ndiswrapper-1.53-6-i686
authorMiklos Vajna <vmiklos@frugalware.org>
Mon, 13 Oct 2008 22:00:19 +0000 (00:00 +0200)
committerMiklos Vajna <vmiklos@frugalware.org>
Mon, 13 Oct 2008 22:01:10 +0000 (00:01 +0200)
- add CVE-2008-4395.patch
- closes #3383

source/network/ndiswrapper/CVE-2008-4395.patch [new file with mode: 0644]
source/network/ndiswrapper/FrugalBuild

diff --git a/source/network/ndiswrapper/CVE-2008-4395.patch b/source/network/ndiswrapper/CVE-2008-4395.patch
new file mode 100644 (file)
index 0000000..4ad12f2
--- /dev/null
@@ -0,0 +1,86 @@
+diff --git a/driver/iw_ndis.c b/driver/iw_ndis.c
+index b114ef6..01d3751 100644
+--- a/driver/iw_ndis.c
++++ b/driver/iw_ndis.c
+@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, int ssid_len)
+       req.length = ssid_len;
+       if (ssid_len)
+               memcpy(&req.essid, ssid, ssid_len);
+-      DBG_BLOCK(2) {
+-              char buf[NDIS_ESSID_MAX_SIZE+1];
+-              memcpy(buf, ssid, ssid_len);
+-              buf[ssid_len] = 0;
+-              TRACE2("ssid = '%s'", buf);
+-      }
++      TRACE2("ssid = '%.*s'", ssid_len, ssid);
+       res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req));
+       if (res) {
+@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct iw_request_info *info,
+               EXIT2(return -EOPNOTSUPP);
+       }
+       memcpy(extra, req.essid, req.length);
+-      extra[req.length] = 0;
+       if (req.length > 0)
+               wrqu->essid.flags  = 1;
+       else
+@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct iw_request_info *info,
+       if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0)
+               return -EINVAL;
+-      memset(wnd->nick, 0, sizeof(wnd->nick));
++      wnd->nick_len = wrqu->data.length;
+       memcpy(wnd->nick, extra, wrqu->data.length);
+       return 0;
+ }
+@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct iw_request_info *info,
+ {
+       struct ndis_device *wnd = netdev_priv(dev);
+-      wrqu->data.length = strlen(wnd->nick);
++      wrqu->data.length = wnd->nick_len;
+       memcpy(extra, wnd->nick, wrqu->data.length);
+       return 0;
+ }
+diff --git a/driver/ndis.h b/driver/ndis.h
+index 27ba99e..65d6b0b 100644
+--- a/driver/ndis.h
++++ b/driver/ndis.h
+@@ -878,6 +878,7 @@ struct ndis_device {
+       unsigned long scan_timestamp;
+       struct encr_info encr_info;
+       char nick[IW_ESSID_MAX_SIZE];
++      size_t nick_len;
+       struct ndis_essid essid;
+       struct auth_encr_capa capa;
+       enum ndis_infrastructure_mode infrastructure_mode;
+diff --git a/driver/proc.c b/driver/proc.c
+index fd5f433..6feff23 100644
+--- a/driver/proc.c
++++ b/driver/proc.c
+@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, off_t off,
+       p += sprintf(p, "\n");
+       res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid));
+-      if (!res) {
+-              essid.essid[essid.length] = '\0';
+-              p += sprintf(p, "essid=%s\n", essid.essid);
+-      }
++      if (!res)
++              p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid);
+       res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status);
+       if (!res) {
+               typeof(&wnd->encr_info.keys[0]) tx_key;
+diff --git a/driver/wrapndis.c b/driver/wrapndis.c
+index f6e5d46..35ef1cd 100644
+--- a/driver/wrapndis.c
++++ b/driver/wrapndis.c
+@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj,
+       wnd->attributes = 0;
+       wnd->dma_map_count = 0;
+       wnd->dma_map_addr = NULL;
+-      wnd->nick[0] = 0;
++      wnd->nick_len = 0;
+       init_timer(&wnd->hangcheck_timer);
+       wnd->scan_timestamp = 0;
+       init_timer(&wnd->iw_stats_timer);
index d8abcb4..29a9c84 100644 (file)
@@ -4,17 +4,19 @@
 
 pkgname=ndiswrapper
 pkgver=1.53
-pkgrel=5
+pkgrel=6
 pkgdesc="Wrapper for using Windows drivers for some wireless cards"
 _F_kernelmod_scriptlet=$pkgname.install
 Finclude kernel-module sourceforge
 depends=(${depends[@]} 'pciutils' 'wireless_tools')
 groups=('network')
 archs=('i686' 'x86_64')
-source=(${source[@]} README.Frugalware ndiswrapper-detect-fix-x86_64.patch)
+source=(${source[@]} README.Frugalware ndiswrapper-detect-fix-x86_64.patch \
+       CVE-2008-4395.patch)
 sha1sums=('0d27b2f1d59d6d4bcb6b384cab946f99cb1889d7' \
           'c3f24143cb9814326a2c0c3cbc8d58d953bac268' \
-          '7e46cc4bb72520d911f256748e8c3936498f001b')
+          '7e46cc4bb72520d911f256748e8c3936498f001b' \
+          'f443895af426f77cb32197bd81fbb81a42742c58')
 
 build()
 {