android_external_wpa_supplicant_8 - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jouni Malinen <j@w1.fi>	2015-11-01 18:18:17 +0200
committer	Anjaneedevi Kapparapu <akappa@codeaurora.org>	2015-12-02 23:47:08 +0530
commit	703a1fef0170857775cc2cf07617fbff838a48b8 (patch)
tree	bf3ffaa69e5e459457975b692897a11a5a8f2148 /wpa_supplicant
parent	bfaff150fb44ca3c5672fdfa10ad1e6387bce687 (diff)
download	android_external_wpa_supplicant_8-703a1fef0170857775cc2cf07617fbff838a48b8.tar.gz android_external_wpa_supplicant_8-703a1fef0170857775cc2cf07617fbff838a48b8.tar.bz2 android_external_wpa_supplicant_8-703a1fef0170857775cc2cf07617fbff838a48b8.zip

EAP-pwd peer: Fix last fragment length validation

All but the last fragment had their length checked against the remaining room in the reassembly buffer. This allowed a suitably constructed last fragment frame to try to add extra data that would go beyond the buffer. The length validation code in wpabuf_put_data() prevents an actual buffer write overflow from occurring, but this results in process termination. (CVE-2015-5315) Signed-off-by: Jouni Malinen <j@w1.fi> Git-commit: 8057821706784608b828e769ccefbced95591e50 Git-repo: git://w1.fi/srv/git/hostap.git Change-Id: I565a55bd5a672be60af5b11dac4e78aa421d4772 CRs-Fixed: 937515

Diffstat (limited to 'wpa_supplicant')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: