Package: wpasupplicant Version: 0.6.9-2 Severity: important Tags: security Hi,
your syslog patch changes _wpa_hexdump() to create the debug string in a local buffer on the stack before emitting it - however you boldly assume that 2048B "should be enough for everyone". When connecting to a WPA-EAP network here, my network card receives a 1028B packet during the handshake, which *easily* exceeds the 2048B for the hexdump string and smashes the stack. Maybe you should take the input length into account? Regards, Jan
signature.asc
Description: Digital signature
