diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-11-06 08:39:51 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-11-06 08:39:51 +0000 |
commit | 70234a558689b584030a21e53c9e3473a1ae1dc7 (patch) | |
tree | fe03b70c73c6aaa8a4b62ea9409dc37f89a250c7 | |
parent | cf77a75e1baf2dbe15dc265e2879782c2a271b84 (diff) | |
download | alpine_aports-70234a558689b584030a21e53c9e3473a1ae1dc7.tar.bz2 alpine_aports-70234a558689b584030a21e53c9e3473a1ae1dc7.tar.xz alpine_aports-70234a558689b584030a21e53c9e3473a1ae1dc7.zip |
main/hostapd: fix CVE-2012-4445
fixes #1428
-rw-r--r-- | main/hostapd/APKBUILD | 11 | ||||
-rw-r--r-- | main/hostapd/CVE-2012-4445.patch | 45 |
2 files changed, 55 insertions, 1 deletions
diff --git a/main/hostapd/APKBUILD b/main/hostapd/APKBUILD index 7b25f79919..13739da065 100644 --- a/main/hostapd/APKBUILD +++ b/main/hostapd/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=hostapd | 2 | pkgname=hostapd |
3 | pkgver=1.0 | 3 | pkgver=1.0 |
4 | pkgrel=1 | 4 | pkgrel=2 |
5 | pkgdesc="daemon for wireless software access points" | 5 | pkgdesc="daemon for wireless software access points" |
6 | url="http://hostap.epitest.fi/hostapd/" | 6 | url="http://hostap.epitest.fi/hostapd/" |
7 | arch="all" | 7 | arch="all" |
@@ -10,7 +10,9 @@ depends= | |||
10 | makedepends="openssl-dev libnl-dev" | 10 | makedepends="openssl-dev libnl-dev" |
11 | install= | 11 | install= |
12 | subpackages="$pkgname-doc" | 12 | subpackages="$pkgname-doc" |
13 | patches="CVE-2012-4445.patch" | ||
13 | source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz | 14 | source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz |
15 | $patches | ||
14 | $pkgname.initd | 16 | $pkgname.initd |
15 | $pkgname.confd" | 17 | $pkgname.confd" |
16 | 18 | ||
@@ -20,6 +22,12 @@ _builddir="$srcdir"/$pkgname-$pkgver/hostapd | |||
20 | prepare() { | 22 | prepare() { |
21 | local conf="$_builddir/.config" | 23 | local conf="$_builddir/.config" |
22 | 24 | ||
25 | cd "$_builddir"/.. | ||
26 | for i in $patches; do | ||
27 | msg $i | ||
28 | patch -p1 -i "$srcdir"/$i || return 1 | ||
29 | done | ||
30 | |||
23 | cd "$_builddir" | 31 | cd "$_builddir" |
24 | sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ | 32 | sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
25 | hostapd.conf | 33 | hostapd.conf |
@@ -110,5 +118,6 @@ package() { | |||
110 | } | 118 | } |
111 | 119 | ||
112 | md5sums="236247a7bbd4f60d5fa3e99849d1ffc9 hostapd-1.0.tar.gz | 120 | md5sums="236247a7bbd4f60d5fa3e99849d1ffc9 hostapd-1.0.tar.gz |
121 | 0d01d4641e0c33f79c1f4372613655bf CVE-2012-4445.patch | ||
113 | de734b22c3ad1e85309b5634d29c6225 hostapd.initd | 122 | de734b22c3ad1e85309b5634d29c6225 hostapd.initd |
114 | c91382209042defa04e79d0ae841a29e hostapd.confd" | 123 | c91382209042defa04e79d0ae841a29e hostapd.confd" |
diff --git a/main/hostapd/CVE-2012-4445.patch b/main/hostapd/CVE-2012-4445.patch new file mode 100644 index 0000000000..552307d279 --- /dev/null +++ b/main/hostapd/CVE-2012-4445.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From: Jouni Malinen <j@w1.fi> | ||
2 | Date: Sun, 7 Oct 2012 17:06:29 +0000 (+0300) | ||
3 | Subject: EAP-TLS server: Fix TLS Message Length validation | ||
4 | X-Git-Url: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff_plain;h=586c446e0ff42ae00315b014924ec669023bd8de | ||
5 | |||
6 | EAP-TLS server: Fix TLS Message Length validation | ||
7 | |||
8 | EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS | ||
9 | Message Length value properly and could end up trying to store more | ||
10 | information into the message buffer than the allocated size if the first | ||
11 | fragment is longer than the indicated size. This could result in hostapd | ||
12 | process terminating in wpabuf length validation. Fix this by rejecting | ||
13 | messages that have invalid TLS Message Length value. | ||
14 | |||
15 | This would affect cases that use the internal EAP authentication server | ||
16 | in hostapd either directly with IEEE 802.1X or when using hostapd as a | ||
17 | RADIUS authentication server and when receiving an incorrectly | ||
18 | constructed EAP-TLS message. Cases where hostapd uses an external | ||
19 | authentication are not affected. | ||
20 | |||
21 | Thanks to Timo Warns for finding and reporting this issue. | ||
22 | |||
23 | Signed-hostap: Jouni Malinen <j@w1.fi> | ||
24 | intended-for: hostap-1 | ||
25 | --- | ||
26 | |||
27 | diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c | ||
28 | index 31be2ec..46f282b 100644 | ||
29 | --- a/src/eap_server/eap_server_tls_common.c | ||
30 | +++ b/src/eap_server/eap_server_tls_common.c | ||
31 | @@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data, | ||
32 | return -1; | ||
33 | } | ||
34 | |||
35 | + if (len > message_length) { | ||
36 | + wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in " | ||
37 | + "first fragment of frame (TLS Message " | ||
38 | + "Length %d bytes)", | ||
39 | + (int) len, (int) message_length); | ||
40 | + return -1; | ||
41 | + } | ||
42 | + | ||
43 | data->tls_in = wpabuf_alloc(message_length); | ||
44 | if (data->tls_in == NULL) { | ||
45 | wpa_printf(MSG_DEBUG, "SSL: No memory for message"); | ||