HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS361936

Upstream commit message:
rS361936
Actions

Description

Upstream commit message:

[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks

The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after: 1 week
Security: VU#339275 and CVE-2020-12695

Details

Provenance
cyAuthored on
Parents
rS361935: Add VHDX support to mkimg(1)
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
vendor/
wpa/
dist/
src/
wps/

rS361936

View Options

vendor/wpa/dist/src/wps/wps_er.c

Loading...
View Options

vendor/wpa/dist/src/wps/wps_upnp.c

Loading...
View Options

vendor/wpa/dist/src/wps/wps_upnp_i.h

Loading...