CVS commit: src/external/bsd/wpa/dist/src/eap_peer

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/external/bsd/wpa/dist/src/eap_peer
From: "Christos Zoulas" <christos%netbsd.org@localhost>
Date: Sat, 9 May 2015 15:46:01 -0400

Module Name:    src
Committed By:   christos
Date:           Sat May  9 19:46:01 UTC 2015

Modified Files:
        src/external/bsd/wpa/dist/src/eap_peer: eap_pwd.c

Log Message:
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.

Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/external/bsd/wpa/dist/src/ap
Next by Date: CVS commit: src/external/bsd/wpa/dist/src/eap_server
Previous by Thread: CVS commit: src/external/bsd/wpa/dist/src/ap
Next by Thread: CVS commit: src/external/bsd/wpa/dist/src/eap_server
Indexes:

Home | Main Index | Thread Index | Old Index