security/wpa_supplicant: Address 3 latest security advisories

These are combined upstream patches 2015-2, 2015-3, 2015-4 They address the following security advisories: * CVE-2015-4141 * CVE-2015-4142 * CVE-2015-4143 * CVE-2015-4144 * CVE-2015-4145 * CVE-2015-4146 These advisories also apply to net/hostapd PR: 200568 Submitted by: Jason Unovitch
author: John Marino <marino@FreeBSD.org> 2015-06-02 09:35:23 +0000
committer: John Marino <marino@FreeBSD.org> 2015-06-02 09:35:23 +0000
commit: 05d3374ae0516a1d551d9a2a3508c92c532c0f41 (patch)
tree: a60f2873f5050e4af8de883e50042767cc025619 /security/wpa_supplicant/files/patch-src_wps_httpread.c
parent: Update to 4.1.2 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/security/wpa_supplicant/files/patch-src_wps_httpread.c b/security/wpa_supplicant/files/patch-src_wps_httpread.c
new file mode 100644
index 000000000000..dfdc89f2a8cd
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-src_wps_httpread.c
@@ -0,0 +1,16 @@
+--- src/wps/httpread.c.orig	2015-03-15 17:30:39 UTC
++++ src/wps/httpread.c
+@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd
+ 					if (!isxdigit(*cbp))
+ 						goto bad;
+ 					h->chunk_size = strtoul(cbp, NULL, 16);
++					if (h->chunk_size < 0 ||
++					    h->chunk_size > h->max_bytes) {
++						wpa_printf(MSG_DEBUG,
++							   "httpread: Invalid chunk size %d",
++							   h->chunk_size);
++						goto bad;
++					}
+ 					/* throw away chunk header
+ 					 * so we have only real data
+ 					 */
author	John Marino <marino@FreeBSD.org>	2015-06-02 09:35:23 +0000
committer	John Marino <marino@FreeBSD.org>	2015-06-02 09:35:23 +0000
commit	05d3374ae0516a1d551d9a2a3508c92c532c0f41 (patch)
tree	a60f2873f5050e4af8de883e50042767cc025619 /security/wpa_supplicant/files/patch-src_wps_httpread.c
parent	Update to 4.1.2 (diff)