Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
halo
external_wpa_supplicant_8
Commits
0a6e8591
Commit
0a6e8591
authored
8 years ago
by
Mark Stevens
Browse files
Options
Download
Email Patches
Plain Diff
update to duco/rk 3128-6003-6.0
parent
7ddfe10f
rockchip-6.0.1_r55
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
12 additions
and
9 deletions
+12
-9
src/eap_peer/eap_pwd.c
src/eap_peer/eap_pwd.c
+4
-3
src/eap_server/eap_server_pwd.c
src/eap_server/eap_server_pwd.c
+3
-3
wpa_supplicant/config_file.c
wpa_supplicant/config_file.c
+5
-3
No files found.
src/eap_peer/eap_pwd.c
View file @
0a6e8591
...
...
@@ -896,7 +896,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
/*
* buffer and ACK the fragment
*/
if
(
EAP_PWD_GET_MORE_BIT
(
lm_exch
)
||
data
->
in_frag_pos
)
{
if
(
EAP_PWD_GET_MORE_BIT
(
lm_exch
))
{
data
->
in_frag_pos
+=
len
;
if
(
data
->
in_frag_pos
>
wpabuf_size
(
data
->
inbuf
))
{
wpa_printf
(
MSG_INFO
,
"EAP-pwd: Buffer overflow attack "
...
...
@@ -909,8 +909,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
return
NULL
;
}
wpabuf_put_data
(
data
->
inbuf
,
pos
,
len
);
}
if
(
EAP_PWD_GET_MORE_BIT
(
lm_exch
))
{
resp
=
eap_msg_alloc
(
EAP_VENDOR_IETF
,
EAP_TYPE_PWD
,
EAP_PWD_HDR_SIZE
,
EAP_CODE_RESPONSE
,
eap_get_id
(
reqData
));
...
...
@@ -924,8 +923,10 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
* we're buffering and this is the last fragment
*/
if
(
data
->
in_frag_pos
)
{
wpabuf_put_data
(
data
->
inbuf
,
pos
,
len
);
wpa_printf
(
MSG_DEBUG
,
"EAP-pwd: Last fragment, %d bytes"
,
(
int
)
len
);
data
->
in_frag_pos
+=
len
;
pos
=
wpabuf_head_u8
(
data
->
inbuf
);
len
=
data
->
in_frag_pos
;
}
...
...
This diff is collapsed.
Click to expand it.
src/eap_server/eap_server_pwd.c
View file @
0a6e8591
...
...
@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
/*
* the first and all intermediate fragments have the M bit set
*/
if
(
EAP_PWD_GET_MORE_BIT
(
lm_exch
)
||
data
->
in_frag_pos
)
{
if
(
EAP_PWD_GET_MORE_BIT
(
lm_exch
))
{
if
((
data
->
in_frag_pos
+
len
)
>
wpabuf_size
(
data
->
inbuf
))
{
wpa_printf
(
MSG_DEBUG
,
"EAP-pwd: Buffer overflow "
"attack detected! (%d+%d > %d)"
,
...
...
@@ -981,8 +981,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
}
wpabuf_put_data
(
data
->
inbuf
,
pos
,
len
);
data
->
in_frag_pos
+=
len
;
}
if
(
EAP_PWD_GET_MORE_BIT
(
lm_exch
))
{
wpa_printf
(
MSG_DEBUG
,
"EAP-pwd: Got a %d byte fragment"
,
(
int
)
len
);
return
;
...
...
@@ -992,6 +990,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
* buffering fragments so that's how we know it's the last)
*/
if
(
data
->
in_frag_pos
)
{
wpabuf_put_data
(
data
->
inbuf
,
pos
,
len
);
data
->
in_frag_pos
+=
len
;
pos
=
wpabuf_head_u8
(
data
->
inbuf
);
len
=
data
->
in_frag_pos
;
wpa_printf
(
MSG_DEBUG
,
"EAP-pwd: Last fragment, %d bytes"
,
...
...
This diff is collapsed.
Click to expand it.
wpa_supplicant/config_file.c
100644 → 100755
View file @
0a6e8591
...
...
@@ -1305,7 +1305,7 @@ int wpa_config_write(const char *name, struct wpa_config *config)
#ifndef CONFIG_NO_CONFIG_BLOBS
struct
wpa_config_blob
*
blob
;
#endif
/* CONFIG_NO_CONFIG_BLOBS */
int
ret
=
0
;
int
ret
=
0
,
fd
;
const
char
*
orig_name
=
name
;
int
tmp_len
=
os_strlen
(
name
)
+
5
;
/* allow space for .tmp suffix */
char
*
tmp_name
=
os_malloc
(
tmp_len
);
...
...
@@ -1353,8 +1353,10 @@ int wpa_config_write(const char *name, struct wpa_config *config)
}
#endif
/* CONFIG_NO_CONFIG_BLOBS */
os_fsync
(
f
);
fflush
(
f
);
fd
=
fileno
(
f
);
if
(
fd
>=
0
)
fsync
(
fd
);
fclose
(
f
);
if
(
tmp_name
)
{
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment