Re: Fedora 7 - WPA2 - wpa_supplicant segfault

From: Volker Braun <volker braun physik hu-berlin de>
To: networkmanager-list gnome org
Subject: Re: Fedora 7 - WPA2 - wpa_supplicant segfault
Date: Sat, 2 Jun 2007 17:15:10 +0000 (UTC)

The original wpa_supplicant-0.5.7-use-syslog.patch is horrible, that is a 
wifi-remote exploit waiting to happen. Great that you caught that! 
Somebody needs to rewrite this atrocity without sprinkling sprintf 
around... I think you should file an urgent RH bugzilla asap.

Volker

On Sat, 02 Jun 2007 10:07:15 +0100, Jon Escombe wrote:
> This is caused by the redhat wpa_supplicant-0.5.7-use-syslog.patch
> overflowing a 2KBoutput buffer. The frame that's causing the error for
> me is 1400 bytes. When displayed in a "RX EAPOL - hexdump(len=1400): 00
> 00 00" string, this requires a little over 4KB. This patch in this mail
> just increases the buffer size to 8KB, however I suspect there ought to
> be some boundary checking going on.
> Dan, is reporting here sufficient, or would a bugzilla entry help get
> this fixed?

Follow-Ups:
- Re: Fedora 7 - WPA2 - wpa_supplicant segfault
  - From: Dan Williams
- Re: Fedora 7 - WPA2 - wpa_supplicant segfault
  - From: Dan Williams

References:
- Fedora 7 - WPA2 - wpa_supplicant segfault
  - From: Jon Escombe

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]