Module Name: src
Committed By: christos
Date: Mon Oct 8 14:03:09 UTC 2012
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_tls_common.c
Log Message:
EXP-TLS server: Fix TLS Message Length validation:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;\
h=586c446e0ff42ae00315b014924ec669023bd8de
http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.2
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 Sun Oct 7 19:47:03 2012
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Mon Oct 8 10:03:09 2012
@@ -223,6 +223,12 @@ static int eap_server_tls_process_fragme
" over 64 kB)");
return -1;
}
+ if (len > message_length) {
+ wpa_printf(MSG_INFO, "SSL: Too much data (%zu bytes) "
+ "in first fragment of frame (TLS Message "
+ "Length %u bytes)", len, message_length);
+ return -1;
+ }
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
