diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-02-25 20:57:49 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-02-25 20:57:49 +0100 |
commit | 0dd3c094ee472cd9cd7074045fdd8752ad77eb0d (patch) | |
tree | 448e08092ba8120d620c920e1140d4e2c102aca4 /pkgs/os-specific/linux/wpa_supplicant | |
parent | b9a45e769ac857a8cf6f6957f7fae6a77af7859a (diff) | |
download | nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.tar nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.tar.gz nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.tar.bz2 nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.tar.lz nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.tar.xz nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.tar.zst nixpkgs-0dd3c094ee472cd9cd7074045fdd8752ad77eb0d.zip |
wpa_supplicant: fix for security advisory 2021-1
A vulnerability was discovered in how wpa_supplicant processes P2P (Wi-Fi Direct) provision discovery requests. Under a corner case condition, an invalid Provision Discovery Request frame could end up reaching a state where the oldest peer entry needs to be removed. With a suitably constructed invalid frame, this could result in use (read+write) of freed memory. This can result in an attacker within radio range of the device running P2P discovery being able to cause unexpected behavior, including termination of the wpa_supplicant process and potentially code execution. https://w1.fi/security/2021-1/
Diffstat (limited to 'pkgs/os-specific/linux/wpa_supplicant')
-rw-r--r-- | pkgs/os-specific/linux/wpa_supplicant/default.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix index ee8b26c384d..b6af5525be6 100644 --- a/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -31,6 +31,11 @@ stdenv.mkDerivation rec { url = "https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch"; sha256 = "19f4hx0p547mdx8y8arb3vclwyy4w9c8a6a40ryj7q33730mrmn4"; }) + # P2P: Fix a corner case in peer addition based on PD Request (https://w1.fi/security/2021-1/) + (fetchurl { + url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch"; + sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z"; + }) ]; # TODO: Patch epoll so that the dbus actually responds |