diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-10-12 09:28:14 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-10-12 09:28:14 -0400 |
| commit | abcf4858cda9ded59671681ab9820b5358d8bb16 (patch) | |
| tree | fd1b0a53affad3ad0eb9b3867a2c127228530973 /gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch | |
| parent | 82adf4952ac1c03af3b41851ef4bbe1d2d6935a0 (diff) | |
| parent | bfb48f4f33583f58392a05f1d6cbf559156293ed (diff) | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch')
| -rw-r--r-- | gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch deleted file mode 100644 index 5f42aa9219..0000000000 --- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@qca.qualcomm.com> -Date: Tue, 5 Apr 2016 23:55:48 +0300 -Subject: [PATCH 5/5] Reject SET commands with newline characters in the - string values - -Many of the global configuration parameters are written as strings -without filtering and if there is an embedded newline character in the -value, unexpected configuration file data might be written. - -This fixes an issue where wpa_supplicant could have updated the -configuration file global parameter with arbitrary data from the control -interface or D-Bus interface. While those interfaces are supposed to be -accessible only for trusted users/applications, it may be possible that -an untrusted user has access to a management software component that -does not validate the value of a parameter before passing it to -wpa_supplicant. - -This could allow such an untrusted user to inject almost arbitrary data -into the configuration file. Such configuration file could result in -wpa_supplicant trying to load a library (e.g., opensc_engine_path, -pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user -controlled location when starting again. This would allow code from that -library to be executed under the wpa_supplicant process privileges. - -Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> ---- - wpa_supplicant/config.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c -index 69152ef..d9a1603 100644 ---- a/wpa_supplicant/config.c -+++ b/wpa_supplicant/config.c -@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data, - return -1; - } - -+ if (has_newline(pos)) { -+ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline", -+ line, data->name); -+ return -1; -+ } -+ - tmp = os_strdup(pos); - if (tmp == NULL) - return -1; --- -1.9.1 - |