One year ago I found a security hole in the wifi applet. Which interprets incorrectly the ESSID of the associated accesspoint. This is
sprintf(buf, access_point_name); and should be snprintf(buf, BUFSIZE, "%s", access_point_name); Well these lines are in my mind (not in the maemo code), but i was unable to find the vuln line in the huge number of C files. I report that one year ago in the GUADEC personally to a Nokia developer, but seems that this bugs stills there. Please fix't :) NOTE: I was unable to exploit this bug, but try setting up an accesspoint with name "a%ea" or so :) Have phun --pancake _______________________________________________ maemo-developers mailing list [email protected] https://maemo.org/mailman/listinfo/maemo-developers
