wpa_supplicant: fix for security advisory 2021-1

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.

https://w1.fi/security/2021-1/
This commit is contained in:
Martin Weinelt 2021-02-25 20:57:49 +01:00
parent b9a45e769a
commit 0dd3c094ee
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759

@ -31,6 +31,11 @@ stdenv.mkDerivation rec {
url = "https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch";
sha256 = "19f4hx0p547mdx8y8arb3vclwyy4w9c8a6a40ryj7q33730mrmn4";
})
# P2P: Fix a corner case in peer addition based on PD Request (https://w1.fi/security/2021-1/)
(fetchurl {
url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch";
sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z";
})
];
# TODO: Patch epoll so that the dbus actually responds