Attachment 158552 Details for Bug 201432 – wpa_supplicant-2.4_4.diff

[patch] wpa_supplicant-2.4_4.diff

wpa_supplicant-2.4_4.diff (text/plain), 1.42 KB, created by Jason Unovitch on 2015-07-09 02:43:56 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Unovitch

Created: 2015-07-09 02:43:56 UTC

Size: 1.42 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 391607)
>+++ Makefile	(working copy)
>@@ -2,7 +2,7 @@
> 
> PORTNAME=	wpa_supplicant
> PORTVERSION=	2.4
>-PORTREVISION=	3
>+PORTREVISION=	4
> CATEGORIES=	security net
> MASTER_SITES=	http://w1.fi/releases/
> 
>Index: files/patch-src_wps_ndef.c
>===================================================================
>--- files/patch-src_wps_ndef.c	(revision 0)
>+++ files/patch-src_wps_ndef.c	(working copy)
>@@ -0,0 +1,21 @@
>+--- src/wps/ndef.c.orig	2015-03-15 17:30:39 UTC
>++++ src/wps/ndef.c
>+@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *d
>+ 		if (size < 6)
>+ 			return -1;
>+ 		record->payload_length = ntohl(*(u32 *)pos);
>++		if (record->payload_length > size - 6)
>++			return -1;
>+ 		pos += sizeof(u32);
>+ 	}
>+ 
>+@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *d
>+ 	pos += record->payload_length;
>+ 
>+ 	record->total_length = pos - data;
>+-	if (record->total_length > size)
>++	if (record->total_length > size ||
>++	    record->total_length < record->payload_length)
>+ 		return -1;
>+ 	return 0;
>+ }
>
>Property changes on: files/patch-src_wps_ndef.c
>___________________________________________________________________
>Added: fbsd:nokeywords
>## -0,0 +1 ##
>+yes
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property

Actions: View | Diff

Attachments on bug 201432: 158552 | 158553 | 158554