#! /bin/sh /usr/share/dpatch/dpatch-run ## 50_fix_hexstr2bin_stack_overflow.dpatch by Kees Cook <kees@outflux.net> ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Adjust bytes to target buffer length, not source buffer length. @DPATCH@ diff -urNad wpasupplicant-0.6.0~/src/drivers/driver_wext.c wpasupplicant-0.6.0/src/drivers/driver_wext.c --- wpasupplicant-0.6.0~/src/drivers/driver_wext.c 2007-05-28 10:26:55.000000000 -0700 +++ wpasupplicant-0.6.0/src/drivers/driver_wext.c 2007-09-14 23:07:24.217713592 -0700 @@ -1380,6 +1380,7 @@ wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); return; } + bytes /= 2; hexstr2bin(spos, bin, bytes); res->tsf += WPA_GET_BE64(bin); }