Re: [PATCH 1/1] 802.1X: validate input before pointer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 18, 2017 at 01:14:28AM +0200, Michael Braun wrote:
> ieee802_1x_kay_decode_mkpdu calls ieee802_1x_mka_i_in_peerlist before
> body_len has been checked on all segments.
> 
> ieee802_1x_kay_decode_mkpdu and ieee802_1x_mka_i_in_peerlist might
> continue and thus underflow left_len even if it finds left_len to small
> (or before checking).
> 
> Additionally, ieee802_1x_mka_dump_peer_body might perform out of bound
> reads in this case.
> 
> Fix this by checking left_len and aborting if too small early.

Thanks, applied.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux