]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03ed0a5) | patch
EAP-pwd peer: Fix last fragment length validation
authorJouni Malinen <j@w1.fi>
Sun, 1 Nov 2015 16:18:17 +0000 (18:18 +0200)
committerJouni Malinen <j@w1.fi>
Tue, 10 Nov 2015 16:40:54 +0000 (18:40 +0200)
commit8057821706784608b828e769ccefbced95591e50
tree16e6391c0b4cf2de36a66761d6544187deb51481tree
parent03ed0a52393710be6bdae657d1b36efa146520e5commit | diff
EAP-pwd peer: Fix last fragment length validation

All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5315)

Signed-off-by: Jouni Malinen <j@w1.fi>
src/eap_peer/eap_pwd.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.