[arch-commits] Commit in ndiswrapper/trunk (PKGBUILD ndiswrapper-CVE-2008-4395.patch)
Tobias Powalowski
tpowa at archlinux.org
Fri Nov 7 09:01:07 UTC 2008
Date: Friday, November 7, 2008 @ 04:00:55
Author: tpowa
Revision: 18549
upgpkg: ndiswrapper 1.53-3
Added:
ndiswrapper/trunk/ndiswrapper-CVE-2008-4395.patch
Modified:
ndiswrapper/trunk/PKGBUILD
---------------------------------+
PKGBUILD | 21 +++++----
ndiswrapper-CVE-2008-4395.patch | 86 ++++++++++++++++++++++++++++++++++++++
2 files changed, 98 insertions(+), 9 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2008-11-07 08:13:11 UTC (rev 18548)
+++ PKGBUILD 2008-11-07 09:00:55 UTC (rev 18549)
@@ -4,7 +4,7 @@
pkgname=ndiswrapper
_kernver=2.6.27-ARCH
pkgver=1.53
-pkgrel=2
+pkgrel=3
pkgdesc="Module for NDIS (Windows Network Drivers) drivers supplied by vendors. For stock arch 2.6 kernel."
license=('GPL')
arch=(i686 x86_64)
@@ -12,21 +12,24 @@
install="ndiswrapper.install"
depends=("ndiswrapper-utils=$pkgver" 'kernel26>=2.6.27' 'kernel26<2.6.28')
source=(http://downloads.sourceforge.net/sourceforge/ndiswrapper/ndiswrapper-$pkgver.tar.gz
- kernel-2.6.27.patch)
+ kernel-2.6.27.patch
+ ndiswrapper-CVE-2008-4395.patch)
md5sums=('393c6e6ab0803963148e18538601cdec'
- 'cd09562c4afdbd20a0237a5e6d976b31')
+ 'cd09562c4afdbd20a0237a5e6d976b31'
+ 'b35e548a0c9eb1395f6f7b434a258ddf')
build()
{
- cd $startdir/src/ndiswrapper-$pkgver/driver
+ cd $srcdir/ndiswrapper-$pkgver/driver
patch -Np1 -i ../../kernel-2.6.27.patch || return 1
+ patch -Np3 -i ../../ndiswrapper-CVE-2008-4395.patch || return 1
make KVERS=$_kernver || return 1
- make DESTDIR=$startdir/pkg KVERS=$_kernver install || return 1
- rm $startdir/pkg/lib/modules/$_kernver/modules.* #wtf?
+ make DESTDIR=$pkgdir KVERS=$_kernver install || return 1
+ rm $pkgdir/lib/modules/$_kernver/modules.* #wtf?
sed -i -e "s/KERNEL_VERSION='.*'/KERNEL_VERSION='${_kernver}'/" $startdir/*.install
# move it to correct kernel directory
- mkdir -p $startdir/pkg/lib/modules/$_kernver/kernel/drivers/net/wireless/ndiswrapper
- mv $startdir/pkg/lib/modules/$_kernver/misc/* $startdir/pkg/lib/modules/$_kernver/kernel/drivers/net/wireless/ndiswrapper/
- rm -r $startdir/pkg/lib/modules/$_kernver/misc/
+ mkdir -p $pkgdir/lib/modules/$_kernver/kernel/drivers/net/wireless/ndiswrapper
+ mv $pkgdir/lib/modules/$_kernver/misc/* $pkgdir/lib/modules/$_kernver/kernel/drivers/net/wireless/ndiswrapper/
+ rm -r $pkgdir/lib/modules/$_kernver/misc/
}
Added: ndiswrapper-CVE-2008-4395.patch
===================================================================
--- ndiswrapper-CVE-2008-4395.patch (rev 0)
+++ ndiswrapper-CVE-2008-4395.patch 2008-11-07 09:00:55 UTC (rev 18549)
@@ -0,0 +1,86 @@
+diff --git a/ubuntu/ndiswrapper/iw_ndis.c b/ubuntu/ndiswrapper/iw_ndis.c
+index b114ef6..01d3751 100644
+--- a/ubuntu/ndiswrapper/iw_ndis.c
++++ b/ubuntu/ndiswrapper/iw_ndis.c
+@@ -47,12 +47,7 @@ int set_essid(struct ndis_device *wnd, const char *ssid, int ssid_len)
+ req.length = ssid_len;
+ if (ssid_len)
+ memcpy(&req.essid, ssid, ssid_len);
+- DBG_BLOCK(2) {
+- char buf[NDIS_ESSID_MAX_SIZE+1];
+- memcpy(buf, ssid, ssid_len);
+- buf[ssid_len] = 0;
+- TRACE2("ssid = '%s'", buf);
+- }
++ TRACE2("ssid = '%.*s'", ssid_len, ssid);
+
+ res = mp_set(wnd, OID_802_11_SSID, &req, sizeof(req));
+ if (res) {
+@@ -125,7 +120,6 @@ static int iw_get_essid(struct net_device *dev, struct iw_request_info *info,
+ EXIT2(return -EOPNOTSUPP);
+ }
+ memcpy(extra, req.essid, req.length);
+- extra[req.length] = 0;
+ if (req.length > 0)
+ wrqu->essid.flags = 1;
+ else
+@@ -1000,7 +994,7 @@ static int iw_set_nick(struct net_device *dev, struct iw_request_info *info,
+
+ if (wrqu->data.length > IW_ESSID_MAX_SIZE || wrqu->data.length <= 0)
+ return -EINVAL;
+- memset(wnd->nick, 0, sizeof(wnd->nick));
++ wnd->nick_len = wrqu->data.length;
+ memcpy(wnd->nick, extra, wrqu->data.length);
+ return 0;
+ }
+@@ -1010,7 +1004,7 @@ static int iw_get_nick(struct net_device *dev, struct iw_request_info *info,
+ {
+ struct ndis_device *wnd = netdev_priv(dev);
+
+- wrqu->data.length = strlen(wnd->nick);
++ wrqu->data.length = wnd->nick_len;
+ memcpy(extra, wnd->nick, wrqu->data.length);
+ return 0;
+ }
+diff --git a/ubuntu/ndiswrapper/ndis.h b/ubuntu/ndiswrapper/ndis.h
+index 27ba99e..65d6b0b 100644
+--- a/ubuntu/ndiswrapper/ndis.h
++++ b/ubuntu/ndiswrapper/ndis.h
+@@ -878,6 +878,7 @@ struct ndis_device {
+ unsigned long scan_timestamp;
+ struct encr_info encr_info;
+ char nick[IW_ESSID_MAX_SIZE];
++ size_t nick_len;
+ struct ndis_essid essid;
+ struct auth_encr_capa capa;
+ enum ndis_infrastructure_mode infrastructure_mode;
+diff --git a/ubuntu/ndiswrapper/proc.c b/ubuntu/ndiswrapper/proc.c
+index fd5f433..6feff23 100644
+--- a/ubuntu/ndiswrapper/proc.c
++++ b/ubuntu/ndiswrapper/proc.c
+@@ -97,10 +97,8 @@ static int procfs_read_ndis_encr(char *page, char **start, off_t off,
+ p += sprintf(p, "\n");
+
+ res = mp_query(wnd, OID_802_11_SSID, &essid, sizeof(essid));
+- if (!res) {
+- essid.essid[essid.length] = '\0';
+- p += sprintf(p, "essid=%s\n", essid.essid);
+- }
++ if (!res)
++ p += sprintf(p, "essid=%.*s\n", essid.length, essid.essid);
+ res = mp_query_int(wnd, OID_802_11_ENCRYPTION_STATUS, &encr_status);
+ if (!res) {
+ typeof(&wnd->encr_info.keys[0]) tx_key;
+diff --git a/ubuntu/ndiswrapper/wrapndis.c b/ubuntu/ndiswrapper/wrapndis.c
+index f6e5d46..35ef1cd 100644
+--- a/ubuntu/ndiswrapper/wrapndis.c
++++ b/ubuntu/ndiswrapper/wrapndis.c
+@@ -2028,7 +2028,7 @@ static wstdcall NTSTATUS NdisAddDevice(struct driver_object *drv_obj,
+ wnd->attributes = 0;
+ wnd->dma_map_count = 0;
+ wnd->dma_map_addr = NULL;
+- wnd->nick[0] = 0;
++ wnd->nick_len = 0;
+ init_timer(&wnd->hangcheck_timer);
+ wnd->scan_timestamp = 0;
+ init_timer(&wnd->iw_stats_timer);
More information about the arch-commits
mailing list