wpa_supplicant: Fix CVE-2015-1863
AbandonedPublic
Actions

Authored by kwm on May 4 2015, 10:47 AM.

Details

Reviewers

dumbbell
rpaulo

Summary

Fix CVE in wpa_supplicant inspired by
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199678

This should probably be MFC'd to the stable- and release branches.
But maybe we should get a so@ on boat for that? As a port person I'm
not familiar with the workflow to so such.

Test Plan

make buildworld
Install and using it at run-time.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

kwm updated this revision to Diff 5171.May 4 2015, 10:47 AM

kwm retitled this revision from to wpa_supplicant: Fix CVE-2015-1863.

kwm updated this object.

kwm edited the test plan for this revision. (Show Details)

Herald added a subscriber: imp. · View Herald TranscriptMay 4 2015, 10:47 AM

Upstream commit: http://w1.fi/cgit/hostap/commit/?id=9ed4eee345f85e3025c33c6e20aa25696e341ccd

wpa_supplicant is maintained in a vendor branch before being imported into base:
https://svnweb.freebsd.org/base/vendor/wpa/

I suppose your patch needs to go there first, but I never worked with vendor import. @rpaulo will know better :-)

If you really must, go ahead and commit this patch, but please understand this code was never compiled in FreeBSD.

kwm abandoned this revision.May 29 2015, 10:28 AM

Revision Contents
Changeset List

Path

Size

contrib/

wpa/

src/

p2p/

p2p.c

1 line

Diff 5171

View Options

wpa_supplicant: Fix CVE-2015-1863AbandonedPublicActions