diff options
author | Ashish Sharma <asharma@mvista.com> | 2024-03-28 16:05:02 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-04-25 08:27:27 -0400 |
commit | 6e702707c320a12a91c85a4627f99db607d42f55 (patch) | |
tree | bcddab422df9a86c00b2066ceab59d5212268a88 | |
parent | 850da18f9cf3aeb8416e4bb22917053b8709d69f (diff) | |
download | meta-openembedded-6e702707c320a12a91c85a4627f99db607d42f55.tar.gz |
wireshark: Backport fix for CVE-2024-2955
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch | 52 | ||||
-rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch new file mode 100644 index 000000000..347943d42 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 6fd3af5e999c71df67c2cdcefb96d0dc4afa5341 Mon Sep 17 00:00:00 2001 | ||
2 | From: John Thacker <johnthacker@gmail.com> | ||
3 | Date: Wed, 6 Mar 2024 20:40:42 -0500 | ||
4 | Subject: [PATCH] t38: Allocate forced defragmented memory in correct scope | ||
5 | |||
6 | Fragment data can't be allocated in pinfo->pool scope, as it | ||
7 | outlives the frame. Set it to be freed when the associated tvb | ||
8 | is freed, as done in the main reassemble.c code. | ||
9 | |||
10 | Fix #19695 | ||
11 | |||
12 | CVE: CVE-2024-2955 | ||
13 | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341] | ||
14 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
15 | |||
16 | epan/dissectors/asn1/t38/packet-t38-template.c | 3 ++- | ||
17 | epan/dissectors/packet-t38.c | 3 ++- | ||
18 | 2 files changed, 4 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/epan/dissectors/asn1/t38/packet-t38-template.c b/epan/dissectors/asn1/t38/packet-t38-template.c | ||
21 | index 7b856626865..526b313d054 100644 | ||
22 | --- a/epan/dissectors/asn1/t38/packet-t38-template.c | ||
23 | +++ b/epan/dissectors/asn1/t38/packet-t38-template.c | ||
24 | @@ -325,8 +325,9 @@ force_reassemble_seq(reassembly_table *table, packet_info *pinfo, guint32 id) | ||
25 | last_fd=fd_i; | ||
26 | } | ||
27 | |||
28 | - data = (guint8 *) wmem_alloc(pinfo->pool, size); | ||
29 | + data = (guint8 *) g_malloc(size); | ||
30 | fd_head->tvb_data = tvb_new_real_data(data, size, size); | ||
31 | + tvb_set_free_cb(fd_head->tvb_data, g_free); | ||
32 | fd_head->len = size; /* record size for caller */ | ||
33 | |||
34 | /* add all data fragments */ | ||
35 | diff --git a/epan/dissectors/packet-t38.c b/epan/dissectors/packet-t38.c | ||
36 | index ca95ae8b64e..5083c936c5a 100644 | ||
37 | --- a/epan/dissectors/packet-t38.c | ||
38 | +++ b/epan/dissectors/packet-t38.c | ||
39 | @@ -355,8 +355,9 @@ force_reassemble_seq(reassembly_table *table, packet_info *pinfo, guint32 id) | ||
40 | last_fd=fd_i; | ||
41 | } | ||
42 | |||
43 | - data = (guint8 *) wmem_alloc(pinfo->pool, size); | ||
44 | + data = (guint8 *) g_malloc(size); | ||
45 | fd_head->tvb_data = tvb_new_real_data(data, size, size); | ||
46 | + tvb_set_free_cb(fd_head->tvb_data, g_free); | ||
47 | fd_head->len = size; /* record size for caller */ | ||
48 | |||
49 | /* add all data fragments */ | ||
50 | -- | ||
51 | GitLab | ||
52 | |||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index 8af0e6aa5..534b1a2f3 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | |||
@@ -24,6 +24,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz | |||
24 | file://CVE-2024-0208.patch \ | 24 | file://CVE-2024-0208.patch \ |
25 | file://CVE-2023-1992.patch \ | 25 | file://CVE-2023-1992.patch \ |
26 | file://CVE-2023-4511.patch \ | 26 | file://CVE-2023-4511.patch \ |
27 | file://CVE-2024-2955.patch \ | ||
27 | " | 28 | " |
28 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" | 29 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" |
29 | 30 | ||