08ef4426a7
The payload lengths were not properly verified and the first check on there being enough buffer for the header was practically ignored. The second check for the full payload would catch length issues, but this is only after the potential read beyond the buffer. (CID 72687) Signed-off-by: Jouni Malinen <j@w1.fi> |
||
|---|---|---|
| .. | ||
| chap.c | ||
| chap.h | ||
| eap_common.c | ||
| eap_common.h | ||
| eap_defs.h | ||
| eap_eke_common.c | ||
| eap_eke_common.h | ||
| eap_fast_common.c | ||
| eap_fast_common.h | ||
| eap_gpsk_common.c | ||
| eap_gpsk_common.h | ||
| eap_ikev2_common.c | ||
| eap_ikev2_common.h | ||
| eap_pax_common.c | ||
| eap_pax_common.h | ||
| eap_peap_common.c | ||
| eap_peap_common.h | ||
| eap_psk_common.c | ||
| eap_psk_common.h | ||
| eap_pwd_common.c | ||
| eap_pwd_common.h | ||
| eap_sake_common.c | ||
| eap_sake_common.h | ||
| eap_sim_common.c | ||
| eap_sim_common.h | ||
| eap_tlv_common.h | ||
| eap_ttls.h | ||
| eap_wsc_common.c | ||
| eap_wsc_common.h | ||
| ikev2_common.c | ||
| ikev2_common.h | ||
| Makefile | ||