Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name: src
Committed By: christos
Date: Sat May 9 19:50:41 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index