Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / wpa_supplicant_8 / 302da8b4211b25fc7733d7054f9e2f6704686514
commit302da8b4211b25fc7733d7054f9e2f6704686514[log] [tgz]
authorJouni Malinen <j@w1.fi>Sun Nov 01 18:24:16 2015 +0200
committerGerrit - the friendly Code Review server <code-review@localhost>Fri Jan 08 06:26:49 2016 -0800
treee1baf06b37c0bd4ee80d06c1f4ce55d7158b5d11
parent1177459555313eb44d5ff0b89298da1a2d093b68 [diff]
EAP-pwd server: Fix last fragment length validation

All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5314)

Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: Ia283ce184fc880e2fcf7e60e40952cbfc2961709
CRs-Fixed: 937515
tree: e1baf06b37c0bd4ee80d06c1f4ce55d7158b5d11
  1. hostapd/
  2. hs20/
  3. src/
  4. wpa_supplicant/
  5. .gitignore
  6. Android.mk
  7. CleanSpec.mk
  8. CONTRIBUTIONS
  9. COPYING
  10. MODULE_LICENSE_BSD_LIKE
  11. README