diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-01-19 18:18:02 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-01-20 08:59:56 +0100 |
commit | f8721233ca388707ef95cde2fe3fcfad12f50f46 (patch) | |
tree | ee58f27d2192509882b82c55b7e19caaa326cdaf /source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch | |
parent | 1c7cd7d8173b5ad45462c7bfd8ba99cd013b959e (diff) | |
download | current-f8721233ca388707ef95cde2fe3fcfad12f50f46.tar.gz current-f8721233ca388707ef95cde2fe3fcfad12f50f46.tar.xz |
Wed Jan 19 18:18:02 UTC 202220220119181802
ap/inxi-3.3.12_1-noarch-1.txz: Upgraded.
ap/man-db-2.9.4-x86_64-3.txz: Rebuilt.
Don't use --no-purge in the daily cron job to update the databases.
l/gst-plugins-bad-free-1.18.5-x86_64-4.txz: Rebuilt.
Link against neon-0.32.2. Thanks to marav.
n/bind-9.16.25-x86_64-1.txz: Upgraded.
n/ethtool-5.16-x86_64-1.txz: Upgraded.
n/samba-4.15.4-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.10-x86_64-1.txz: Upgraded.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side-channel attacks as a result of cache
access patterns.
NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304
(* Security fix *)
x/xterm-370-x86_64-6.txz: Rebuilt.
XTerm-console: improve the font settings. Thanks to GazL.
Diffstat (limited to 'source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch')
-rw-r--r-- | source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch deleted file mode 100644 index c7a449e0b..000000000 --- a/source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch +++ /dev/null @@ -1,59 +0,0 @@ -From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Wed, 3 Jun 2020 22:41:02 +0300 -Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL - path - -More than about 700 character URL ended up overflowing the wpabuf used -for building the event notification and this resulted in the wpabuf -buffer overflow checks terminating the hostapd process. Fix this by -allocating the buffer to be large enough to contain the full URL path. -However, since that around 700 character limit has been the practical -limit for more than ten years, start explicitly enforcing that as the -limit or the callback URLs since any longer ones had not worked before -and there is no need to enable them now either. - -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> ---- - src/wps/wps_upnp.c | 9 +++++++-- - src/wps/wps_upnp_event.c | 3 ++- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c -index 7d4b7439940e..ab685d52ecab 100644 ---- a/src/wps/wps_upnp.c -+++ b/src/wps/wps_upnp.c -@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, - int rerr; - size_t host_len, path_len; - -- /* url MUST begin with http: */ -- if (url_len < 7 || os_strncasecmp(url, "http://", 7)) -+ /* URL MUST begin with HTTP scheme. In addition, limit the length of -+ * the URL to 700 characters which is around the limit that was -+ * implicitly enforced for more than 10 years due to a bug in -+ * generating the event messages. */ -+ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) { -+ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL"); - goto fail; -+ } - url += 7; - url_len -= 7; - -diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c -index d7e6edcc6503..08a23612f338 100644 ---- a/src/wps/wps_upnp_event.c -+++ b/src/wps/wps_upnp_event.c -@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e) - struct wpabuf *buf; - char *b; - -- buf = wpabuf_alloc(1000 + wpabuf_len(e->data)); -+ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) + -+ wpabuf_len(e->data)); - if (buf == NULL) - return NULL; - wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path); --- -2.20.1 - |