[Bug 138873] Re: "*** stack smashing detected ***: /sbin/wpa_supplicant terminated" with iwl4965

Reinhard Tartler siretart
Sat Sep 15 00:18:24 PDT 2007


Kees Cook <kees at ubuntu.com> writes:

> wpasupplicant (0.6.0-3ubuntu1~ppa1) gutsy; urgency=low
>
>   * Add debian/patches/90_fix_wext_tsf_stack_overflow.dpatch: correct
>     buffer size limit on hexstr2bin call from wext_get_scan_custom
>     (LP: #138873).
>
>  -- Kees Cook <kees at ubuntu.com>   Fri, 14 Sep 2007 23:08:25 -0700

The file debian/patches/90_fix_wext_tsf_stack_overflow.dpatch has the
following contents:

diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c wpasupplicant-0.6.0/src/drivers/driver_wext.c
--- wpasupplicant-0.6.0~/src/drivers/driver_wext.c      2007-05-28 10:26:55.000000000 -0700
+++ wpasupplicant-0.6.0/src/drivers/driver_wext.c       2007-09-14 23:07:24.217713592 -0700
@@ -1380,6 +1380,7 @@
                        wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
                        return;
                }
+               bytes /= 2;
                hexstr2bin(spos, bin, bytes);
                res->tsf += WPA_GET_BE64(bin);

Can you please comment on it?
The complete query for this bugtrail can be found at here:

https://launchpad.net/bugs/138873

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4




More information about the Hostap mailing list