summary refs log tree commit diff
path: root/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/wpa-supplicant-2015-3-fix.patch')
-rw-r--r--gnu/packages/patches/wpa-supplicant-2015-3-fix.patch43
1 files changed, 0 insertions, 43 deletions
diff --git a/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch b/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch
deleted file mode 100644
index de042f0c49..0000000000
--- a/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Patch copied from http://w1.fi/security/2015-3/
-
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/ap/wmm.c b/src/ap/wmm.c
-index 6d4177c..314e244 100644
---- a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
- 		return;
- 	}
- 
-+	if (left < 0)
-+		return; /* not a valid WMM Action frame */
-+
- 	/* extract the tspec info element */
- 	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
- 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
--- 
-1.9.1
-