Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 291004 Details for
Bug 427843
Backport the 'fragment_size' option
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
backport of 'fragment_size' config option from 0.5.9
wpa_supplicant-0.4.8-fragment-size.patch (text/plain), 3.50 KB, created by
Dan Williams
on 2008-01-07 19:47:45 UTC
(
hide
)
Description:
backport of 'fragment_size' config option from 0.5.9
Filename:
MIME Type:
Creator:
Dan Williams
Created:
2008-01-07 19:47:45 UTC
Size:
3.50 KB
patch
obsolete
>diff -up wpa_supplicant-0.4.8/config.c.fragment-size wpa_supplicant-0.4.8/config.c >--- wpa_supplicant-0.4.8/config.c.fragment-size 2008-01-07 14:26:37.000000000 -0500 >+++ wpa_supplicant-0.4.8/config.c 2008-01-07 14:27:54.000000000 -0500 >@@ -1046,6 +1046,7 @@ static const struct parse_data ssid_fiel > { INT(wep_tx_keyidx) }, > { INT(priority) }, > { INT(eap_workaround) }, >+ { INT(fragment_size) }, > { STR(pac_file) }, > { INT_RANGE(mode, 0, 1) }, > { INT_RANGE(proactive_key_caching, 0, 1) }, >@@ -1347,6 +1348,7 @@ void wpa_config_set_network_defaults(str > ssid->key_mgmt = DEFAULT_KEY_MGMT; > ssid->eapol_flags = DEFAULT_EAPOL_FLAGS; > ssid->eap_workaround = DEFAULT_EAP_WORKAROUND; >+ ssid->fragment_size = DEFAULT_FRAGMENT_SIZE; > } > > >diff -up wpa_supplicant-0.4.8/config_file.c.fragment-size wpa_supplicant-0.4.8/config_file.c >--- wpa_supplicant-0.4.8/config_file.c.fragment-size 2008-01-07 14:28:39.000000000 -0500 >+++ wpa_supplicant-0.4.8/config_file.c 2008-01-07 14:28:47.000000000 -0500 >@@ -595,6 +595,7 @@ static void wpa_config_write_network(FIL > INT(wep_tx_keyidx); > INT(priority); > INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND); >+ INT_DEF(fragment_size, DEFAULT_FRAGMENT_SIZE); > STR(pac_file); > INT(mode); > INT(proactive_key_caching); >diff -up wpa_supplicant-0.4.8/config_ssid.h.fragment-size wpa_supplicant-0.4.8/config_ssid.h >--- wpa_supplicant-0.4.8/config_ssid.h.fragment-size 2008-01-07 14:25:07.000000000 -0500 >+++ wpa_supplicant-0.4.8/config_ssid.h 2008-01-07 14:26:11.000000000 -0500 >@@ -47,6 +47,7 @@ > #define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP) > #define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | \ > WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40) >+#define DEFAULT_FRAGMENT_SIZE 1398 > > /** > * struct wpa_ssid - Network configuration data >@@ -761,6 +762,21 @@ struct wpa_ssid { > * ctrl_iface, e.g., with wpa_cli or wpa_gui). > */ > int disabled; >+ >+#ifdef IEEE8021X_EAPOL >+ >+ /** >+ * fragment_size - Maximum EAP fragment size in bytes (default 1398) >+ * >+ * This value limits the fragment size for EAP methods that support >+ * fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set >+ * small enough to make the EAP messages fit in MTU of the network >+ * interface used for EAPOL. The default value is suitable for most >+ * cases. >+ */ >+ int fragment_size; >+ >+#endif /* IEEE8021X_EAPOL */ > }; > > int wpa_config_allowed_eap_method(struct wpa_ssid *ssid, int method); >diff -up wpa_supplicant-0.4.8/eap_tls_common.c.fragment-size wpa_supplicant-0.4.8/eap_tls_common.c >--- wpa_supplicant-0.4.8/eap_tls_common.c.fragment-size 2008-01-07 14:32:50.000000000 -0500 >+++ wpa_supplicant-0.4.8/eap_tls_common.c 2008-01-07 14:32:54.000000000 -0500 >@@ -130,7 +130,7 @@ int eap_tls_ssl_init(struct eap_sm *sm, > } > > /* TODO: make this configurable */ >- data->tls_out_limit = 1398; >+ data->tls_out_limit = config->fragment_size; > if (data->phase2) { > /* Limit the fragment size in the inner TLS authentication > * since the outer authentication with EAP-PEAP does not yet >@@ -242,6 +242,16 @@ const u8 * eap_tls_data_reassemble( > (unsigned long) in_len); > return NULL; > } >+ if (data->tls_in_len + in_len > 65536) { >+ /* Limit length to avoid rogue servers from causing >+ * large memory allocations. */ >+ free(data->tls_in); >+ data->tls_in = NULL; >+ data->tls_in_len = 0; >+ wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size" >+ " over 64 kB)"); >+ return NULL; >+ } > buf = realloc(data->tls_in, data->tls_in_len + in_len); > if (buf == NULL) { > free(data->tls_in);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=291004">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 427843
: 291004