Mailinglist Archive: opensuse-commit (554 mails)

< Previous Next >
commit madwifi
  • From: root@xxxxxxx (h_root)
  • Date: Thu, 14 Dec 2006 02:00:29 +0100 (CET)
  • Message-id: <20061214010029.35C191AA667@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package madwifi
checked in at Thu Dec 14 02:00:28 CET 2006.

--------
--- arch/i386/madwifi/madwifi.changes 2006-07-31 12:36:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/madwifi/madwifi.changes 2006-12-14 01:44:19.000000000 +0100
@@ -1,0 +2,10 @@
+Fri Dec 8 20:10:45 CET 2006 - jg@xxxxxxx
+
+- fixed potential crash (bug 226821)
+
+-------------------------------------------------------------------
+Fri Dec 8 10:03:26 CET 2006 - jg@xxxxxxx
+
+- update to 0.9.2.1, fixes remote root exploit (bug 226821)
+
+-------------------------------------------------------------------

Old:
----
madwifi-0.9.2.tar.bz2

New:
----
madwifi-0.9.2.1.tar.bz2
madwifi-crashfix.dif

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ madwifi.spec ++++++
--- /var/tmp/diff_new_pack.cqXIzu/_old 2006-12-14 02:00:08.000000000 +0100
+++ /var/tmp/diff_new_pack.cqXIzu/_new 2006-12-14 02:00:08.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package madwifi (Version 0.9.2)
+# spec file for package madwifi (Version 0.9.2.1)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -13,15 +13,16 @@
Name: madwifi
BuildRequires: kernel-source kernel-syms sharutils
Summary: Tools for configuring atheros cards
-Version: 0.9.2
+Version: 0.9.2.1
Release: 1
Group: Hardware/Other
-License: BSD
+License: BSD License and BSD-like
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://madwifi.org/
Autoreqprov: on
Source: madwifi-%{version}.tar.bz2
Patch: madwifi.dif
+Patch1: madwifi-crashfix.dif
ExclusiveArch: %ix86 x86_64
%suse_kernel_module_package -n madwifi kdump um

@@ -37,7 +38,7 @@

%package devel
Group: Hardware/Other
-License: BSD
+License: BSD License and BSD-like
Summary: Tools for configuring atheros cards

%description devel
@@ -52,7 +53,7 @@

%package -n madwifi-KMP
Group: System/Kernel
-License: Other License(s), see package, BSD
+License: BSD License and BSD-like, Other License(s), see package
Summary: kernel modules for atheros cards

%description -n madwifi-KMP
@@ -68,6 +69,7 @@
%prep
%setup -n madwifi-%{version}
%patch -p1
+%patch1 -p1
echo "#define SVNVERSION \"%{version}\"" > svnversion.h

%build
@@ -111,6 +113,10 @@
%{_includedir}/%{name}-%{version}

%changelog -n madwifi
+* Fri Dec 08 2006 - jg@xxxxxxx
+- fixed potential crash (bug 226821)
+* Fri Dec 08 2006 - jg@xxxxxxx
+- update to 0.9.2.1, fixes remote root exploit (bug 226821)
* Mon Jul 31 2006 - jg@xxxxxxx
- update to version 0.9.2:
* several bugs related to scanning have been fixed

++++++ madwifi-0.9.2.tar.bz2 -> madwifi-0.9.2.1.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/madwifi-0.9.2/net80211/ieee80211_wireless.c new/madwifi-0.9.2.1/net80211/ieee80211_wireless.c
--- old/madwifi-0.9.2/net80211/ieee80211_wireless.c 2006-07-06 05:23:08.000000000 +0200
+++ new/madwifi-0.9.2.1/net80211/ieee80211_wireless.c 2006-12-07 14:47:17.000000000 +0100
@@ -33,7 +33,7 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGES.
*
- * $Id: ieee80211_wireless.c 1676 2006-07-06 03:23:08Z brian $
+ * $Id: ieee80211_wireless.c 1843 2006-12-07 13:47:17Z mrenzmann $
*/

/*
@@ -1555,6 +1555,8 @@
memcpy(p, leader, leader_len);
bufsize -= leader_len;
p += leader_len;
+ if (bufsize < ielen)
+ return 0;
for (i = 0; i < ielen && bufsize > 2; i++)
p += sprintf(p, "%02x", ie[i]);
return (i == ielen ? p - (u_int8_t *)buf : 0);
@@ -1576,7 +1578,8 @@
char *current_ev = req->current_ev;
char *end_buf = req->end_buf;
#if WIRELESS_EXT > 14
- char buf[64 * 2 + 30];
+#define MAX_IE_LENGTH 64 * 2 + 30
+ char buf[MAX_IE_LENGTH];
#endif
struct iw_event iwe;
char *current_val;
@@ -1678,6 +1681,8 @@
if (se->se_rsn_ie != NULL) {
#ifdef IWEVGENIE
memset(&iwe, 0, sizeof(iwe));
+ if ((se->se_rsn_ie[1] + 2) > MAX_IE_LENGTH)
+ return;
memcpy(buf, se->se_rsn_ie, se->se_rsn_ie[1] + 2);
iwe.cmd = IWEVGENIE;
iwe.u.data.length = se->se_rsn_ie[1] + 2;
@@ -1698,6 +1703,8 @@
if (se->se_wpa_ie != NULL) {
#ifdef IWEVGENIE
memset(&iwe, 0, sizeof(iwe));
+ if ((se->se_wpa_ie[1] + 2) > MAX_IE_LENGTH)
+ return;
memcpy(buf, se->se_wpa_ie, se->se_wpa_ie[1] + 2);
iwe.cmd = IWEVGENIE;
iwe.u.data.length = se->se_wpa_ie[1] + 2;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/madwifi-0.9.2/release.h new/madwifi-0.9.2.1/release.h
--- old/madwifi-0.9.2/release.h 2006-07-27 14:25:13.000000000 +0200
+++ new/madwifi-0.9.2.1/release.h 2006-12-07 14:47:17.000000000 +0100
@@ -33,7 +33,7 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGES.
*
- * $Id: release.h 1694 2006-07-27 12:25:13Z mrenzmann $
+ * $Id: release.h 1843 2006-12-07 13:47:17Z mrenzmann $
*/

#define RELEASE_TYPE "RELEASE"
@@ -41,5 +41,5 @@
#ifdef SVNVERSION
#define RELEASE_VERSION SVNVERSION
#else
-#define RELEASE_VERSION "0.9.2"
+#define RELEASE_VERSION "0.9.2.1"
#endif

++++++ madwifi-crashfix.dif ++++++
Index: madwifi-0.9.2.1/net80211/ieee80211_wireless.c
===================================================================
--- madwifi-0.9.2.1.orig/net80211/ieee80211_wireless.c
+++ madwifi-0.9.2.1/net80211/ieee80211_wireless.c
@@ -1555,10 +1555,10 @@ encode_ie(void *buf, size_t bufsize, con
memcpy(p, leader, leader_len);
bufsize -= leader_len;
p += leader_len;
- if (bufsize < ielen)
- return 0;
- for (i = 0; i < ielen && bufsize > 2; i++)
+ for (i = 0; i < ielen && bufsize > 2; i++) {
p += sprintf(p, "%02x", ie[i]);
+ bufsize -= 2;
+ }
return (i == ielen ? p - (u_int8_t *)buf : 0);
}
#endif /* WIRELESS_EXT > 14 */

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages