Kees Cook <email address hidden> writes:
> wpasupplicant (0.6.0-3ubuntu1~ppa1) gutsy; urgency=low > > * Add debian/patches/90_fix_wext_tsf_stack_overflow.dpatch: correct > buffer size limit on hexstr2bin call from wext_get_scan_custom > (LP: #138873). > > -- Kees Cook <email address hidden> Fri, 14 Sep 2007 23:08:25 -0700
The file debian/patches/90_fix_wext_tsf_stack_overflow.dpatch has the following contents:
diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c wpasupplicant-0.6.0/src/drivers/driver_wext.c --- wpasupplicant-0.6.0~/src/drivers/driver_wext.c 2007-05-28 10:26:55.000000000 -0700 +++ wpasupplicant-0.6.0/src/drivers/driver_wext.c 2007-09-14 23:07:24.217713592 -0700 @@ -1380,6 +1380,7 @@ wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); return; } + bytes /= 2; hexstr2bin(spos, bin, bytes); res->tsf += WPA_GET_BE64(bin);
Can you please comment on it? The complete query for this bugtrail can be found at here:
https://launchpad.net/bugs/138873
-- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4
Kees Cook <email address hidden> writes:
> wpasupplicant (0.6.0- 3ubuntu1~ ppa1) gutsy; urgency=low patches/ 90_fix_ wext_tsf_ stack_overflow. dpatch: correct scan_custom
>
> * Add debian/
> buffer size limit on hexstr2bin call from wext_get_
> (LP: #138873).
>
> -- Kees Cook <email address hidden> Fri, 14 Sep 2007 23:08:25 -0700
The file debian/ patches/ 90_fix_ wext_tsf_ stack_overflow. dpatch has the
following contents:
diff -urNad wpasupplicant- 0.6.0~/ src/drivers/ driver_ wext.c wpasupplicant- 0.6.0/src/ drivers/ driver_ wext.c 0.6.0~/ src/drivers/ driver_ wext.c 2007-05-28 10:26:55.000000000 -0700 0.6.0/src/ drivers/ driver_ wext.c 2007-09-14 23:07:24.217713592 -0700
wpa_ printf( MSG_INFO, "Invalid TSF length (%d)", bytes);
return;
hexstr2bin( spos, bin, bytes);
res-> tsf += WPA_GET_BE64(bin);
--- wpasupplicant-
+++ wpasupplicant-
@@ -1380,6 +1380,7 @@
}
+ bytes /= 2;
Can you please comment on it?
The complete query for this bugtrail can be found at here:
https:/ /launchpad. net/bugs/ 138873
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4