Bug#528639: marked as done (wpasupplicant: buffer overflow in _wpa_hexdump)

[Debian Bug Tracking System]

Your message dated Mon, 18 May 2009 23:18:01 +0000
with message-id <e1m6c5p-0002bz...@ries.debian.org>
and subject line Bug#528639: fixed in wpasupplicant 0.6.9-3
has caused the Debian Bug report #528639,
regarding wpasupplicant: buffer overflow in _wpa_hexdump
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
528639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528639
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wpasupplicant
Version: 0.6.9-2
Severity: important
Tags: security

Hi,

your syslog patch changes _wpa_hexdump() to create the debug string in a
local buffer on the stack before emitting it - however you boldly assume
that 2048B "should be enough for everyone". When connecting to a WPA-EAP
network here, my network card receives a 1028B packet during the handshake,
which *easily* exceeds the 2048B for the hexdump string and smashes the
stack. Maybe you should take the input length into account?


Regards,

Jan

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: wpasupplicant
Source-Version: 0.6.9-3

We believe that the bug you reported is fixed in the latest version of
wpasupplicant, which is due to be installed in the Debian FTP archive:

wpagui_0.6.9-3_i386.deb
  to pool/main/w/wpasupplicant/wpagui_0.6.9-3_i386.deb
wpasupplicant_0.6.9-3.diff.gz
  to pool/main/w/wpasupplicant/wpasupplicant_0.6.9-3.diff.gz
wpasupplicant_0.6.9-3.dsc
  to pool/main/w/wpasupplicant/wpasupplicant_0.6.9-3.dsc
wpasupplicant_0.6.9-3_i386.deb
  to pool/main/w/wpasupplicant/wpasupplicant_0.6.9-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 528...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kel Modderman <k...@otaku42.de> (supplier of updated wpasupplicant package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 16 May 2009 03:47:08 +1000
Source: wpasupplicant
Binary: wpasupplicant wpagui
Architecture: source i386
Version: 0.6.9-3
Distribution: unstable
Urgency: low
Maintainer: Debian/Ubuntu wpasupplicant Maintainers 
<pkg-wpa-de...@lists.alioth.debian.org>
Changed-By: Kel Modderman <k...@otaku42.de>
Description: 
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
Closes: 528639
Changes: 
 wpasupplicant (0.6.9-3) unstable; urgency=low
 .
   * Drop debian/patches/12_syslog_supplement.patch. It adds code which
     attempts to prettify output but doesn't handle large output well.
     (Closes: #528639)
Checksums-Sha1: 
 ab67f7050d31f31d8ba2118f2bbe0776d26ea9d0 1553 wpasupplicant_0.6.9-3.dsc
 aa85790bdbc4a8ed05ffe97cd928e9bc0b19df40 66078 wpasupplicant_0.6.9-3.diff.gz
 da47f14d2e93497263136472dd7f8d6b5f667b54 357128 wpasupplicant_0.6.9-3_i386.deb
 f1ab3a295a9984a59b80faa3d0e6742d0bcab414 141108 wpagui_0.6.9-3_i386.deb
Checksums-Sha256: 
 fe44190c668e710bfd16ec99120c109fd7ec5a94839a21ca9f2e60ec8eee46bb 1553 
wpasupplicant_0.6.9-3.dsc
 9306c8764fd3065fdc4d972c38891d6444d226036458ec28bb9fba5565daec2f 66078 
wpasupplicant_0.6.9-3.diff.gz
 c9f0ddc983f23648e5eda336fcf951dea99521a7b093474138dda9c35741b5e7 357128 
wpasupplicant_0.6.9-3_i386.deb
 052e5d17dc7374911d7629dad574f1e558e7ffe07267a8b9e6122935e55bed70 141108 
wpagui_0.6.9-3_i386.deb
Files: 
 cdbc3cec551f081995758c1193221e85 1553 net optional wpasupplicant_0.6.9-3.dsc
 17a81580ff7d1d0081877ce1d7769a82 66078 net optional 
wpasupplicant_0.6.9-3.diff.gz
 0a4dfc7178f9a0f9299d63b7937d75b3 357128 net optional 
wpasupplicant_0.6.9-3_i386.deb
 a2970fbc378bad989c665318c8c85290 141108 net optional wpagui_0.6.9-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKEeryVty5d8XpUzMRAv0FAJ9FoSYdLtTiNBZT+gPfG3H8j0PGlACfQ5yg
8cB2O78nbGvxWh+cRF2bLqY=
=ei0O
-----END PGP SIGNATURE-----

--- End Message ---