DSA-2557 hostapd - buffer overflow

Timo Warns discovered that the internal authentication server of hostapd,
a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
is vulnerable to a buffer overflow when processing fragmented EAP-TLS
messages. As a result, an internal overflow checking routine terminates
the process. An attacker can abuse this flaw to conduct denial of service
attacks via crafted EAP-TLS messages prior to any authentication.