hostapd: merge some pending fixes (fixes assoc errors when moving between vaps of...

[openwrt.git] / package / network / services / hostapd / patches / 001-CVE-2012-4445.patch

--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragme
                        return -1;
                }
 
+               if (len > message_length) {
+                       wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+                                  "first fragment of frame (TLS Message "
+                                  "Length %d bytes)",
+                                  (int) len, (int) message_length);
+                       return -1;
+               }
+
                data->tls_in = wpabuf_alloc(message_length);
                if (data->tls_in == NULL) {
                        wpa_printf(MSG_DEBUG, "SSL: No memory for message");