]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 38b45b6 7ff78ed)
MFV r361936:
authorCy Schubert <cy@FreeBSD.org>
Tue, 9 Jun 2020 05:35:38 +0000 (05:35 +0000)
committerCy Schubert <cy@FreeBSD.org>
Tue, 9 Jun 2020 05:35:38 +0000 (05:35 +0000)
commita3557ef05fc8477d7222ff6fd612b5b90ea5aa74
tree4b0b0a0ac17207b7098f1ee3329834ee98f78cf8tree | snapshot
parent38b45b65cdaac3cf3b531aecb77fd5d8085a2911commit | diff
parent7ff78eda39f2359bf061bb8a236a21c744bf6032commit | diff
MFV r361936:

Upstream commit message:

[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks

The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
contrib/wpa/src/wps/wps_er.c diff1 | diff2 | blob | history
contrib/wpa/src/wps/wps_upnp.c diff1 | diff2 | blob | history
contrib/wpa/src/wps/wps_upnp_i.h diff1 | diff2 | blob | history
Unnamed repository; edit this file 'description' to name the repository.