Module Name: src
Committed By: christos
Date: Wed Apr 22 20:24:20 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/p2p: p2p.c
Log Message:
Fix potential buffer overflow:
http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
XXX: pullup-[67]
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/p2p/p2p.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/p2p/p2p.c
diff -u src/external/bsd/wpa/dist/src/p2p/p2p.c:1.1.1.5 src/external/bsd/wpa/dist/src/p2p/p2p.c:1.2
--- src/external/bsd/wpa/dist/src/p2p/p2p.c:1.1.1.5 Wed Apr 1 15:24:46 2015
+++ src/external/bsd/wpa/dist/src/p2p/p2p.c Wed Apr 22 16:24:20 2015
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p,
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
if (msg.ssid &&
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
!= 0)) {
