[pkg-wpa-devel] r874 - in /wpasupplicant/trunk/debian: changelog patches/00list patches/50_fix_wext_tsf_stack_overflow.dpatch

kelmo-guest at users.alioth.debian.org kelmo-guest at users.alioth.debian.org
Wed Sep 26 10:07:54 UTC 2007


Author: kelmo-guest
Date: Wed Sep 26 10:07:54 2007
New Revision: 874

URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=874
Log:
* Fix stack overflow condition that could exist if driver reported bad tsf
  data in iwevent and scan results. (Closes: #442387)

Added:
    wpasupplicant/trunk/debian/patches/50_fix_wext_tsf_stack_overflow.dpatch
Modified:
    wpasupplicant/trunk/debian/changelog
    wpasupplicant/trunk/debian/patches/00list

Modified: wpasupplicant/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/changelog?rev=874&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/changelog (original)
+++ wpasupplicant/trunk/debian/changelog Wed Sep 26 10:07:54 2007
@@ -1,3 +1,10 @@
+wpasupplicant (0.6.0-4) UNRELEASED; urgency=low
+
+  * Fix stack overflow condition that could exist if driver reported bad tsf
+    data in iwevent and scan results. (Closes: #442387)
+
+ -- Kel Modderman <kel at otaku42.de>  Wed, 26 Sep 2007 20:05:17 +1000
+
 wpasupplicant (0.6.0-3) unstable; urgency=low
 
   * Add debian/mk-madwifi-header-patch, a quick and dirty bash script for

Modified: wpasupplicant/trunk/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/patches/00list?rev=874&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/patches/00list (original)
+++ wpasupplicant/trunk/debian/patches/00list Wed Sep 26 10:07:54 2007
@@ -2,3 +2,4 @@
 20_madwifi_headers
 30_dbus_policy
 40_debian_doc_examples
+50_fix_wext_tsf_stack_overflow

Added: wpasupplicant/trunk/debian/patches/50_fix_wext_tsf_stack_overflow.dpatch
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/patches/50_fix_wext_tsf_stack_overflow.dpatch?rev=874&op=file
==============================================================================
--- wpasupplicant/trunk/debian/patches/50_fix_wext_tsf_stack_overflow.dpatch (added)
+++ wpasupplicant/trunk/debian/patches/50_fix_wext_tsf_stack_overflow.dpatch Wed Sep 26 10:07:54 2007
@@ -1,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 50_fix_hexstr2bin_stack_overflow.dpatch by Kees Cook <kees at outflux.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Adjust bytes to target buffer length, not source buffer length.
+
+ at DPATCH@
+diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c wpasupplicant-0.6.0/src/drivers/driver_wext.c
+--- wpasupplicant-0.6.0~/src/drivers/driver_wext.c	2007-05-28 10:26:55.000000000 -0700
++++ wpasupplicant-0.6.0/src/drivers/driver_wext.c	2007-09-14 23:07:24.217713592 -0700
+@@ -1380,6 +1380,7 @@
+ 			wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
+ 			return;
+ 		}
++		bytes /= 2;
+ 		hexstr2bin(spos, bin, bytes);
+ 		res->tsf += WPA_GET_BE64(bin);
+ 	}




More information about the Pkg-wpa-devel mailing list