Commit [r2749]  Maximize  Restore  History

Fix CVE-2007-5448:

| Madwifi and earlier allows remote attackers to cause a denial
| of service (panic) via a beacon frame with a large length value in the
| extended supported rates (xrates) element, which triggers an assertion
| error, related to net80211/ieee80211_scan_ap.c and
| net80211/ieee80211_scan_sta.c.

One interesting fact is that net80211/ieee80211_scan_ap.c is not prone to
this vulnerability in any of our releases. r2724 is the first revision
where net80211/ieee80211_scan_ap.c is vulnerable.

Reference changeset: r2724

kelmo 2007-10-16

changed /madwifi/releases/0.9.3/net80211/_ieee80211.h
changed /madwifi/releases/0.9.3/net80211/ieee80211_scan_sta.c
/madwifi/releases/0.9.3/net80211/_ieee80211.h Diff Switch to side-by-side view
/madwifi/releases/0.9.3/net80211/ieee80211_scan_sta.c Diff Switch to side-by-side view