mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-27 08:00:11 +00:00
MFS security patches which seem to have accidentally not reached HEAD:
Fix insufficient message length validation for EAP-TLS messages. Fix Linux compatibility layer input validation error. Security: FreeBSD-SA-12:07.hostapd Security: FreeBSD-SA-12:08.linux Security: CVE-2012-4445, CVE-2012-4576 With hat: so@
This commit is contained in:
parent
f51d43fe01
commit
43f13bea35
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=243419
@ -225,6 +225,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (len > message_length) {
|
||||
wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
|
||||
"first fragment of frame (TLS Message "
|
||||
"Length %d bytes)",
|
||||
(int) len, (int) message_length);
|
||||
return -1;
|
||||
}
|
||||
|
||||
data->tls_in = wpabuf_alloc(message_length);
|
||||
if (data->tls_in == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
|
||||
|
@ -2260,8 +2260,9 @@ linux_ifconf(struct thread *td, struct ifconf *uifc)
|
||||
|
||||
ifc.ifc_len = valid_len;
|
||||
sbuf_finish(sb);
|
||||
memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
|
||||
error = copyout(&ifc, uifc, sizeof(ifc));
|
||||
error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
|
||||
if (error == 0)
|
||||
error = copyout(&ifc, uifc, sizeof(ifc));
|
||||
sbuf_delete(sb);
|
||||
CURVNET_RESTORE();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user