Fedora 7 - WPA2 - wpa_supplicant segfault

[Jon Escombe <lists dresco co uk>]

Whilst not strictly a NM problem, am posting here as (a) Dan's follows 
this list and (b) I'd expect this to hit other NM users.

After upgrading from FC6 to F7, I noticed that I was unable to connect 
to my office WPA2 network. With some digging, I traced the problem to 
wpa_supplicant segfaulting as when it tries to hexdump a large RX EAPOL 
frame.

This is caused by the redhat wpa_supplicant-0.5.7-use-syslog.patch 
overflowing a 2KBoutput buffer. The frame that's causing the error for 
me is 1400 bytes. When displayed in a "RX EAPOL - hexdump(len=1400): 00 
00 00" string, this requires a little over 4KB. This patch in this mail 
just increases the buffer size to 8KB, however I suspect there ought to 
be some boundary checking going on.

Dan, is reporting here sufficient, or would a bugzilla entry help get 
this fixed?

Regards,
Jon.

--- wpa_supplicant-0.5.7-use-syslog.patch.original
+++ wpa_supplicant-0.5.7-use-syslog.patch
@@ -125,7 +125,7 @@
 void wpa_printf(int level, char *fmt, ...)
 {
       va_list ap;
-+      char out_buf[2048];
++      char out_buf[8192];
+      char * p = &out_buf[0];

       va_start(ap, fmt);
@@ -159,7 +159,7 @@
                        size_t len, int show)
 {
       size_t i;
-+      char out_buf[2048];
++      char out_buf[8192];
+      char * p = &out_buf[0];
+
       if (level < wpa_debug_level)
@@ -215,7 +215,7 @@
       size_t i, llen;
       const u8 *pos = buf;
       const size_t line_len = 16;
-+      char out_buf[2048];
++      char out_buf[8192];
+      char * p = &out_buf[0];

       if (level < wpa_debug_level)