There is a security issue with wpa_supplicant of note. I went looking for information on the FreeBSD.org site and apparently it hasn't been mitigated as yet. There is a patch available however which consists of a single line of code.
The information on CVE-2015-1863 can be found here:
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
The patch is quite simple in /usr/src/contrib/wpa/src/p2p/p2p.c as follows:
Be careful though, in the current 10.1 source, I found the location to be line 666. The one line of code mitigates the issue successfully.
Thought I would get the word out as quickly as possible as it affects all Unix systems which use wpa_supplicant from Linux to all BSD's to OS X. The linked to site also contains a copy of the patch I've included here as well.
Be safe!
The information on CVE-2015-1863 can be found here:
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
The patch is quite simple in /usr/src/contrib/wpa/src/p2p/p2p.c as follows:
Code:
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
src/p2p/p2p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index f584fae..a45fe73 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
if (msg.ssid &&
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
!= 0)) {
--
1.9.1
Be careful though, in the current 10.1 source, I found the location to be line 666. The one line of code mitigates the issue successfully.
Thought I would get the word out as quickly as possible as it affects all Unix systems which use wpa_supplicant from Linux to all BSD's to OS X. The linked to site also contains a copy of the patch I've included here as well.
Be safe!