Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 527298 - net-wireless/reaver-1.4-r3 segmentation fault because of a epatch
Summary: net-wireless/reaver-1.4-r3 segmentation fault because of a epatch
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Oleh Kravchenko
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-29 07:18 UTC by Tom Li
Modified: 2014-10-29 09:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Li 2014-10-29 07:18:58 UTC 
New patches was added in net-wireless/reaver-1.4-r3 to fix compile warnings, but one of the patch:

reaver-1.4_wps_registrar.patch

--- a/wps/wps_registrar.c
+++ b/wps/wps_registrar.c
@@ -2317,11 +2317,11 @@
 	/* @@@ Save a copy of the network key and ssid directly to the wps_data structure @@@ */
 	if(wps->cred.key_len > 0)
 	{
-		wps->key = strdup(wps->cred.key);
+		memcpy(wps->key, wps->cred.key, sizeof(wps->cred.key));
 	}
 	if(wps->cred.ssid_len > 0)
 	{
-		wps->essid = strdup(wps->cred.ssid);
+		memcpy(wps->essid, wps->cred.ssid, sizeof(wps->cred.ssid));
 	}


Totally break net-wireless/reaver.

wps->key and wps->essid are (char *) pointers. The original strdup() call allocate a new piece of memory, copy the string and return a pointer to it.

It is nonsense to copy a string to a pointer. It will cause segmentation fault when we got the correct pin. If replace them to memcpy(), we need to allocate memory by malloc().
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-10-29 09:10:40 UTC 
oops, that's mine
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-10-29 09:11:58 UTC 
I dropped that chunk.
Comment 3 Oleh Kravchenko 2014-10-29 09:14:29 UTC 
Use strndup() :)