diff options
author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2013-11-06 09:15:23 -0300 |
---|---|---|
committer | Peter Korsgaard <peter@korsgaard.com> | 2013-11-06 13:32:18 +0100 |
commit | ac147527e2681737ed096466b4f773d9a39bef2d (patch) | |
tree | 59e4d5add2f368201640f6c13ecb8e22a0840f84 /package/aircrack-ng | |
parent | 6f05d5ac8f34b30f87408132775dac74648d5b33 (diff) |
aircrack-ng: add security patch for CVE-2010-1159
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/aircrack-ng')
-rw-r--r-- | package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch b/package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch new file mode 100644 index 000000000..634a01e39 --- /dev/null +++ b/package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch @@ -0,0 +1,24 @@ +Fix for buffer overflow CVE-2010-1159. + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> + +--- a/src/airodump-ng.c ++++ b/src/airodump-ng.c +@@ -2126,7 +2126,7 @@ + st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 ) + + h80211[z + 3] + 4; + +- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0) ++ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256) + { + // Ignore the packet trying to crash us. + goto write_packet; +@@ -2158,7 +2158,7 @@ + st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 ) + + h80211[z + 3] + 4; + +- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0) ++ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256) + { + // Ignore the packet trying to crash us. + goto write_packet; |