Commit ac147527 authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

aircrack-ng: add security patch for CVE-2010-1159 



Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 6f05d5ac

package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch

0 → 100644
+24 −0
Original line number Diff line number Diff line 
Fix for buffer overflow CVE-2010-1159.



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>



--- a/src/airodump-ng.c

+++ b/src/airodump-ng.c

@@ -2126,7 +2126,7 @@

                     st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )

                             +   h80211[z + 3] + 4;

 

-                    if ((int)pkh.len - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0)

+                    if (caplen - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)

 					{

 						// Ignore the packet trying to crash us.

                     	goto write_packet;

@@ -2158,7 +2158,7 @@

                     st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )

                             +   h80211[z + 3] + 4;

 

-                    if ((int)pkh.len - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0)

+		    if (caplen - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)

 					{

 						// Ignore the packet trying to crash us.

                     	goto write_packet;