This issue is not present in the upstream 0.6.6 release, i.e., it is introduced by 08_syslog_supplement.patch that Ubuntu 9.04 seems to be using. That patch is seriously broken: it introduces a buffer overflow where a stack buffer is written over due to a fixed size buffer used with sprintf and no bounds checking. The debug functions take in variable length data which may depend on data from external systems (i.e., untrusted systems control what gets written to the stack..). Disabling verbose debugging (i.e., not including -dd on the command line) is likely to be enough to work around this. Anyway, the proper fix would be to either revert that broken patch or fix it to handle variable length (and potentially very long) debug messages.
There is also an upstream case for this (http://w1.fi/bugz/show_bug.cgi?id=317), but that will be closed since this was confirmed to be an issue in debian/ubuntu patches, not upstream releases. ** Bug watch added: w1.fi/bugz/ #317 http://w1.fi/bugz/show_bug.cgi?id=317 -- wpa_supplicant crashes when authenticating https://bugs.launchpad.net/bugs/364781 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
