Google Git
Sign in
chromium / chromiumos / third_party / hostap / refs/heads/stabilize-6412.B
commitefdbec8d7e125c7f35019b48d6426e59fd134c61[log] [tgz]
authorJouni Malinen <jouni@qca.qualcomm.com>Mon Oct 06 15:49:01 2014
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Wed Oct 22 05:51:55 2014
tree0b5a04fd70729aeb3a61015c3631b8512ff9ed9b
parent7092852d247a96250eb7d0dccaf8b2d3dda9abfc [diff]
UPSTREAM: hostapd_cli: Use os_exec() for action script execution

Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
(cherry picked from commit 5d4fa2a29bef013e61185beb21a3ec110885eb9a)

BUG=chromium:425263
TEST=Compile test (no operational code paths modified)

Change-Id: I24bce35a4bfb6358b3d76b33c6c2cc65a5146b0f
Reviewed-on: https://chromium-review.googlesource.com/224764
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Paul Stewart <pstew@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
1 file changed
tree: 0b5a04fd70729aeb3a61015c3631b8512ff9ed9b
  1. doc/
  2. eap_example/
  3. hostapd/
  4. init/
  5. mac80211_hwsim/
  6. patches/
  7. radius_example/
  8. src/
  9. tests/
  10. wlantest/
  11. wpa_supplicant/
  12. hostap.git.
  13. .gitignore
  14. build_nsis.sh
  15. build_release
  16. CONTRIBUTIONS
  17. COPYING
  18. inherit-review-settings-ok
  19. PRESUBMIT.cfg
  20. README