diff options
Diffstat (limited to 'abs/core-testing/ndiswrapper/ndiswrapper-CVE-2008-4395.patch')
-rw-r--r-- | abs/core-testing/ndiswrapper/ndiswrapper-CVE-2008-4395.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/abs/core-testing/ndiswrapper/ndiswrapper-CVE-2008-4395.patch b/abs/core-testing/ndiswrapper/ndiswrapper-CVE-2008-4395.patch new file mode 100644 index 0000000..53682e0 --- /dev/null +++ b/abs/core-testing/ndiswrapper/ndiswrapper-CVE-2008-4395.patch @@ -0,0 +1,86 @@ +diff --git a/ubuntu/ndiswrapper/iw_ndis.c b/ubuntu/ndiswrapper/iw_ndis.c +index b114ef6..01d3751 100644 +--- a/ubuntu/ndiswrapper/iw_ndis.c ++++ b/ubuntu/ndiswrapper/iw_ndis.c +@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, int ssid_len) + req.length = ssid_len; + if (ssid_len) + memcpy(&req.essid, ssid, ssid_len); +- DBG_BLOCK(2) { +- char buf[NDIS_ESSID_MAX_SIZE+1]; +- memcpy(buf, ssid, ssid_len); +- buf[ssid_len] = 0; +- TRACE2("ssid = '%s'", buf); +- } ++ TRACE2("ssid = '%.*s'", ssid_len, ssid); + + res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req)); + if (res) { +@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct iw_request_info *info, + EXIT2(return -EOPNOTSUPP); + } + memcpy(extra, req.essid, req.length); +- extra[req.length] = 0; + if (req.length > 0) + wrqu->essid.flags = 1; + else +@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct iw_request_info *info, + + if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0) + return -EINVAL; +- memset(wnd->nick, 0, sizeof(wnd->nick)); ++ wnd->nick_len = wrqu->data.length; + memcpy(wnd->nick, extra, wrqu->data.length); + return 0; + } +@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct iw_request_info *info, + { + struct ndis_device *wnd = netdev_priv(dev); + +- wrqu->data.length = strlen(wnd->nick); ++ wrqu->data.length = wnd->nick_len; + memcpy(extra, wnd->nick, wrqu->data.length); + return 0; + } +diff --git a/ubuntu/ndiswrapper/ndis.h b/ubuntu/ndiswrapper/ndis.h +index 27ba99e..65d6b0b 100644 +--- a/ubuntu/ndiswrapper/ndis.h ++++ b/ubuntu/ndiswrapper/ndis.h +@@ -878,6 +878,7 @@ struct ndis_device { + unsigned long scan_timestamp; + struct encr_info encr_info; + char nick[IW_ESSID_MAX_SIZE]; ++ size_t nick_len; + struct ndis_essid essid; + struct auth_encr_capa capa; + enum ndis_infrastructure_mode infrastructure_mode; +diff --git a/ubuntu/ndiswrapper/proc.c b/ubuntu/ndiswrapper/proc.c +index fd5f433..6feff23 100644 +--- a/ubuntu/ndiswrapper/proc.c ++++ b/ubuntu/ndiswrapper/proc.c +@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, off_t off, + p += sprintf(p, "\n"); + + res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid)); +- if (!res) { +- essid.essid[essid.length] = '\0'; +- p += sprintf(p, "essid=%s\n", essid.essid); +- } ++ if (!res) ++ p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid); + res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status); + if (!res) { + typeof(&wnd->encr_info.keys[0]) tx_key; +diff --git a/ubuntu/ndiswrapper/wrapndis.c b/ubuntu/ndiswrapper/wrapndis.c +index f6e5d46..35ef1cd 100644 +--- a/ubuntu/ndiswrapper/wrapndis.c ++++ b/ubuntu/ndiswrapper/wrapndis.c +@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj, + wnd->attributes = 0; + wnd->dma_map_count = 0; + wnd->dma_map_addr = NULL; +- wnd->nick[0] = 0; ++ wnd->nick_len = 0; + init_timer(&wnd->hangcheck_timer); + wnd->scan_timestamp = 0; + init_timer(&wnd->iw_stats_timer); |