1 |
peper 08/10/27 12:52:56 |
2 |
|
3 |
Added: ndiswrapper-CVE-2008-4395.patch |
4 |
Log: |
5 |
Add 1.53-r1 straight to x86. Security bug #239371. |
6 |
(Portage version: 2.2_rc12/cvs/Linux 2.6.26-gentoo x86_64, RepoMan options: --force) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: ndiswrapper-CVE-2008-4395.patch |
15 |
=================================================================== |
16 |
diff --git a/ubuntu/ndiswrapper/iw_ndis.c b/ubuntu/ndiswrapper/iw_ndis.c |
17 |
index b114ef6..01d3751 100644 |
18 |
--- a/ubuntu/ndiswrapper/iw_ndis.c |
19 |
+++ b/ubuntu/ndiswrapper/iw_ndis.c |
20 |
@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, int ssid_len) |
21 |
req.length = ssid_len; |
22 |
if (ssid_len) |
23 |
memcpy(&req.essid, ssid, ssid_len); |
24 |
- DBG_BLOCK(2) { |
25 |
- char buf[NDIS_ESSID_MAX_SIZE+1]; |
26 |
- memcpy(buf, ssid, ssid_len); |
27 |
- buf[ssid_len] = 0; |
28 |
- TRACE2("ssid = '%s'", buf); |
29 |
- } |
30 |
+ TRACE2("ssid = '%.*s'", ssid_len, ssid); |
31 |
|
32 |
res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req)); |
33 |
if (res) { |
34 |
@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct iw_request_info *info, |
35 |
EXIT2(return -EOPNOTSUPP); |
36 |
} |
37 |
memcpy(extra, req.essid, req.length); |
38 |
- extra[req.length] = 0; |
39 |
if (req.length > 0) |
40 |
wrqu->essid.flags = 1; |
41 |
else |
42 |
@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct iw_request_info *info, |
43 |
|
44 |
if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0) |
45 |
return -EINVAL; |
46 |
- memset(wnd->nick, 0, sizeof(wnd->nick)); |
47 |
+ wnd->nick_len = wrqu->data.length; |
48 |
memcpy(wnd->nick, extra, wrqu->data.length); |
49 |
return 0; |
50 |
} |
51 |
@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct iw_request_info *info, |
52 |
{ |
53 |
struct ndis_device *wnd = netdev_priv(dev); |
54 |
|
55 |
- wrqu->data.length = strlen(wnd->nick); |
56 |
+ wrqu->data.length = wnd->nick_len; |
57 |
memcpy(extra, wnd->nick, wrqu->data.length); |
58 |
return 0; |
59 |
} |
60 |
diff --git a/ubuntu/ndiswrapper/ndis.h b/ubuntu/ndiswrapper/ndis.h |
61 |
index 27ba99e..65d6b0b 100644 |
62 |
--- a/ubuntu/ndiswrapper/ndis.h |
63 |
+++ b/ubuntu/ndiswrapper/ndis.h |
64 |
@@ -878,6 +878,7 @@ struct ndis_device { |
65 |
unsigned long scan_timestamp; |
66 |
struct encr_info encr_info; |
67 |
char nick[IW_ESSID_MAX_SIZE]; |
68 |
+ size_t nick_len; |
69 |
struct ndis_essid essid; |
70 |
struct auth_encr_capa capa; |
71 |
enum ndis_infrastructure_mode infrastructure_mode; |
72 |
diff --git a/ubuntu/ndiswrapper/proc.c b/ubuntu/ndiswrapper/proc.c |
73 |
index fd5f433..6feff23 100644 |
74 |
--- a/ubuntu/ndiswrapper/proc.c |
75 |
+++ b/ubuntu/ndiswrapper/proc.c |
76 |
@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, off_t off, |
77 |
p += sprintf(p, "\n"); |
78 |
|
79 |
res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid)); |
80 |
- if (!res) { |
81 |
- essid.essid[essid.length] = '\0'; |
82 |
- p += sprintf(p, "essid=%s\n", essid.essid); |
83 |
- } |
84 |
+ if (!res) |
85 |
+ p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid); |
86 |
res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status); |
87 |
if (!res) { |
88 |
typeof(&wnd->encr_info.keys[0]) tx_key; |
89 |
diff --git a/ubuntu/ndiswrapper/wrapndis.c b/ubuntu/ndiswrapper/wrapndis.c |
90 |
index f6e5d46..35ef1cd 100644 |
91 |
--- a/ubuntu/ndiswrapper/wrapndis.c |
92 |
+++ b/ubuntu/ndiswrapper/wrapndis.c |
93 |
@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj, |
94 |
wnd->attributes = 0; |
95 |
wnd->dma_map_count = 0; |
96 |
wnd->dma_map_addr = NULL; |
97 |
- wnd->nick[0] = 0; |
98 |
+ wnd->nick_len = 0; |
99 |
init_timer(&wnd->hangcheck_timer); |
100 |
wnd->scan_timestamp = 0; |
101 |
init_timer(&wnd->iw_stats_timer); |