r150 - in unstable/rt2500/debian: . patches

benh at alioth.debian.org benh at alioth.debian.org
Wed Jan 28 00:32:41 UTC 2009 

Author: benh
Date: 2009-01-28 00:32:41 +0000 (Wed, 28 Jan 2009)
New Revision: 150

Added:
   unstable/rt2500/debian/patches/006_fix_probe_request_overflow.diff
Modified:
   unstable/rt2500/debian/changelog
   unstable/rt2500/debian/patches/series
Log:
Fixed buffer overflow vulnerability in processing of ad-hoc probe
requests (CVE-2009-0282) (closes: bug#513000)


Modified: unstable/rt2500/debian/changelog
===================================================================
--- unstable/rt2500/debian/changelog	2009-01-28 00:26:57 UTC (rev 149)
+++ unstable/rt2500/debian/changelog	2009-01-28 00:32:41 UTC (rev 150)
@@ -1,3 +1,10 @@
+rt2500 (1:1.1.0-b4+cvs20080623-3) unstable; urgency=high
+
+  * Fixed buffer overflow vulnerability in processing of ad-hoc probe
+    requests (CVE-2009-0282) (closes: bug#513000)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Wed, 28 Jan 2009 00:33:41 +0000
+
 rt2500 (1:1.1.0-b4+cvs20080623-2) unstable; urgency=low
 
   * Revised 005_fix_error_rate_vars.diff so that it does not remove

Added: unstable/rt2500/debian/patches/006_fix_probe_request_overflow.diff
===================================================================
--- unstable/rt2500/debian/patches/006_fix_probe_request_overflow.diff	                        (rev 0)
+++ unstable/rt2500/debian/patches/006_fix_probe_request_overflow.diff	2009-01-28 00:32:41 UTC (rev 150)
@@ -0,0 +1,14 @@
+Fixed buffer overflow vulnerability in processing of ad-hoc probe
+requests (CVE-2009-0282) (closes: bug#513000)
+
+--- rt2500.orig/Module/sanity.c
++++ rt2500/Module/sanity.c
+@@ -380,7 +380,7 @@
+ 
+     COPY_MAC_ADDR(Addr2, &Fr->Hdr.Addr2);
+ 
+-    if ((Fr->Octet[0] != IE_SSID) || (Fr->Octet[1] > MAX_LEN_OF_SSID))
++    if ((Fr->Octet[0] != IE_SSID) || ((UCHAR)Fr->Octet[1] > MAX_LEN_OF_SSID))
+     {
+         DBGPRINT(RT_DEBUG_TRACE, "PeerProbeReqSanity fail - wrong SSID IE(Type=%d,Len=%d)\n",Fr->Octet[0],Fr->Octet[1]);
+         return FALSE;

Modified: unstable/rt2500/debian/patches/series
===================================================================
--- unstable/rt2500/debian/patches/series	2009-01-28 00:26:57 UTC (rev 149)
+++ unstable/rt2500/debian/patches/series	2009-01-28 00:32:41 UTC (rev 150)
@@ -1,2 +1,3 @@
 000_if_name.diff
 005_fix_error_rate_vars.diff
+006_fix_probe_request_overflow.diff

More information about the Pkg-ralink-commits mailing list