mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-20 13:27:16 +00:00
28e289fc71
Fixes the following security vulnerabilities: EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) was discovered not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference. For details, see the advisory: https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit b3adfacdb110fe5508284cf5159447492cffe944) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>