Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-26 09:18:24 -05:00
Code Issues Projects Releases Wiki Activity
87fcb5a735
fragattacks/src/eap_peer
History
Jouni Malinen 87fcb5a735 EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation 
The req_plen argument to eap_pax_process_std_1() and
eap_pax_process_std_3() could be smaller than sizeof(struct eap_pax_hdr)
since the main processing function was only verifying that there is
enough room for the ICV and then removed ICV length from the remaining
payload length.

In theory, this could have resulted in the size_t left parameter being
set to a negative value that would be interpreted as a huge positive
integer. That could then result in a small buffer read overflow and
process termination if MSGDUMP debug verbosity was in use.

In practice, it does not seem to be feasible to construct a short
message that would be able to pass the ICV validation (calculated using
HMAC-SHA1-128) even for the case where an empty password is used.
Anyway, the implementation should really check the length explicitly
instead of depending on implicit check through ICV validation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:36 +03:00
..
eap_aka.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_config.h Add an option allow canned EAP-Success for wired IEEE 802.1X 2015-02-01 19:22:54 +02:00
eap_eke.c EAP-EKE: Do not pass full request to eap_eke_build_fail() 2015-05-03 16:32:05 +03:00
eap_fast_pac.c Check os_snprintf() result more consistently - automatic 1 2014-12-08 11:42:07 +02:00
eap_fast_pac.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_fast.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_gpsk.c EAP-GPSK: Pass EAP identifier instead of full request 2015-05-03 16:32:28 +03:00
eap_gtc.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_i.h Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
eap_ikev2.c EAP-IKEv2 peer: Fix fragmentation reassembly 2014-12-21 00:48:24 +02:00
eap_leap.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_md5.c EAP-MD5: Verify that CHAP operation succeeds 2012-08-16 18:49:02 +03:00
eap_methods.c Check os_snprintf() result more consistently - automatic 1 2014-12-08 11:42:07 +02:00
eap_methods.h HS 2.0R2: Add WFA server-only EAP-TLS peer method 2014-02-26 01:24:23 +02:00
eap_mschapv2.c EAP-MSCHAPv2 peer: Add option to disable password retry query 2015-02-01 17:45:19 +02:00
eap_otp.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_pax.c EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation 2015-05-03 16:32:36 +03:00
eap_peap.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_proxy_dummy.c eap_proxy: Add context data pointer to the get_imsi call 2013-10-23 20:51:46 +03:00
eap_proxy.h eap_proxy: Add context data pointer to the get_imsi call 2013-10-23 20:51:46 +03:00
eap_psk.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_pwd.c EAP-pwd peer: Add support for hashed password 2015-03-28 09:43:33 +02:00
eap_sake.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_sim.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_tls_common.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tls_common.h EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tls.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tnc.c EAP-TNC: Limit maximum message buffer to 75000 bytes (CID 62873) 2014-06-13 16:03:45 +03:00
eap_ttls.c EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_vendor_test.c tests: Pending EAP peer processing with VENDOR-TEST 2015-01-28 13:09:31 +02:00
eap_wsc.c WPS: Add explicit message length limit of 50000 bytes 2014-11-23 21:03:40 +02:00
eap.c Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
eap.h Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
ikev2.c EAP-IKEv2: Fix a typo in a debug message 2014-12-21 13:19:14 +02:00
ikev2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
Makefile tests: Add eapol-fuzzer 2015-04-22 11:44:19 +03:00
mschapv2.c EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons 2014-07-02 12:38:48 +03:00
mschapv2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
tncc.c TNC: Fix minor memory leak (CID 62848) 2014-06-12 19:44:58 +03:00
tncc.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00