Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/wpa/dist/src/p2p Fix potential buffer overflow:
details: https://anonhg.NetBSD.org/src/rev/15c65d0af373
branches: trunk
changeset: 807807:15c65d0af373
user: christos <christos%NetBSD.org@localhost>
date: Wed Apr 22 20:24:20 2015 +0000
description:
Fix potential buffer overflow:
http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
XXX: pullup-[67]
diffstat:
external/bsd/wpa/dist/src/p2p/p2p.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diffs (11 lines):
diff -r 59a227e82ac5 -r 15c65d0af373 external/bsd/wpa/dist/src/p2p/p2p.c
--- a/external/bsd/wpa/dist/src/p2p/p2p.c Wed Apr 22 20:21:11 2015 +0000
+++ b/external/bsd/wpa/dist/src/p2p/p2p.c Wed Apr 22 20:24:20 2015 +0000
@@ -778,6 +778,7 @@
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
if (msg.ssid &&
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
!= 0)) {
Home |
Main Index |
Thread Index |
Old Index