Re: Fedora 7 - WPA2 - wpa_supplicant segfault

From: Dan Williams <dcbw redhat com>
To: Volker Braun <volker braun physik hu-berlin de>
Cc: networkmanager-list gnome org
Subject: Re: Fedora 7 - WPA2 - wpa_supplicant segfault
Date: Mon, 04 Jun 2007 16:11:51 -0400

On Sat, 2007-06-02 at 17:15 +0000, Volker Braun wrote:
> The original wpa_supplicant-0.5.7-use-syslog.patch is horrible, that is a 
> wifi-remote exploit waiting to happen. Great that you caught that! 
> Somebody needs to rewrite this atrocity without sprinkling sprintf 
> around... I think you should file an urgent RH bugzilla asap.

The upstream code isn't exactly conducive the a better implementation
without rewriting half of it; but beyond that I suck for not using
vsnprintf/snprintf in the first place.

Dan

> Volker
> 
> 
> On Sat, 02 Jun 2007 10:07:15 +0100, Jon Escombe wrote:
> > This is caused by the redhat wpa_supplicant-0.5.7-use-syslog.patch
> > overflowing a 2KBoutput buffer. The frame that's causing the error for
> > me is 1400 bytes. When displayed in a "RX EAPOL - hexdump(len=1400): 00
> > 00 00" string, this requires a little over 4KB. This patch in this mail
> > just increases the buffer size to 8KB, however I suspect there ought to
> > be some boundary checking going on.
> > Dan, is reporting here sufficient, or would a bugzilla entry help get
> > this fixed?
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- Fedora 7 - WPA2 - wpa_supplicant segfault
  - From: Jon Escombe
- Re: Fedora 7 - WPA2 - wpa_supplicant segfault
  - From: Volker Braun

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]