[src/trunk]: src/external/bsd/wpa/dist/src/eap_peer The L (Length) and M (Mor...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f9dd895d16c3
branches:  trunk
changeset: 808222:f9dd895d16c3
user:      christos <christos%NetBSD.org@localhost>
date:      Sat May 09 19:51:43 2015 +0000

description:
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.

XXX: pullup-7

diffstat:

 external/bsd/wpa/dist/src/eap_peer/eap_pwd.c |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (11 lines):

diff -r 912a31671f15 -r f9dd895d16c3 external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
--- a/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c      Sat May 09 19:49:28 2015 +0000
+++ b/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c      Sat May 09 19:51:43 2015 +0000
@@ -903,6 +903,7 @@
         * we have output! Do we need to fragment it?
         */
        len = wpabuf_len(data->outbuf);
+       lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
        if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
                resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
                                     EAP_CODE_RESPONSE, eap_get_id(reqData));