hostap/src/eap_peer
Jouni Malinen dd2f043c9c EAP-pwd peer: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.

Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
..
eap.c Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
eap.h Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
eap_aka.c EAP-SIM/AKA: Explicitly check for header to include Reserved field 2015-05-03 16:33:03 +03:00
eap_config.h Add an option allow canned EAP-Success for wired IEEE 802.1X 2015-02-01 19:22:54 +02:00
eap_eke.c EAP-EKE: Do not pass full request to eap_eke_build_fail() 2015-05-03 16:32:05 +03:00
eap_fast.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_fast_pac.c Check os_snprintf() result more consistently - automatic 1 2014-12-08 11:42:07 +02:00
eap_fast_pac.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_gpsk.c EAP-GPSK: Pass EAP identifier instead of full request 2015-05-03 16:32:28 +03:00
eap_gtc.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_i.h Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
eap_ikev2.c EAP-IKEv2 peer: Fix fragmentation reassembly 2014-12-21 00:48:24 +02:00
eap_leap.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_md5.c EAP-MD5: Verify that CHAP operation succeeds 2012-08-16 18:49:02 +03:00
eap_methods.c Check os_snprintf() result more consistently - automatic 1 2014-12-08 11:42:07 +02:00
eap_methods.h HS 2.0R2: Add WFA server-only EAP-TLS peer method 2014-02-26 01:24:23 +02:00
eap_mschapv2.c EAP-MSCHAPv2 peer: Add option to disable password retry query 2015-02-01 17:45:19 +02:00
eap_otp.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_pax.c EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation 2015-05-03 16:32:36 +03:00
eap_peap.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_proxy.h eap_proxy: Add context data pointer to the get_imsi call 2013-10-23 20:51:46 +03:00
eap_proxy_dummy.c eap_proxy: Add context data pointer to the get_imsi call 2013-10-23 20:51:46 +03:00
eap_psk.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_pwd.c EAP-pwd peer: Fix payload length validation for Commit and Confirm 2015-05-03 18:26:50 +03:00
eap_sake.c EAP-SAKE: Pass EAP identifier instead of full request 2015-05-03 16:32:46 +03:00
eap_sim.c EAP-SIM/AKA: Explicitly check for header to include Reserved field 2015-05-03 16:33:03 +03:00
eap_tls.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tls_common.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tls_common.h EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tnc.c EAP-TNC: Limit maximum message buffer to 75000 bytes (CID 62873) 2014-06-13 16:03:45 +03:00
eap_ttls.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_vendor_test.c tests: Pending EAP peer processing with VENDOR-TEST 2015-01-28 13:09:31 +02:00
eap_wsc.c WPS: Add explicit message length limit of 50000 bytes 2014-11-23 21:03:40 +02:00
ikev2.c EAP-IKEv2: Fix a typo in a debug message 2014-12-21 13:19:14 +02:00
ikev2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
Makefile tests: Add eapol-fuzzer 2015-04-22 11:44:19 +03:00
mschapv2.c EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons 2014-07-02 12:38:48 +03:00
mschapv2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
tncc.c TNC: Fix minor memory leak (CID 62848) 2014-06-12 19:44:58 +03:00
tncc.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00