Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/bsd/wpa/dist/src/p2p Fix potential buffer overflow:



details:   https://anonhg.NetBSD.org/src/rev/15c65d0af373
branches:  trunk
changeset: 807807:15c65d0af373
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Apr 22 20:24:20 2015 +0000

description:
Fix potential buffer overflow:
http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch

XXX: pullup-[67]

diffstat:

 external/bsd/wpa/dist/src/p2p/p2p.c |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (11 lines):

diff -r 59a227e82ac5 -r 15c65d0af373 external/bsd/wpa/dist/src/p2p/p2p.c
--- a/external/bsd/wpa/dist/src/p2p/p2p.c       Wed Apr 22 20:21:11 2015 +0000
+++ b/external/bsd/wpa/dist/src/p2p/p2p.c       Wed Apr 22 20:24:20 2015 +0000
@@ -778,6 +778,7 @@
        if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
                os_memcpy(dev->interface_addr, addr, ETH_ALEN);
        if (msg.ssid &&
+           msg.ssid[1] <= sizeof(dev->oper_ssid) &&
            (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
             os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
             != 0)) {



Home | Main Index | Thread Index | Old Index