wpa_supplicant crashes when authenticating

This issue is not present in the upstream 0.6.6 release, i.e., it is introduced by 08_syslog_supplement.patch that Ubuntu 9.04 seems to be using. That patch is seriously broken: it introduces a buffer overflow where a stack buffer is written over due to a fixed size buffer used with sprintf and no bounds checking. The debug functions take in variable length data which may depend on data from external systems (i.e., untrusted systems control what gets written to the stack..). Disabling verbose debugging (i.e., not including -dd on the command line) is likely to be enough to work around this. Anyway, the proper fix would be to either revert that broken patch or fix it to handle variable length (and potentially very long) debug messages.

There is also an upstream case for this (http://w1.fi/bugz/show_bug.cgi?id=317), but that will be closed since this was confirmed to be an issue in debian/ubuntu patches, not upstream releases.

Looks like the same issue had also been reported for debian and fixed there by dropping the broken patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528639

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test it on a currently supported Ubuntu version. When you test it and it is still an issue, kindly upload the updated logs by running apport-collect 364781 and any other logs that are relevant for this particular issue.