From dca0df99ed63762f428e4c8a05b82ebfd34b8dbf Mon Sep 17 00:00:00 2001 From: John Marino Date: Tue, 2 Jun 2015 09:52:01 +0000 Subject: net/hostapd: Address 3 latest security advisories These are combined upstream patches 2015-2, 2015-3, 2015-4 They address the following security advisories: * CVE-2015-4141 * CVE-2015-4142 * CVE-2015-4143 * CVE-2015-4144 * CVE-2015-4145 * CVE-2015-4146 These advisories also apply to security/wpa_supplicant PR: 200567 Submitted by: Jason Unovitch Approved by: maintainer (Craig Leres) --- net/hostapd/files/patch-src_wps_httpread.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 net/hostapd/files/patch-src_wps_httpread.c (limited to 'net/hostapd/files/patch-src_wps_httpread.c') diff --git a/net/hostapd/files/patch-src_wps_httpread.c b/net/hostapd/files/patch-src_wps_httpread.c new file mode 100644 index 000000000000..dfdc89f2a8cd --- /dev/null +++ b/net/hostapd/files/patch-src_wps_httpread.c @@ -0,0 +1,16 @@ +--- src/wps/httpread.c.orig 2015-03-15 17:30:39 UTC ++++ src/wps/httpread.c +@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd + if (!isxdigit(*cbp)) + goto bad; + h->chunk_size = strtoul(cbp, NULL, 16); ++ if (h->chunk_size < 0 || ++ h->chunk_size > h->max_bytes) { ++ wpa_printf(MSG_DEBUG, ++ "httpread: Invalid chunk size %d", ++ h->chunk_size); ++ goto bad; ++ } + /* throw away chunk header + * so we have only real data + */ -- cgit v1.2.3