[gentoo-commits] gentoo-x86 commit in net-wireless/ndiswrapper/files: ndiswrapper-CVE-2008-4395.patch - gentoo-commits

From:	"Piotr Jaroszynski (peper)" <peper@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-wireless/ndiswrapper/files: ndiswrapper-CVE-2008-4395.patch
Date:	Mon, 27 Oct 2008 12:52:59
Message-Id:	`E1KuRaa-000522-GA@stork.gentoo.org`

1

peper       08/10/27 12:52:56

2

3

  Added:                ndiswrapper-CVE-2008-4395.patch

4

  Log:

5

  Add 1.53-r1 straight to x86. Security bug #239371.

6

  (Portage version: 2.2_rc12/cvs/Linux 2.6.26-gentoo x86_64, RepoMan options: --force)

7

8

Revision  Changes    Path

9

1.1                  net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&content-type=text/plain

13

14

Index: ndiswrapper-CVE-2008-4395.patch

15

===================================================================

16

diff --git a/ubuntu/ndiswrapper/iw_ndis.c b/ubuntu/ndiswrapper/iw_ndis.c

17

index b114ef6..01d3751 100644

18

--- a/ubuntu/ndiswrapper/iw_ndis.c

19

+++ b/ubuntu/ndiswrapper/iw_ndis.c

20

@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, int ssid_len)

21

 	req.length = ssid_len;

22

 	if (ssid_len)

23

 		memcpy(&req.essid, ssid, ssid_len);

24

-	DBG_BLOCK(2) {

25

-		char buf[NDIS_ESSID_MAX_SIZE+1];

26

-		memcpy(buf, ssid, ssid_len);

27

-		buf[ssid_len] = 0;

28

-		TRACE2("ssid = '%s'", buf);

29

-	}

30

+	TRACE2("ssid = '%.*s'", ssid_len, ssid);

31

32

 	res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req));

33

 	if (res) {

34

@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct iw_request_info *info,

35

 		EXIT2(return -EOPNOTSUPP);

36

}

37

 	memcpy(extra, req.essid, req.length);

38

-	extra[req.length] = 0;

39

 	if (req.length > 0)

40

 		wrqu->essid.flags  = 1;

41

 	else

42

@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct iw_request_info *info,

43

44

 	if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0)

45

 		return -EINVAL;

46

-	memset(wnd->nick, 0, sizeof(wnd->nick));

47

+	wnd->nick_len = wrqu->data.length;

48

 	memcpy(wnd->nick, extra, wrqu->data.length);

49

 	return 0;

50

}

51

@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct iw_request_info *info,

52

{

53

 	struct ndis_device *wnd = netdev_priv(dev);

54

55

-	wrqu->data.length = strlen(wnd->nick);

56

+	wrqu->data.length = wnd->nick_len;

57

 	memcpy(extra, wnd->nick, wrqu->data.length);

58

 	return 0;

59

}

60

diff --git a/ubuntu/ndiswrapper/ndis.h b/ubuntu/ndiswrapper/ndis.h

61

index 27ba99e..65d6b0b 100644

62

--- a/ubuntu/ndiswrapper/ndis.h

63

+++ b/ubuntu/ndiswrapper/ndis.h

64

@@ -878,6 +878,7 @@ struct ndis_device {

65

 	unsigned long scan_timestamp;

66

 	struct encr_info encr_info;

67

 	char nick[IW_ESSID_MAX_SIZE];

68

+	size_t nick_len;

69

 	struct ndis_essid essid;

70

 	struct auth_encr_capa capa;

71

 	enum ndis_infrastructure_mode infrastructure_mode;

72

diff --git a/ubuntu/ndiswrapper/proc.c b/ubuntu/ndiswrapper/proc.c

73

index fd5f433..6feff23 100644

74

--- a/ubuntu/ndiswrapper/proc.c

75

+++ b/ubuntu/ndiswrapper/proc.c

76

@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, off_t off,

77

 	p += sprintf(p, "\n");

78

79

 	res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid));

80

-	if (!res) {

81

-		essid.essid[essid.length] = '\0';

82

-		p += sprintf(p, "essid=%s\n", essid.essid);

83

-	}

84

+	if (!res)

85

+		p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid);

86

 	res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status);

87

 	if (!res) {

88

 		typeof(&wnd->encr_info.keys[0]) tx_key;

89

diff --git a/ubuntu/ndiswrapper/wrapndis.c b/ubuntu/ndiswrapper/wrapndis.c

90

index f6e5d46..35ef1cd 100644

91

--- a/ubuntu/ndiswrapper/wrapndis.c

92

+++ b/ubuntu/ndiswrapper/wrapndis.c

93

@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj,

94

 	wnd->attributes = 0;

95

 	wnd->dma_map_count = 0;

96

 	wnd->dma_map_addr = NULL;

97

-	wnd->nick[0] = 0;

98

+	wnd->nick_len = 0;

99

 	init_timer(&wnd->hangcheck_timer);

100

 	wnd->scan_timestamp = 0;

101

 	init_timer(&wnd->iw_stats_timer);

1	peper 08/10/27 12:52:56
2
3	Added: ndiswrapper-CVE-2008-4395.patch
4	Log:
5	Add 1.53-r1 straight to x86. Security bug #239371.
6	(Portage version: 2.2_rc12/cvs/Linux 2.6.26-gentoo x86_64, RepoMan options: --force)
7
8	Revision Changes Path
9	1.1 net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&content-type=text/plain
13
14	Index: ndiswrapper-CVE-2008-4395.patch
15	===================================================================
16	diff --git a/ubuntu/ndiswrapper/iw_ndis.c b/ubuntu/ndiswrapper/iw_ndis.c
17	index b114ef6..01d3751 100644
18	--- a/ubuntu/ndiswrapper/iw_ndis.c
19	+++ b/ubuntu/ndiswrapper/iw_ndis.c
20	@@ -47,12 +47,7 @@ int set_essid(struct ndis_device wnd, const char ssid, int ssid_len)
21	req.length = ssid_len;
22	if (ssid_len)
23	memcpy(&req.essid, ssid, ssid_len);
24	- DBG_BLOCK(2) {
25	- char buf[NDIS_ESSID_MAX_SIZE+1];
26	- memcpy(buf, ssid, ssid_len);
27	- buf[ssid_len] = 0;
28	- TRACE2("ssid = '%s'", buf);
29	- }
30	+ TRACE2("ssid = '%.*s'", ssid_len, ssid);
31
32	res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req));
33	if (res) {
34	@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device dev, struct iw_request_info info,
35	EXIT2(return -EOPNOTSUPP);
36	}
37	memcpy(extra, req.essid, req.length);
38	- extra[req.length] = 0;
39	if (req.length > 0)
40	wrqu->essid.flags = 1;
41	else
42	@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device dev, struct iw_request_info info,
43
44	if (wrqu->data.length > IW_ESSID_MAX_SIZE \|\| wrqu->data.length <= 0)
45	return -EINVAL;
46	- memset(wnd->nick, 0, sizeof(wnd->nick));
47	+ wnd->nick_len = wrqu->data.length;
48	memcpy(wnd->nick, extra, wrqu->data.length);
49	return 0;
50	}
51	@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device dev, struct iw_request_info info,
52	{
53	struct ndis_device *wnd = netdev_priv(dev);
54
55	- wrqu->data.length = strlen(wnd->nick);
56	+ wrqu->data.length = wnd->nick_len;
57	memcpy(extra, wnd->nick, wrqu->data.length);
58	return 0;
59	}
60	diff --git a/ubuntu/ndiswrapper/ndis.h b/ubuntu/ndiswrapper/ndis.h
61	index 27ba99e..65d6b0b 100644
62	--- a/ubuntu/ndiswrapper/ndis.h
63	+++ b/ubuntu/ndiswrapper/ndis.h
64	@@ -878,6 +878,7 @@ struct ndis_device {
65	unsigned long scan_timestamp;
66	struct encr_info encr_info;
67	char nick[IW_ESSID_MAX_SIZE];
68	+ size_t nick_len;
69	struct ndis_essid essid;
70	struct auth_encr_capa capa;
71	enum ndis_infrastructure_mode infrastructure_mode;
72	diff --git a/ubuntu/ndiswrapper/proc.c b/ubuntu/ndiswrapper/proc.c
73	index fd5f433..6feff23 100644
74	--- a/ubuntu/ndiswrapper/proc.c
75	+++ b/ubuntu/ndiswrapper/proc.c
76	@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char page, char *start, off_t off,
77	p += sprintf(p, "\n");
78
79	res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid));
80	- if (!res) {
81	- essid.essid[essid.length] = '\0';
82	- p += sprintf(p, "essid=%s\n", essid.essid);
83	- }
84	+ if (!res)
85	+ p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid);
86	res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status);
87	if (!res) {
88	typeof(&wnd->encr_info.keys[0]) tx_key;
89	diff --git a/ubuntu/ndiswrapper/wrapndis.c b/ubuntu/ndiswrapper/wrapndis.c
90	index f6e5d46..35ef1cd 100644
91	--- a/ubuntu/ndiswrapper/wrapndis.c
92	+++ b/ubuntu/ndiswrapper/wrapndis.c
93	@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj,
94	wnd->attributes = 0;
95	wnd->dma_map_count = 0;
96	wnd->dma_map_addr = NULL;
97	- wnd->nick[0] = 0;
98	+ wnd->nick_len = 0;
99	init_timer(&wnd->hangcheck_timer);
100	wnd->scan_timestamp = 0;
101	init_timer(&wnd->iw_stats_timer);

Gentoo Archives: gentoo-commits