diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-08-16 08:16:37 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-08-16 08:25:49 +0000 |
commit | 031621e2cf39f9441cb620e4ebfb5261276e7978 (patch) | |
tree | c23b9bbb9610ab5a20d88cbb523e91b0b92da24c /main/hostapd | |
parent | 68556a3dee1f0eede0ab212b7274060017c915d0 (diff) | |
download | aports-031621e2cf39f9441cb620e4ebfb5261276e7978.tar.bz2 aports-031621e2cf39f9441cb620e4ebfb5261276e7978.tar.xz |
main/hostapd: security fixes (CVE-2019-13377)
Ref #10731
Remove uneeded patch
Diffstat (limited to 'main/hostapd')
8 files changed, 350 insertions, 47 deletions
diff --git a/main/hostapd/0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch b/main/hostapd/0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch new file mode 100644 index 0000000000..073f1e3ce1 --- /dev/null +++ b/main/hostapd/0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch @@ -0,0 +1,31 @@ +From e43f08991f00820c1f711ca254021d5f83b5cd7d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Thu, 25 Apr 2019 18:52:34 +0300 +Subject: [PATCH 1/6] SAE: Use const_time_memcmp() for pwd_value >= prime + comparison + +This reduces timing and memory access pattern differences for an +operation that could depend on the used password. + +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +(cherry picked from commit 8e14b030e558d23f65d761895c07089404e61cf1) +--- + src/common/sae.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/common/sae.c b/src/common/sae.c +index 5a50294a6..0d56e5505 100644 +--- a/src/common/sae.c ++++ b/src/common/sae.c +@@ -317,7 +317,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed, + wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", + pwd_value, sae->tmp->prime_len); + +- if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) ++ if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) + return 0; + + x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); +-- +2.20.1 + diff --git a/main/hostapd/0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch b/main/hostapd/0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch new file mode 100644 index 0000000000..e27cd827e8 --- /dev/null +++ b/main/hostapd/0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch @@ -0,0 +1,70 @@ +From 20d7bd83c43fb24c4cf84d3045254d3ee1957166 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Thu, 25 Apr 2019 19:07:05 +0300 +Subject: [PATCH 2/6] EAP-pwd: Use const_time_memcmp() for pwd_value >= prime + comparison + +This reduces timing and memory access pattern differences for an +operation that could depend on the used password. + +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +(cherry picked from commit 7958223fdcfe82479e6ed71019a84f6d4cbf799c) +--- + src/eap_common/eap_pwd_common.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c +index 884150e6c..6ca2c8bad 100644 +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + u8 qnr_bin[MAX_ECC_PRIME_LEN]; + u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN]; + u8 x_bin[MAX_ECC_PRIME_LEN]; ++ u8 prime_bin[MAX_ECC_PRIME_LEN]; + struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL; + struct crypto_hash *hash; + unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr; +@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + os_memset(x_bin, 0, sizeof(x_bin)); + + prime = crypto_ec_get_prime(grp->group); ++ primebitlen = crypto_ec_prime_len_bits(grp->group); ++ primebytelen = crypto_ec_prime_len(grp->group); ++ if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin), ++ primebytelen) < 0) ++ return -1; + grp->pwe = crypto_ec_point_init(grp->group); + tmp1 = crypto_bignum_init(); + pm1 = crypto_bignum_init(); +@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + goto fail; + } + +- primebitlen = crypto_ec_prime_len_bits(grp->group); +- primebytelen = crypto_ec_prime_len(grp->group); + if ((prfbuf = os_malloc(primebytelen)) == NULL) { + wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf " + "buffer"); +@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + if (primebitlen % 8) + buf_shift_right(prfbuf, primebytelen, + 8 - primebitlen % 8); ++ if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) ++ continue; + + crypto_bignum_deinit(x_candidate, 1); + x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); +@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + goto fail; + } + +- if (crypto_bignum_cmp(x_candidate, prime) >= 0) +- continue; +- + wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate", + prfbuf, primebytelen); + const_time_select_bin(found, x_bin, prfbuf, primebytelen, +-- +2.20.1 + diff --git a/main/hostapd/0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch b/main/hostapd/0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch new file mode 100644 index 0000000000..16feeaabb4 --- /dev/null +++ b/main/hostapd/0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch @@ -0,0 +1,66 @@ +From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Thu, 25 Apr 2019 19:23:05 +0300 +Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if + available + +This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL +functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid +differences in runtime and memory access patterns depending on the +leading bytes of the BIGNUM value. + +OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases +are still using the previous implementation where the BN_num_bytes() +call may result in different memory access pattern. + +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3) +--- + src/crypto/crypto_openssl.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c +index 1b0c1ec96..23ae5462d 100644 +--- a/src/crypto/crypto_openssl.c ++++ b/src/crypto/crypto_openssl.c +@@ -1295,7 +1295,13 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear) + int crypto_bignum_to_bin(const struct crypto_bignum *a, + u8 *buf, size_t buflen, size_t padlen) + { ++#ifdef OPENSSL_IS_BORINGSSL ++#else /* OPENSSL_IS_BORINGSSL */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#else + int num_bytes, offset; ++#endif ++#endif /* OPENSSL_IS_BORINGSSL */ + + if (TEST_FAIL()) + return -1; +@@ -1303,6 +1309,14 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, + if (padlen > buflen) + return -1; + ++#ifdef OPENSSL_IS_BORINGSSL ++ if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) ++ return -1; ++ return padlen; ++#else /* OPENSSL_IS_BORINGSSL */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ return BN_bn2binpad((const BIGNUM *) a, buf, padlen); ++#else + num_bytes = BN_num_bytes((const BIGNUM *) a); + if ((size_t) num_bytes > buflen) + return -1; +@@ -1315,6 +1329,8 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, + BN_bn2bin((const BIGNUM *) a, buf + offset); + + return num_bytes + offset; ++#endif ++#endif /* OPENSSL_IS_BORINGSSL */ + } + + +-- +2.20.1 + diff --git a/main/hostapd/0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch b/main/hostapd/0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch new file mode 100644 index 0000000000..0a2f398527 --- /dev/null +++ b/main/hostapd/0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch @@ -0,0 +1,59 @@ +From a25b48118d75f3c2d7cb1b2c3b4cffb13091a34c Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Mon, 24 Jun 2019 23:01:06 +0300 +Subject: [PATCH 4/6] SAE: Run through prf result processing even if it >= + prime + +This reduces differences in timing and memory access within the +hunting-and-pecking loop for ECC groups that have a prime that is not +close to a power of two (e.g., Brainpool curves). + +Signed-off-by: Jouni Malinen <j@w1.fi> +(cherry picked from commit 147bf7b88a9c231322b5b574263071ca6dbb0503) +--- + src/common/sae.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/common/sae.c b/src/common/sae.c +index 0d56e5505..759e48e22 100644 +--- a/src/common/sae.c ++++ b/src/common/sae.c +@@ -304,6 +304,8 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed, + struct crypto_bignum *y_sqr, *x_cand; + int res; + size_t bits; ++ int cmp_prime; ++ unsigned int in_range; + + wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN); + +@@ -317,8 +319,13 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed, + wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", + pwd_value, sae->tmp->prime_len); + +- if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) +- return 0; ++ cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len); ++ /* Create a const_time mask for selection based on prf result ++ * being smaller than prime. */ ++ in_range = const_time_fill_msb((unsigned int) cmp_prime); ++ /* The algorithm description would skip the next steps if ++ * cmp_prime >= 0 (reutnr 0 here), but go through them regardless to ++ * minimize externally observable differences in behavior. */ + + x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); + if (!x_cand) +@@ -330,7 +337,9 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed, + + res = is_quadratic_residue_blind(sae, prime, bits, qr, qnr, y_sqr); + crypto_bignum_deinit(y_sqr, 1); +- return res; ++ if (res < 0) ++ return res; ++ return const_time_select_int(in_range, res, 0); + } + + +-- +2.20.1 + diff --git a/main/hostapd/0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch b/main/hostapd/0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch new file mode 100644 index 0000000000..d5ebe59aec --- /dev/null +++ b/main/hostapd/0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch @@ -0,0 +1,57 @@ +From 00a6cc73da61b03c146b6c341d0d1e572bcef432 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Mon, 24 Jun 2019 23:02:51 +0300 +Subject: [PATCH 5/6] EAP-pwd: Run through prf result processing even if it >= + prime + +This reduces differences in timing and memory access within the +hunting-and-pecking loop for ECC groups that have a prime that is not +close to a power of two (e.g., Brainpool curves). + +Signed-off-by: Jouni Malinen <j@w1.fi> +(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5) +--- + src/eap_common/eap_pwd_common.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c +index 6ca2c8bad..fec251472 100644 +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -155,6 +155,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + struct crypto_bignum *x_candidate = NULL; + const struct crypto_bignum *prime; + u8 mask, found_ctr = 0, is_odd = 0; ++ int cmp_prime; ++ unsigned int in_range; + + if (grp->pwe) + return -1; +@@ -241,8 +243,13 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + if (primebitlen % 8) + buf_shift_right(prfbuf, primebytelen, + 8 - primebitlen % 8); +- if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) +- continue; ++ cmp_prime = const_time_memcmp(prfbuf, prime_bin, primebytelen); ++ /* Create a const_time mask for selection based on prf result ++ * being smaller than prime. */ ++ in_range = const_time_fill_msb((unsigned int) cmp_prime); ++ /* The algorithm description would skip the next steps if ++ * cmp_prime >= 0, but go through them regardless to minimize ++ * externally observable differences in behavior. */ + + crypto_bignum_deinit(x_candidate, 1); + x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); +@@ -306,7 +313,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + goto fail; + mask = const_time_eq(res, check); + found_ctr = const_time_select_u8(found, found_ctr, ctr); +- found |= mask; ++ found |= mask & in_range; + } + if (found == 0) { + wpa_printf(MSG_INFO, +-- +2.20.1 + diff --git a/main/hostapd/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch b/main/hostapd/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch new file mode 100644 index 0000000000..8dce92fffc --- /dev/null +++ b/main/hostapd/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch @@ -0,0 +1,51 @@ +From 558518ed63202e5358116ab7e0afd5e85490f2ef Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 27 Jul 2019 23:19:17 +0300 +Subject: [PATCH 6/6] dragonfly: Disable use of groups using Brainpool curves + +Disable groups that use Brainpool curves for now since they leak more +timing information due to the prime not being close to a power of two. +This removes use of groups 28, 29, and 30 from SAE and EAP-pwd. + +Signed-off-by: Jouni Malinen <j@w1.fi> +(cherry picked from commit 876c5eaa6dae1a87a17603fc489a44c29eedc2e3) +--- + src/common/sae.c | 6 ++++-- + src/eap_common/eap_pwd_common.c | 3 +-- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/common/sae.c b/src/common/sae.c +index 759e48e22..2dbc251a4 100644 +--- a/src/common/sae.c ++++ b/src/common/sae.c +@@ -28,9 +28,11 @@ static int sae_suitable_group(int group) + * purposes: FFC groups whose prime is >= 3072 bits and ECC groups + * defined over a prime field whose prime is >= 256 bits. Furthermore, + * ECC groups defined over a characteristic 2 finite field and ECC +- * groups with a co-factor greater than 1 are not suitable. */ ++ * groups with a co-factor greater than 1 are not suitable. Disable ++ * groups that use Brainpool curves as well for now since they leak more ++ * timing information due to the prime not being close to a power of ++ * two. */ + return group == 19 || group == 20 || group == 21 || +- group == 28 || group == 29 || group == 30 || + group == 15 || group == 16 || group == 17 || group == 18; + #endif /* CONFIG_TESTING_OPTIONS */ + } +diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c +index fec251472..4a5eb2599 100644 +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -89,8 +89,7 @@ static int eap_pwd_suitable_group(u16 num) + { + /* Do not allow ECC groups with prime under 256 bits based on guidance + * for the similar design in SAE. */ +- return num == 19 || num == 20 || num == 21 || +- num == 28 || num == 29 || num == 30; ++ return num == 19 || num == 20 || num == 21; + } + + +-- +2.20.1 + diff --git a/main/hostapd/APKBUILD b/main/hostapd/APKBUILD index ca1b1cf93f..2c979ac729 100644 --- a/main/hostapd/APKBUILD +++ b/main/hostapd/APKBUILD @@ -1,14 +1,20 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=hostapd pkgver=2.8 -pkgrel=0 +pkgrel=1 pkgdesc="daemon for wireless software access points" url="http://hostap.epitest.fi/hostapd/" arch="all" license="custom" makedepends="openssl-dev libnl3-dev linux-headers" subpackages="$pkgname-doc $pkgname-openrc" -patches="" +patches="0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch + 0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch + 0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch + 0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch + 0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch + 0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch +" source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz $patches $pkgname.initd @@ -17,6 +23,8 @@ options="!check" #no testsuite builddir="$srcdir"/$pkgname-$pkgver/hostapd # secfixes: +# 2.8-r1: +# - CVE-2019-13377 # 2.8-r0: # - CVE-2019-11555 # - CVE-2019-9496 @@ -92,5 +100,11 @@ package() { "$pkgdir"/usr/share/man/man1/hostapd_cli } sha512sums="5a352517470912bcb87755a592238eac2d814a7089d4ba1ecb7969f172dbb746a4e9a6c0d47c0d7c4a6a86b04b14ac39147d729fdf3163371c1067490a4897aa hostapd-2.8.tar.gz +0dfc8728cfc3a86f7a182a7f71213b94f64880ee4470e2a939c83059df5af7a60d56ec0a8a5f2f717838995f4ef2c6a8fb909324875b0f12a52040239092d115 0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch +88b28f73267b5031417e527b4e2eea117e62649862bafbe99b83b77bade56612283279906c8d1a4c997fb8f32fc7a6cf8c88931a64e9520d1bf45fbdb0e6c381 0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch +01389b9d3951bf1148894c0f4b45d22ef8352a8fe1090721d17216506581305726f6a6c0ebff88479e5342330e75fc04db9201d7d65d4cc6b01a5f7258dc26f9 0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch +1fabc83a5e05ce3d09c89e37365d038bd0eec3a76683966ad172eac3c2c884dbc24fc6ca11c27a8f4582e886d0f1cde73bbede4484352b42a3f686d89d088fff 0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch +bcae73930c35d441c5615970c305abb3dff293fdec16df50823e57419b22d1aac0e780970619e0c78b4482b7d07962bcf6162706a20e20f7b21a3a10f500eff1 0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch +4734a8ab8ba1e91fc9e3d729f34527c14c291df238b02adea5acc04b0361b41d4bffca2fb13a4f464e9f007fa624117af4f50d755cb41a3129b4868da91bdf9a 0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3 hostapd.initd 0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe hostapd.confd" diff --git a/main/hostapd/CVE-2012-4445.patch b/main/hostapd/CVE-2012-4445.patch deleted file mode 100644 index 552307d279..0000000000 --- a/main/hostapd/CVE-2012-4445.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Sun, 7 Oct 2012 17:06:29 +0000 (+0300) -Subject: EAP-TLS server: Fix TLS Message Length validation -X-Git-Url: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff_plain;h=586c446e0ff42ae00315b014924ec669023bd8de - -EAP-TLS server: Fix TLS Message Length validation - -EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS -Message Length value properly and could end up trying to store more -information into the message buffer than the allocated size if the first -fragment is longer than the indicated size. This could result in hostapd -process terminating in wpabuf length validation. Fix this by rejecting -messages that have invalid TLS Message Length value. - -This would affect cases that use the internal EAP authentication server -in hostapd either directly with IEEE 802.1X or when using hostapd as a -RADIUS authentication server and when receiving an incorrectly -constructed EAP-TLS message. Cases where hostapd uses an external -authentication are not affected. - -Thanks to Timo Warns for finding and reporting this issue. - -Signed-hostap: Jouni Malinen <j@w1.fi> -intended-for: hostap-1 ---- - -diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c -index 31be2ec..46f282b 100644 ---- a/src/eap_server/eap_server_tls_common.c -+++ b/src/eap_server/eap_server_tls_common.c -@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data, - return -1; - } - -+ if (len > message_length) { -+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in " -+ "first fragment of frame (TLS Message " -+ "Length %d bytes)", -+ (int) len, (int) message_length); -+ return -1; -+ } -+ - data->tls_in = wpabuf_alloc(message_length); - if (data->tls_in == NULL) { - wpa_printf(MSG_DEBUG, "SSL: No memory for message"); |