]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: a3557ef fcd7585)
MFV r361937:
authorCy Schubert <cy@FreeBSD.org>
Tue, 9 Jun 2020 05:38:12 +0000 (05:38 +0000)
committerCy Schubert <cy@FreeBSD.org>
Tue, 9 Jun 2020 05:38:12 +0000 (05:38 +0000)
commitb266d2f2063bb7ed6daf390d726dcc6e9d0dcf1c
treefcd48783518511ffbbd8d7024539812b22f3112atree | snapshot
parenta3557ef05fc8477d7222ff6fd612b5b90ea5aa74commit | diff
parentfcd7585218588159ed2e743c05e2ae37f968e88dcommit | diff
MFV r361937:

Upstream commit message:

[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path

More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.

Obtained from: https://w1.fi/security/2020-1/\
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
contrib/wpa/src/wps/wps_upnp.c diff1 | diff2 | blob | history
contrib/wpa/src/wps/wps_upnp_event.c diff1 | diff2 | blob | history
Unnamed repository; edit this file 'description' to name the repository.