Kees Cook <[EMAIL PROTECTED]> writes:
> wpasupplicant (0.6.0-3ubuntu1~ppa1) gutsy; urgency=low
>
> * Add debian/patches/90_fix_wext_tsf_stack_overflow.dpatch: correct
> buffer size limit on hexstr2bin call from wext_get_scan_custom
> (LP: #138873).
>
> -- Kees Cook <[EMAIL PROTECTED]> Fri, 14 Sep 2007 23:08:25 -0700
The file debian/patches/90_fix_wext_tsf_stack_overflow.dpatch has the
following contents:
diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c
wpasupplicant-0.6.0/src/drivers/driver_wext.c
--- wpasupplicant-0.6.0~/src/drivers/driver_wext.c 2007-05-28
10:26:55.000000000 -0700
+++ wpasupplicant-0.6.0/src/drivers/driver_wext.c 2007-09-14
23:07:24.217713592 -0700
@@ -1380,6 +1380,7 @@
wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
return;
}
+ bytes /= 2;
hexstr2bin(spos, bin, bytes);
res->tsf += WPA_GET_BE64(bin);
Can you please comment on it?
The complete query for this bugtrail can be found at here:
https://launchpad.net/bugs/138873
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
--
"*** stack smashing detected ***: /sbin/wpa_supplicant terminated" with iwl4965
https://bugs.launchpad.net/bugs/138873
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
