1 files changed, 0 insertions, 52 deletions

diff --git a/package/network/services/hostapd/patches/063-0010-SAE-Fix-confirm-message-validation-in-error-cases.patch b/package/network/services/hostapd/patches/063-0010-SAE-Fix-confirm-message-validation-in-error-cases.patch
deleted file mode 100644
index 3a3658e640..0000000000
--- a/package/network/services/hostapd/patches/063-0010-SAE-Fix-confirm-message-validation-in-error-cases.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From ac8fa9ef198640086cf2ce7c94673be2b6a018a0 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 5 Mar 2019 23:43:25 +0200
-Subject: [PATCH 10/14] SAE: Fix confirm message validation in error cases
-
-Explicitly verify that own and peer commit scalar/element are available
-when trying to check SAE confirm message. It could have been possible to
-hit a NULL pointer dereference if the peer element could not have been
-parsed. (CVE-2019-9496)
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -1464,23 +1464,31 @@ int sae_check_confirm(struct sae_data *s
- 
- 	wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", WPA_GET_LE16(data));
- 
--	if (sae->tmp == NULL) {
-+	if (!sae->tmp || !sae->peer_commit_scalar ||
-+	    !sae->tmp->own_commit_scalar) {
- 		wpa_printf(MSG_DEBUG, "SAE: Temporary data not yet available");
- 		return -1;
- 	}
- 
--	if (sae->tmp->ec)
-+	if (sae->tmp->ec) {
-+		if (!sae->tmp->peer_commit_element_ecc ||
-+		    !sae->tmp->own_commit_element_ecc)
-+			return -1;
- 		sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar,
- 				   sae->tmp->peer_commit_element_ecc,
- 				   sae->tmp->own_commit_scalar,
- 				   sae->tmp->own_commit_element_ecc,
- 				   verifier);
--	else
-+	} else {
-+		if (!sae->tmp->peer_commit_element_ffc ||
-+		    !sae->tmp->own_commit_element_ffc)
-+			return -1;
- 		sae_cn_confirm_ffc(sae, data, sae->peer_commit_scalar,
- 				   sae->tmp->peer_commit_element_ffc,
- 				   sae->tmp->own_commit_scalar,
- 				   sae->tmp->own_commit_element_ffc,
- 				   verifier);
-+	}
- 
- 	if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Confirm mismatch");