SOURCES: ndiswrapper-CVE-2008-4395.patch (NEW) - http://sources.gentoo.org/...

areq areq at pld-linux.org
Sun Nov 16 16:09:03 CET 2008 

Author: areq                         Date: Sun Nov 16 15:09:03 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-wireless/ndiswrapper/files/ndiswrapper-CVE-2008-4395.patch?rev=1.1&view=log 

---- Files affected:
SOURCES:
   ndiswrapper-CVE-2008-4395.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/ndiswrapper-CVE-2008-4395.patch
diff -u /dev/null SOURCES/ndiswrapper-CVE-2008-4395.patch:1.1
--- /dev/null	Sun Nov 16 16:09:04 2008
+++ SOURCES/ndiswrapper-CVE-2008-4395.patch	Sun Nov 16 16:08:58 2008
@@ -0,0 +1,86 @@
+diff --git a/driver/iw_ndis.c b/driver/iw_ndis.c
+index b114ef6..01d3751 100644
+--- a/driver/iw_ndis.c
++++ b/driver/iw_ndis.c
+@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, int ssid_len)
+ 	req.length = ssid_len;
+ 	if (ssid_len)
+ 		memcpy(&req.essid, ssid, ssid_len);
+-	DBG_BLOCK(2) {
+-		char buf[NDIS_ESSID_MAX_SIZE+1];
+-		memcpy(buf, ssid, ssid_len);
+-		buf[ssid_len] = 0;
+-		TRACE2("ssid = '%s'", buf);
+-	}
++	TRACE2("ssid = '%.*s'", ssid_len, ssid);
+ 
+ 	res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req));
+ 	if (res) {
+@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct iw_request_info *info,
+ 		EXIT2(return -EOPNOTSUPP);
+ 	}
+ 	memcpy(extra, req.essid, req.length);
+-	extra[req.length] = 0;
+ 	if (req.length > 0)
+ 		wrqu->essid.flags  = 1;
+ 	else
+@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct iw_request_info *info,
+ 
+ 	if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0)
+ 		return -EINVAL;
+-	memset(wnd->nick, 0, sizeof(wnd->nick));
++	wnd->nick_len = wrqu->data.length;
+ 	memcpy(wnd->nick, extra, wrqu->data.length);
+ 	return 0;
+ }
+@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct iw_request_info *info,
+ {
+ 	struct ndis_device *wnd = netdev_priv(dev);
+ 
+-	wrqu->data.length = strlen(wnd->nick);
++	wrqu->data.length = wnd->nick_len;
+ 	memcpy(extra, wnd->nick, wrqu->data.length);
+ 	return 0;
+ }
+diff --git a/driver/ndis.h b/driver/ndis.h
+index 27ba99e..65d6b0b 100644
+--- a/driver/ndis.h
++++ b/driver/ndis.h
+@@ -878,6 +878,7 @@ struct ndis_device {
+ 	unsigned long scan_timestamp;
+ 	struct encr_info encr_info;
+ 	char nick[IW_ESSID_MAX_SIZE];
++	size_t nick_len;
+ 	struct ndis_essid essid;
+ 	struct auth_encr_capa capa;
+ 	enum ndis_infrastructure_mode infrastructure_mode;
+diff --git a/driver/proc.c b/driver/proc.c
+index fd5f433..6feff23 100644
+--- a/driver/proc.c
++++ b/driver/proc.c
+@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, off_t off,
+ 	p += sprintf(p, "\n");
+ 
+ 	res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid));
+-	if (!res) {
+-		essid.essid[essid.length] = '\0';
+-		p += sprintf(p, "essid=%s\n", essid.essid);
+-	}
++	if (!res)
++		p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid);
+ 	res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status);
+ 	if (!res) {
+ 		typeof(&wnd->encr_info.keys[0]) tx_key;
+diff --git a/driver/wrapndis.c b/driver/wrapndis.c
+index f6e5d46..35ef1cd 100644
+--- a/driver/wrapndis.c
++++ b/driver/wrapndis.c
+@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj,
+ 	wnd->attributes = 0;
+ 	wnd->dma_map_count = 0;
+ 	wnd->dma_map_addr = NULL;
+-	wnd->nick[0] = 0;
++	wnd->nick_len = 0;
+ 	init_timer(&wnd->hangcheck_timer);
+ 	wnd->scan_timestamp = 0;
+ 	init_timer(&wnd->iw_stats_timer);
================================================================

More information about the pld-cvs-commit mailing list