aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-10-08 10:59:39 -0400
committerMark H Weaver <mhw@netris.org>2015-10-08 10:59:39 -0400
commitb81378251c629615aff0d62ca686bb53a10367de (patch)
tree4c15f2be58d665cf0eed1e00c84f70764890c3b8 /gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch
parent319fe79dd01e03c4ef61311c336bcd77e1133f02 (diff)
parentb5881775ac2db345bf5826d6351366346ff03275 (diff)
downloadguix-b81378251c629615aff0d62ca686bb53a10367de.tar
guix-b81378251c629615aff0d62ca686bb53a10367de.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch')
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch42
1 files changed, 0 insertions, 42 deletions
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch
deleted file mode 100644
index de1964ca76..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 7 Apr 2015 11:32:11 +0300
-Subject: [PATCH] P2P: Validate SSID element length before copying it
- (CVE-2015-1863)
-
-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
-p2p_add_device(). The length provided by the peer device (0..255 bytes)
-was used without proper bounds checking and that could have resulted in
-arbitrary data of up to 223 bytes being written beyond the end of the
-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
-heap allocation) when processing a corrupted management frame for P2P
-peer discovery purposes.
-
-This could result in corrupted state in heap, unexpected program
-behavior due to corrupted P2P peer device information, denial of service
-due to process crash, exposure of memory contents during GO Negotiation,
-and potentially arbitrary code execution.
-
-Thanks to Google security team for reporting this issue and smart
-hardware research group of Alibaba security team for discovering it.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- src/p2p/p2p.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
-index f584fae..a45fe73 100644
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
- if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
- os_memcpy(dev->interface_addr, addr, ETH_ALEN);
- if (msg.ssid &&
-+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
- (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
- os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
- != 0)) {
---
-1.9.1
-