diff options
author | Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> | 2016-12-13 15:49:44 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-12-17 09:56:41 +0000 |
commit | 8751dbde2736a4dbea83f6f581fe90f0c60def76 (patch) | |
tree | 4dbe003be4e7a9625b90909830b409dc1971edd5 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch | |
parent | 9277fcfa1ceafda1439a8e229e98e741f1301be9 (diff) | |
download | openembedded-core-contrib-8751dbde2736a4dbea83f6f581fe90f0c60def76.tar.gz |
wpa-supplicant: 2.5 -> 2.6
1)Upgrade wpa-supplicant from 2.5 to 2.6.
2)Delete 5 patches below, since they are integrated upstream.
0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
3)License checksum changes are not related to license changes.
(From OE-Core rev: 878d411eb53e96bf78e902cc2345eccda8807bfc)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch')
-rw-r--r-- | meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch deleted file mode 100644 index 5375db74b3..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@qca.qualcomm.com> -Date: Tue, 5 Apr 2016 23:55:48 +0300 -Subject: [PATCH 3/3] Reject SET commands with newline characters in the - string values - -Many of the global configuration parameters are written as strings -without filtering and if there is an embedded newline character in the -value, unexpected configuration file data might be written. - -This fixes an issue where wpa_supplicant could have updated the -configuration file global parameter with arbitrary data from the control -interface or D-Bus interface. While those interfaces are supposed to be -accessible only for trusted users/applications, it may be possible that -an untrusted user has access to a management software component that -does not validate the value of a parameter before passing it to -wpa_supplicant. - -This could allow such an untrusted user to inject almost arbitrary data -into the configuration file. Such configuration file could result in -wpa_supplicant trying to load a library (e.g., opensc_engine_path, -pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user -controlled location when starting again. This would allow code from that -library to be executed under the wpa_supplicant process privileges. - -Upstream-Status: Backport - -CVE: CVE-2016-4477 - -Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> -Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com> ---- - wpa_supplicant/config.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c -index 69152ef..d9a1603 100644 ---- a/wpa_supplicant/config.c -+++ b/wpa_supplicant/config.c -@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data, - return -1; - } - -+ if (has_newline(pos)) { -+ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline", -+ line, data->name); -+ return -1; -+ } -+ - tmp = os_strdup(pos); - if (tmp == NULL) - return -1; --- -1.9.1 |