wireshark - wireshark.org protocol dissector with Osmocom additions (obsolete)

diff options

author	Peter Wu <peter@lekensteyn.nl>	2015-03-11 19:31:56 +0100
committer	Michael Mann <mmann78@netscape.net>	2015-03-11 22:47:40 +0000
commit	b5d062ba57efd4b78f83518ac868fcb25d9bc243 (patch)
tree	e035379ed08f032057df099f23621869135c213a /epan/ftypes
parent	90797b95a02a2ab3c2790e17e999cbf1552daee8 (diff)

Fix buffer overflow in 802.11 decryption

The sha1 function outputs a multiple of 20 bytes while the ptk buffer has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164 and use an output buffer of 80 octets. Noticed when running Wireshark with ASAN, on exit it would try to free a "next" pointer which was filled with sha1 garbage. It probably got triggered via 3f8fbb734915aaf74eb006898e8fabb007afbf48 which made AirPDcap responsible for managing its own memory. Bug: 10849 Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1 Reviewed-on: https://code.wireshark.org/review/7645 Reviewed-by: Evan Huus <eapache@gmail.com> Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Tested-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Michael Mann <mmann78@netscape.net>

Diffstat (limited to 'epan/ftypes')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: