[Frugalware-git] kernel2627: ndiswrapper-1.53-6-i686

Tue, 14 Oct 2008 14:40:57 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=kernel2627.git;a=commitdiff;h=f009920468eb8c7c075d196a06ef495955042f3f

commit f009920468eb8c7c075d196a06ef495955042f3f
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date:   Tue Oct 14 00:00:19 2008 +0200

ndiswrapper-1.53-6-i686

- add CVE-2008-4395.patch
- closes #3383
(cherry picked from commit 49945b423c2f7e33b4c579ca460df6a806ee8f9f)

diff --git a/source/network/ndiswrapper/CVE-2008-4395.patch 
b/source/network/ndiswrapper/CVE-2008-4395.patch
new file mode 100644
index 0000000..4ad12f2
--- /dev/null
+++ b/source/network/ndiswrapper/CVE-2008-4395.patch
@@ -0,0 +1,86 @@
+diff --git a/driver/iw_ndis.c b/driver/iw_ndis.c
+index b114ef6..01d3751 100644
+--- a/driver/iw_ndis.c
++++ b/driver/iw_ndis.c
+@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, 
int ssid_len)
+       req.length = ssid_len;
+       if (ssid_len)
+               memcpy(&req.essid, ssid, ssid_len);
+-      DBG_BLOCK(2) {
+-              char buf[NDIS_ESSID_MAX_SIZE+1];
+-              memcpy(buf, ssid, ssid_len);
+-              buf[ssid_len] = 0;
+-              TRACE2("ssid = '%s'", buf);
+-      }
++      TRACE2("ssid = '%.*s'", ssid_len, ssid);
+
+       res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req));
+       if (res) {
+@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct 
iw_request_info *info,
+               EXIT2(return -EOPNOTSUPP);
+       }
+       memcpy(extra, req.essid, req.length);
+-      extra[req.length] = 0;
+       if (req.length > 0)
+               wrqu->essid.flags  = 1;
+       else
+@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct 
iw_request_info *info,
+
+       if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0)
+               return -EINVAL;
+-      memset(wnd->nick, 0, sizeof(wnd->nick));
++      wnd->nick_len = wrqu->data.length;
+       memcpy(wnd->nick, extra, wrqu->data.length);
+       return 0;
+ }
+@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct 
iw_request_info *info,
+ {
+       struct ndis_device *wnd = netdev_priv(dev);
+
+-      wrqu->data.length = strlen(wnd->nick);
++      wrqu->data.length = wnd->nick_len;
+       memcpy(extra, wnd->nick, wrqu->data.length);
+       return 0;
+ }
+diff --git a/driver/ndis.h b/driver/ndis.h
+index 27ba99e..65d6b0b 100644
+--- a/driver/ndis.h
++++ b/driver/ndis.h
+@@ -878,6 +878,7 @@ struct ndis_device {
+       unsigned long scan_timestamp;
+       struct encr_info encr_info;
+       char nick[IW_ESSID_MAX_SIZE];
++      size_t nick_len;
+       struct ndis_essid essid;
+       struct auth_encr_capa capa;
+       enum ndis_infrastructure_mode infrastructure_mode;
+diff --git a/driver/proc.c b/driver/proc.c
+index fd5f433..6feff23 100644
+--- a/driver/proc.c
++++ b/driver/proc.c
+@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, 
off_t off,
+       p += sprintf(p, "\n");
+
+       res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid));
+-      if (!res) {
+-              essid.essid[essid.length] = '\0';
+-              p += sprintf(p, "essid=%s\n", essid.essid);
+-      }
++      if (!res)
++              p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid);
+       res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status);
+       if (!res) {
+               typeof(&wnd->encr_info.keys[0]) tx_key;
+diff --git a/driver/wrapndis.c b/driver/wrapndis.c
+index f6e5d46..35ef1cd 100644
+--- a/driver/wrapndis.c
++++ b/driver/wrapndis.c
+@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct 
driver_object *drv_obj,
+       wnd->attributes = 0;
+       wnd->dma_map_count = 0;
+       wnd->dma_map_addr = NULL;
+-      wnd->nick[0] = 0;
++      wnd->nick_len = 0;
+       init_timer(&wnd->hangcheck_timer);
+       wnd->scan_timestamp = 0;
+       init_timer(&wnd->iw_stats_timer);
diff --git a/source/network/ndiswrapper/FrugalBuild 
b/source/network/ndiswrapper/FrugalBuild
index d8abcb4..29a9c84 100644
--- a/source/network/ndiswrapper/FrugalBuild
+++ b/source/network/ndiswrapper/FrugalBuild
@@ -4,17 +4,19 @@

pkgname=ndiswrapper
pkgver=1.53
-pkgrel=5
+pkgrel=6
pkgdesc="Wrapper for using Windows drivers for some wireless cards"
_F_kernelmod_scriptlet=$pkgname.install
Finclude kernel-module sourceforge
depends=([EMAIL PROTECTED] 'pciutils' 'wireless_tools')
groups=('network')
archs=('i686' 'x86_64')
-source=([EMAIL PROTECTED] README.Frugalware 
ndiswrapper-detect-fix-x86_64.patch)
+source=([EMAIL PROTECTED] README.Frugalware 
ndiswrapper-detect-fix-x86_64.patch \
+       CVE-2008-4395.patch)
sha1sums=('0d27b2f1d59d6d4bcb6b384cab946f99cb1889d7' \
'c3f24143cb9814326a2c0c3cbc8d58d953bac268' \
-          '7e46cc4bb72520d911f256748e8c3936498f001b')
+          '7e46cc4bb72520d911f256748e8c3936498f001b' \
+          'f443895af426f77cb32197bd81fbb81a42742c58')

build()
{
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to