aircrack-ng: add security patch for CVE-2010-1159
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
6f05d5ac8f
commit
ac147527e2
24
package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch
Normal file
24
package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch
Normal file
@ -0,0 +1,24 @@
|
||||
Fix for buffer overflow CVE-2010-1159.
|
||||
|
||||
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
||||
|
||||
--- a/src/airodump-ng.c
|
||||
+++ b/src/airodump-ng.c
|
||||
@@ -2126,7 +2126,7 @@
|
||||
st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
|
||||
+ h80211[z + 3] + 4;
|
||||
|
||||
- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0)
|
||||
+ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)
|
||||
{
|
||||
// Ignore the packet trying to crash us.
|
||||
goto write_packet;
|
||||
@@ -2158,7 +2158,7 @@
|
||||
st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
|
||||
+ h80211[z + 3] + 4;
|
||||
|
||||
- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0)
|
||||
+ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)
|
||||
{
|
||||
// Ignore the packet trying to crash us.
|
||||
goto write_packet;
|
Loading…
Reference in New Issue
Block a user