kumquat-buildroot/package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch

Fix for buffer overflow CVE-2010-1159.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

--- a/src/airodump-ng.c
+++ b/src/airodump-ng.c
@@ -2126,7 +2126,7 @@
                     st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
                             +   h80211[z + 3] + 4;
 
-                    if ((int)pkh.len - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0)
+                    if (caplen - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)
 					{
 						// Ignore the packet trying to crash us.
                     	goto write_packet;
@@ -2158,7 +2158,7 @@
                     st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
                             +   h80211[z + 3] + 4;
 
-                    if ((int)pkh.len - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0)
+		    if (caplen - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)
 					{
 						// Ignore the packet trying to crash us.
                     	goto write_packet;