* [gentoo-commits] gentoo-x86 commit in net-wireless/hostapd/files: hostapd-2.0-tls_length_fix.patch
@ 2013-01-21 10:42 Bjarke Istrup Pedersen (gurligebis)
0 siblings, 0 replies; 2+ messages in thread
From: Bjarke Istrup Pedersen (gurligebis) @ 2013-01-21 10:42 UTC (permalink / raw
To: gentoo-commits
gurligebis 13/01/21 10:42:22
Added: hostapd-2.0-tls_length_fix.patch
Log:
Bumping to 2.0
(Portage version: 2.2.0_alpha158/cvs/Linux i686, signed Manifest commit with key 15AE484C)
Revision Changes Path
1.1 net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch?rev=1.1&content-type=text/plain
Index: hostapd-2.0-tls_length_fix.patch
===================================================================
From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 7 Oct 2012 20:06:29 +0300
Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
Message Length value properly and could end up trying to store more
information into the message buffer than the allocated size if the first
fragment is longer than the indicated size. This could result in hostapd
process terminating in wpabuf length validation. Fix this by rejecting
messages that have invalid TLS Message Length value.
This would affect cases that use the internal EAP authentication server
in hostapd either directly with IEEE 802.1X or when using hostapd as a
RADIUS authentication server and when receiving an incorrectly
constructed EAP-TLS message. Cases where hostapd uses an external
authentication are not affected.
Thanks to Timo Warns for finding and reporting this issue.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
---
src/eap_server/eap_server_tls_common.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 31be2ec..46f282b 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
return -1;
}
+ if (len > message_length) {
+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+ "first fragment of frame (TLS Message "
+ "Length %d bytes)",
+ (int) len, (int) message_length);
+ return -1;
+ }
+
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
--
1.7.4-rc1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] gentoo-x86 commit in net-wireless/hostapd/files: hostapd-2.0-tls_length_fix.patch
@ 2015-05-20 11:07 Bjarke Istrup Pedersen (gurligebis)
0 siblings, 0 replies; 2+ messages in thread
From: Bjarke Istrup Pedersen (gurligebis) @ 2015-05-20 11:07 UTC (permalink / raw
To: gentoo-commits
gurligebis 15/05/20 11:07:18
Removed: hostapd-2.0-tls_length_fix.patch
Log:
Removing old version, wrt. bug #548744
(Portage version: 2.2.19/cvs/Linux x86_64, signed Manifest commit with key 15AE484C)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-20 11:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-21 10:42 [gentoo-commits] gentoo-x86 commit in net-wireless/hostapd/files: hostapd-2.0-tls_length_fix.patch Bjarke Istrup Pedersen (gurligebis)
-- strict thread matches above, loose matches on Subject: below --
2015-05-20 11:07 Bjarke Istrup Pedersen (gurligebis)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox