diff options
| author |   Alon Bar-Lev <alonbl@gentoo.org> | 2012-12-15 21:46:38 +0000 |
|---|---|---|
| committer | Alon Bar-Lev <alonbl@gentoo.org> | 2012-12-15 21:46:38 +0000 |
| commit | aef9ed7c706335b215447764af71fd940a611de3 (patch) | |
| tree | 6906cc7ecafa6dacdec2cfa7835558256daf4301 /net-wireless/aircrack-ng | |
| parent | Drop opencollada for stable candidate as it's not ready for stabilization yet... (diff) | |
| download | gentoo-2-aef9ed7c706335b215447764af71fd940a611de3.tar.gz gentoo-2-aef9ed7c706335b215447764af71fd940a611de3.tar.bz2 gentoo-2-aef9ed7c706335b215447764af71fd940a611de3.zip | |
Fix CVE-2010-1159, per bug#311797 by Tim Sammut
(Portage version: 2.2.0_alpha148/cvs/Linux x86_64, unsigned Manifest commit)
Diffstat (limited to 'net-wireless/aircrack-ng')
| -rw-r--r-- | net-wireless/aircrack-ng/ChangeLog | 8 | ||||
| -rw-r--r-- | net-wireless/aircrack-ng/aircrack-ng-1.1-r2.ebuild (renamed from net-wireless/aircrack-ng/aircrack-ng-1.1-r1.ebuild) | 3 | ||||
| -rw-r--r-- | net-wireless/aircrack-ng/files/aircrack-ng-1.1-CVE-2010-1159.patch | 20 |
3 files changed, 29 insertions, 2 deletions
diff --git a/net-wireless/aircrack-ng/ChangeLog b/net-wireless/aircrack-ng/ChangeLog index bb2ffd48878a..f43d0597a88b 100644 --- a/net-wireless/aircrack-ng/ChangeLog +++ b/net-wireless/aircrack-ng/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-wireless/aircrack-ng # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-wireless/aircrack-ng/ChangeLog,v 1.64 2012/12/15 18:59:51 alonbl Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-wireless/aircrack-ng/ChangeLog,v 1.65 2012/12/15 21:46:37 alonbl Exp $ + +*aircrack-ng-1.1-r2 (15 Dec 2012) + + 15 Dec 2012; Alon Bar-Lev <alonbl@gentoo.org> +aircrack-ng-1.1-r2.ebuild, + +files/aircrack-ng-1.1-CVE-2010-1159.patch, -aircrack-ng-1.1-r1.ebuild: + Fix CVE-2010-1159, per bug#311797 by Tim Sammut 14 Dec 2012; Alon Bar-Lev <alonbl@gentoo.org> -files/aircrack-ng-1.0_rc2-freebsd.patch: remove unused files diff --git a/net-wireless/aircrack-ng/aircrack-ng-1.1-r1.ebuild b/net-wireless/aircrack-ng/aircrack-ng-1.1-r2.ebuild index 76e636770973..5d54baf13a13 100644 --- a/net-wireless/aircrack-ng/aircrack-ng-1.1-r1.ebuild +++ b/net-wireless/aircrack-ng/aircrack-ng-1.1-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-wireless/aircrack-ng/aircrack-ng-1.1-r1.ebuild,v 1.1 2012/12/14 20:41:12 alonbl Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-wireless/aircrack-ng/aircrack-ng-1.1-r2.ebuild,v 1.1 2012/12/15 21:46:37 alonbl Exp $ EAPI="3" @@ -33,6 +33,7 @@ src_prepare() { epatch "${FILESDIR}/${PN}-1.0_rc4-fix_build.patch" epatch "${FILESDIR}/${P}-parallelmake.patch" epatch "${FILESDIR}/${P}-sse-pic.patch" + epatch "${FILESDIR}/${P}-CVE-2010-1159.patch" } src_compile() { diff --git a/net-wireless/aircrack-ng/files/aircrack-ng-1.1-CVE-2010-1159.patch b/net-wireless/aircrack-ng/files/aircrack-ng-1.1-CVE-2010-1159.patch new file mode 100644 index 000000000000..38490b8275b3 --- /dev/null +++ b/net-wireless/aircrack-ng/files/aircrack-ng-1.1-CVE-2010-1159.patch @@ -0,0 +1,20 @@ +--- src/airodump-ng.c ++++ src/airodump-ng.c +@@ -2126,7 +2126,7 @@ + st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 ) + + h80211[z + 3] + 4; + +- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0) ++ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256) + { + // Ignore the packet trying to crash us. + goto write_packet; +@@ -2158,7 +2158,7 @@ + st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 ) + + h80211[z + 3] + 4; + +- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0) ++ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256) + { + // Ignore the packet trying to crash us. + goto write_packet; |