hostapd: merge a security fix for a TLS message buffer overflow (CVE-2012-4445)
[openwrt/svn-archive/archive.git] / package / hostapd / patches / 001-CVE-2012-4445.patch
1 --- a/src/eap_server/eap_server_tls_common.c
2 +++ b/src/eap_server/eap_server_tls_common.c
3 @@ -228,6 +228,14 @@ static int eap_server_tls_process_fragme
4 return -1;
5 }
6
7 + if (len > message_length) {
8 + wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
9 + "first fragment of frame (TLS Message "
10 + "Length %d bytes)",
11 + (int) len, (int) message_length);
12 + return -1;
13 + }
14 +
15 data->tls_in = wpabuf_alloc(message_length);
16 if (data->tls_in == NULL) {
17 wpa_printf(MSG_DEBUG, "SSL: No memory for message");