Root/package/network/services/hostapd/patches/001-CVE-2012-4445.patch

1--- a/src/eap_server/eap_server_tls_common.c
2+++ b/src/eap_server/eap_server_tls_common.c
3@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragme
4             return -1;
5         }
6 
7+ if (len > message_length) {
8+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
9+ "first fragment of frame (TLS Message "
10+ "Length %d bytes)",
11+ (int) len, (int) message_length);
12+ return -1;
13+ }
14+
15         data->tls_in = wpabuf_alloc(message_length);
16         if (data->tls_in == NULL) {
17             wpa_printf(MSG_DEBUG, "SSL: No memory for message");
18

Archive Download this file



interactive