Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-13 08:01:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/n/wpa_supplicant/patches/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
Patrick J Volkerding 58eb3d5294 Wed Dec 29 02:42:32 UTC 2021 
l/libgsf-1.14.48-x86_64-1.txz:  Upgraded.
l/netpbm-10.97.00-x86_64-1.txz:  Upgraded.
n/wpa_supplicant-2.9-x86_64-8.txz:  Rebuilt.
  This update fixes the following security issues:
  AP mode PMF disconnection protection bypass.
  UPnP SUBSCRIBE misbehavior in hostapd WPS AP.
  P2P group information processing vulnerability.
  P2P provision discovery processing vulnerability.
  ASN.1: Validate DigestAlgorithmIdentifier parameters.
  Flush pending control interface message for an interface to be removed.
  These issues could result in a denial-of-service, privilege escalation,
  arbitrary code execution, or other unexpected behavior.
  Thanks to nobodino for pointing out the patches.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004
  (* Security fix *)
xap/seamonkey-2.53.10.2-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.10.2
  (* Security fix *)
2021-12-29 08:59:55 +01:00

47 lines
1.5 KiB
Diff
Raw Blame History

From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 4 Jun 2020 21:24:04 +0300
Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_upnp_event.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
index 08a23612f338..c0d9e41d9a38 100644
--- a/src/wps/wps_upnp_event.c
+++ b/src/wps/wps_upnp_event.c
@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
buf = event_build_message(e);
if (buf == NULL) {
- event_retry(e, 0);
+ event_addr_failure(e);
return -1;
}
@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
event_http_cb, e);
if (e->http_event == NULL) {
wpabuf_free(buf);
- event_retry(e, 0);
+ event_addr_failure(e);
return -1;
}
--
2.20.1
Reference in a new issue View git blame Copy permalink