]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0650dc) | patch
MFC r361957-r361960
authorCy Schubert <cy@FreeBSD.org>
Fri, 12 Jun 2020 01:03:51 +0000 (01:03 +0000)
committerCy Schubert <cy@FreeBSD.org>
Fri, 12 Jun 2020 01:03:51 +0000 (01:03 +0000)
commitcafdf8589b22f4842de9326e97ee2f3cb4902f27
treeee9e5158939697e7e9aadbb2422632a4f76bae07tree | snapshot
parentd0650dcead762d324e9826ba71d5f91d1935611ccommit | diff
MFC r361957-r361960

r361957:
MFV r361936:

Upstream commit message:

[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks

The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
Security: VU#339275 and CVE-2020-12695

r361958:
MFV r361937:

Upstream commit message:

[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path

More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.

Obtained from: https://w1.fi/security/2020-1/\
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
Security: VU#339275 and CVE-2020-12695

r361959:
MFV r361938:

Upstream commit message:

[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly

While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.

These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.

Obtained from: https://w1.fi/security/2020-1/\
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
Security: VU#339275 and CVE-2020-12695

r361960:
Post CVE-2020-12695 cleanup patch:

Resolve a Linuxism to fix the build.
contrib/wpa/src/wps/wps_er.c diff | blob | history
contrib/wpa/src/wps/wps_upnp.c diff | blob | history
contrib/wpa/src/wps/wps_upnp_event.c diff | blob | history
contrib/wpa/src/wps/wps_upnp_i.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.