net/hostapd: Address 3 latest security advisories

These are combined upstream patches 2015-2, 2015-3, 2015-4 They address the following security advisories: * CVE-2015-4141 * CVE-2015-4142 * CVE-2015-4143 * CVE-2015-4144 * CVE-2015-4145 * CVE-2015-4146 These advisories also apply to security/wpa_supplicant PR: 200567 Submitted by: Jason Unovitch Approved by: maintainer (Craig Leres)
author: John Marino <marino@FreeBSD.org> 2015-06-02 09:52:01 +0000
committer: John Marino <marino@FreeBSD.org> 2015-06-02 09:52:01 +0000
commit: dca0df99ed63762f428e4c8a05b82ebfd34b8dbf (patch)
tree: 0bfa254b981a09ed1e199afc9c15f2082225199e /net/hostapd/files/patch-src_wps_httpread.c
parent: security/vuxml: multiple vulnerabilities of wpa_supplicant and hostapd (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/net/hostapd/files/patch-src_wps_httpread.c b/net/hostapd/files/patch-src_wps_httpread.c
new file mode 100644
index 000000000000..dfdc89f2a8cd
--- /dev/null
+++ b/net/hostapd/files/patch-src_wps_httpread.c
@@ -0,0 +1,16 @@
+--- src/wps/httpread.c.orig	2015-03-15 17:30:39 UTC
++++ src/wps/httpread.c
+@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd
+ 					if (!isxdigit(*cbp))
+ 						goto bad;
+ 					h->chunk_size = strtoul(cbp, NULL, 16);
++					if (h->chunk_size < 0 ||
++					    h->chunk_size > h->max_bytes) {
++						wpa_printf(MSG_DEBUG,
++							   "httpread: Invalid chunk size %d",
++							   h->chunk_size);
++						goto bad;
++					}
+ 					/* throw away chunk header
+ 					 * so we have only real data
+ 					 */
author	John Marino <marino@FreeBSD.org>	2015-06-02 09:52:01 +0000
committer	John Marino <marino@FreeBSD.org>	2015-06-02 09:52:01 +0000
commit	dca0df99ed63762f428e4c8a05b82ebfd34b8dbf (patch)
tree	0bfa254b981a09ed1e199afc9c15f2082225199e /net/hostapd/files/patch-src_wps_httpread.c
parent	security/vuxml: multiple vulnerabilities of wpa_supplicant and hostapd (diff)