Comment 21 for bug 138873

Revision history for this message
Reinhard Tartler (siretart) wrote : Re: [Bug 138873] Re: "*** stack smashing detected ***: /sbin/wpa_supplicant terminated" with iwl4965

Kees Cook <email address hidden> writes:

> wpasupplicant (0.6.0-3ubuntu1~ppa1) gutsy; urgency=low
>
> * Add debian/patches/90_fix_wext_tsf_stack_overflow.dpatch: correct
> buffer size limit on hexstr2bin call from wext_get_scan_custom
> (LP: #138873).
>
> -- Kees Cook <email address hidden> Fri, 14 Sep 2007 23:08:25 -0700

The file debian/patches/90_fix_wext_tsf_stack_overflow.dpatch has the
following contents:

diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c wpasupplicant-0.6.0/src/drivers/driver_wext.c
--- wpasupplicant-0.6.0~/src/drivers/driver_wext.c 2007-05-28 10:26:55.000000000 -0700
+++ wpasupplicant-0.6.0/src/drivers/driver_wext.c 2007-09-14 23:07:24.217713592 -0700
@@ -1380,6 +1380,7 @@
                        wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
                        return;
                }
+ bytes /= 2;
                hexstr2bin(spos, bin, bytes);
                res->tsf += WPA_GET_BE64(bin);

Can you please comment on it?
The complete query for this bugtrail can be found at here:

https://launchpad.net/bugs/138873

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4