Hi, Jouni!
On Thu, 2005-10-06 at 20:25 -0700, Jouni Malinen wrote:
> On Tue, Oct 04, 2005 at 09:33:10PM -0400, Pavel Roskin wrote:
>
> > orinoco: Information leakage due to incorrect padding
> >
> > The orinoco driver can send uninitialized data exposing random pieces of
> > the system memory. This happens because data is not padded with zeroes
> > when its length needs to be increased.
>
> Issue itself looks valid in the current implementation, but a better fix
> would be to just remove the padding.
Thank you! With you and Jean saying that, I'm pretty much reassured
now :-)
I'll do it in Orinoco CVS soon and then I'll submit the patch.
The patch I posted is actually a simplified version of the patch
actually applied to the orinoco CVS, to make it as safe as possible for
Linux 2.6.14 inclusion.
--
Regards,
Pavel Roskin
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
|
