r152 - in unstable/rt73/debian: . patches

[benh at alioth.debian.org]

Author: benh
Date: 2009-01-28 01:05:58 +0000 (Wed, 28 Jan 2009)
New Revision: 152

Added:
   unstable/rt73/debian/patches/003_fix_probe_request_overflow.diff
Modified:
   unstable/rt73/debian/changelog
Log:
Fixed buffer overflow vulnerability in processing of ad-hoc probe
requests (CVE-2009-0282) (closes: bug#512995)


Modified: unstable/rt73/debian/changelog
===================================================================
--- unstable/rt73/debian/changelog	2009-01-28 00:43:38 UTC (rev 151)
+++ unstable/rt73/debian/changelog	2009-01-28 01:05:58 UTC (rev 152)
@@ -1,3 +1,10 @@
+rt73 (1:1.0.3.6-cvs20080623-dfsg1-3) unstable; urgency=high
+
+  * Fixed buffer overflow vulnerability in processing of ad-hoc probe
+    requests (CVE-2009-0282) (closes: bug#512995)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Wed, 28 Jan 2009 00:53:13 +0000
+
 rt73 (1:1.0.3.6-cvs20080623-dfsg1-2) unstable; urgency=low
 
   * Include upstream changelog in module source tarball. Closes: #487658.

Added: unstable/rt73/debian/patches/003_fix_probe_request_overflow.diff
===================================================================
--- unstable/rt73/debian/patches/003_fix_probe_request_overflow.diff	                        (rev 0)
+++ unstable/rt73/debian/patches/003_fix_probe_request_overflow.diff	2009-01-28 01:05:58 UTC (rev 152)
@@ -0,0 +1,14 @@
+Fixed buffer overflow vulnerability in processing of ad-hoc probe
+requests (CVE-2009-0282) (closes: bug#512995)
+
+--- rt73.orig/Module/sanity.c
++++ rt73/Module/sanity.c
+@@ -447,7 +447,7 @@
+ 
+     COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+ 
+-    if ((pFrame->Octet[0] != IE_SSID) || (pFrame->Octet[1] > MAX_LEN_OF_SSID))
++    if ((pFrame->Octet[0] != IE_SSID) || ((UCHAR)pFrame->Octet[1] > MAX_LEN_OF_SSID))
+     {
+         DBGPRINT(RT_DEBUG_TRACE, "PeerProbeReqSanity fail - wrong SSID IE(Type=%d,Len=%d)\n",pFrame->Octet[0],pFrame->Octet[1]);
+         return FALSE;