Package: Hostapd Version: 0.3.7-2 Severity: critical Tags: security, patch, sarge
Description: An invalid value, in a field of EAPoL frame, causes a segmantation fault error in hostapd deamon. We found it using Stress: a software for protocol implementation testing and security testing, you can find it at http://lart.det.unifi.it/Members/rosi/stress We find the error in wpa.c file, line 1416: key_data_length = ntohs(key->key_data_length); for correct it we can take the patch made by Maulinen in revision 1.71.2.1 in cvs system: key_data_length = ntohs(key->key_data_length); if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) { wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " "key_data overflow (%d > %d)", key_data_length, data_len - sizeof(*hdr) - sizeof(*key)); return; } regards, Matteo Rosi, Leonardo Maccari -- Telecommunication Network Lab, Department of Electronics and Telecommunications, University of Florence http://lart.det.unifi.it/
