mirror of
https://git.freebsd.org/ports.git
synced 2025-06-03 11:56:28 -04:00
05d3374ae0
These are combined upstream patches 2015-2, 2015-3, 2015-4 They address the following security advisories: * CVE-2015-4141 * CVE-2015-4142 * CVE-2015-4143 * CVE-2015-4144 * CVE-2015-4145 * CVE-2015-4146 These advisories also apply to net/hostapd PR: 200568 Submitted by: Jason Unovitch
16 lines
505 B
C
16 lines
505 B
C
--- src/wps/httpread.c.orig 2015-03-15 17:30:39 UTC
|
|
+++ src/wps/httpread.c
|
|
@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd
|
|
if (!isxdigit(*cbp))
|
|
goto bad;
|
|
h->chunk_size = strtoul(cbp, NULL, 16);
|
|
+ if (h->chunk_size < 0 ||
|
|
+ h->chunk_size > h->max_bytes) {
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "httpread: Invalid chunk size %d",
|
|
+ h->chunk_size);
|
|
+ goto bad;
|
|
+ }
|
|
/* throw away chunk header
|
|
* so we have only real data
|
|
*/
|