u._ext.nsaddrs[ns]) {
 			if (statp->_u._ext.nssocks[ns] != -1) {
 				close_not_cancel_no_status(statp->_u._ext.nssocks[ns]);

diff --git a/ap/os/linux/linux-3.4.x/net/wireless/nl80211.c b/ap/os/linux/linux-3.4.x/net/wireless/nl80211.c
index 3971fd0..4c9140f 100755
--- a/ap/os/linux/linux-3.4.x/net/wireless/nl80211.c
+++ b/ap/os/linux/linux-3.4.x/net/wireless/nl80211.c

@@ -153,6 +153,7 @@
 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
+	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 }, // CVE-2020-27068
 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
 	[NL80211_ATTR_PID] = { .type = NLA_U32 },