| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2009 11:35:07 +0100
From: Johannes Berg <johannes@...solutions.net>
To: Holger Schurig <holgerschurig@...il.com>
Cc: linux-wireless@...r.kernel.org, David Miller <davem@...emloft.net>,
daniel@...aq.de, linux-kernel@...r.kernel.org, dcbw@...hat.com,
m.hirsch@...mfeld.com, netdev@...r.kernel.org,
libertas-dev@...ts.infradead.org, stable@...nel.org
Subject: Re: [PATCH] wireless: wext: allocate space for NULL-termination
for 32byte SSIDs
On Tue, 2009-12-15 at 11:30 +0100, Holger Schurig wrote:
> > drivers/net/wireless/libertas$ grep lbs_deb_ * | grep ssid
> > |grep '%s'
> > assoc.c: lbs_deb_join("current SSID '%s', ssid length %u\n",
> > assoc.c: lbs_deb_join("requested ssid '%s', ssid length %u\n",
> > assoc.c: lbs_deb_join("ADHOC_START: SSID '%s', ssid
> > length %u\n",
> > scan.c: lbs_deb_wext("set_scan, essid '%s'\n",
>
> All those lines are gone once my cfg80211 lands.
>
> Do you know any way to make sparse moan about them?
Sorry, no, I don't think that's even possible unless you play dirty with
tricks like __iomem uses for instance but that'd require a lot of
casting in otherwise valid uses.
> BTW: the libertas firmware sometimes treat an SSID as a
> zero-terminated string. There are some firmware commands that
> accept just an u8[32] bytes for the SSID, but not an ssid_len,
> e.g. in the CMD_802_11_AD_HOC_START command.
>
> You therefore can't connect to the otherwise legitimate SSID of
> TEST\0\0\0.
Ick! I guess your cfg80211 IBSS join handler needs to check for that
then and refuse such an SSID.
johannes
Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists