Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / wpa_supplicant_8 / d8ae7df57f3e6464c8aeef2c90889f1c3f2e275b
commitd8ae7df57f3e6464c8aeef2c90889f1c3f2e275b[log] [tgz]
authorJouni Malinen <j@w1.fi>Sun Nov 01 18:18:17 2015 +0200
committerGerrit - the friendly Code Review server <code-review@localhost>Thu Nov 26 02:44:04 2015 -0800
treece02aba8be5a933532270f8f9283bba5919c00a0
parent4da2ac21952926e872dc29447410c7fca810f088 [diff]
EAP-pwd peer: Fix last fragment length validation

All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5315)

Signed-off-by: Jouni Malinen <j@w1.fi>
Git-commit: 8057821706784608b828e769ccefbced95591e50
Git-repo: git://w1.fi/srv/git/hostap.git
Change-Id: I565a55bd5a672be60af5b11dac4e78aa421d4772
CRs-Fixed: 937515
1 file changed
tree: ce02aba8be5a933532270f8f9283bba5919c00a0
  1. hostapd/
  2. hs20/
  3. src/
  4. wpa_supplicant/
  5. .gitignore
  6. Android.mk
  7. CleanSpec.mk
  8. CONTRIBUTIONS
  9. COPYING
  10. MODULE_LICENSE_BSD_LIKE
  11. README