jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-28 21:56:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

aircrack-ng: add security patch for CVE-2010-1159

Browse Source 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2013-11-06 09:15:23 -03:00 committed by Peter Korsgaard
parent 6f05d5ac8f
commit ac147527e2
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch Normal file
View File

@ -0,0 +1,24 @@
Fix for buffer overflow CVE-2010-1159.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
--- a/src/airodump-ng.c
+++ b/src/airodump-ng.c
@@ -2126,7 +2126,7 @@
st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
+ h80211[z + 3] + 4;
- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0)
+ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)
{
// Ignore the packet trying to crash us.
goto write_packet;
@@ -2158,7 +2158,7 @@
st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
+ h80211[z + 3] + 4;
- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0)
+ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)
{
// Ignore the packet trying to crash us.
goto write_packet;