osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan/crypt
History
Peter Wu b5d062ba57 Fix buffer overflow in 802.11 decryption 
The sha1 function outputs a multiple of 20 bytes while the ptk buffer
has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164
and use an output buffer of 80 octets.

Noticed when running Wireshark with ASAN, on exit it would try to free a
"next" pointer which was filled with sha1 garbage. It probably got
triggered via 3f8fbb7349 which made
AirPDcap responsible for managing its own memory.

Bug: 10849
Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1
Reviewed-on: https://code.wireshark.org/review/7645
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
 		2015-03-11 22:47:40 +00:00
..
Custom.common From Jacob Nordgren and Rishie Sharma: 2012-08-09 16:42:31 +00:00
Makefile.am Support out-of-source checkapi 2014-04-25 04:23:46 +00:00
Makefile.common Continue to remove $Id$ from top of file 2014-03-31 18:48:06 +00:00
Makefile.nmake Add '*.nativecodeanalysis.xml' to 'clean' targets 2015-01-02 01:45:16 +00:00
airpdcap.c Fix buffer overflow in 802.11 decryption 2015-03-11 22:47:40 +00:00
airpdcap_ccmp.c Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_debug.c Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_debug.h Fix airpdcap debugging code. 2015-01-09 22:17:16 +00:00
airpdcap_int.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_interop.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_rijndael.c Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_rijndael.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_system.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_tkip.c Continue to remove $Id$ from top of file 2014-03-31 18:49:26 +00:00
airpdcap_user.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
airpdcap_ws.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
kasumi.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00
wep-wpadefs.h Remove all $Id$ from top of file 2014-03-04 14:27:33 +00:00