Module Name: src Committed By: christos Date: Mon Oct 8 14:03:09 UTC 2012
Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server_tls_common.c Log Message: EXP-TLS server: Fix TLS Message Length validation: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;\ h=586c446e0ff42ae00315b014924ec669023bd8de http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.2 --- src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 Sun Oct 7 19:47:03 2012 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Mon Oct 8 10:03:09 2012 @@ -223,6 +223,12 @@ static int eap_server_tls_process_fragme " over 64 kB)"); return -1; } + if (len > message_length) { + wpa_printf(MSG_INFO, "SSL: Too much data (%zu bytes) " + "in first fragment of frame (TLS Message " + "Length %u bytes)", len, message_length); + return -1; + } data->tls_in = wpabuf_alloc(message_length); if (data->tls_in == NULL) {