diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-11-14 11:14:16 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-12-17 15:36:41 -0500 |
commit | d9ba954b6a0aa4ece40c2e3e52ea1bd9c0f4a5b6 (patch) | |
tree | 29d13b363404e8215cc380e3ddb9f27957060513 | |
parent | 9135c7ea7350d5d241f4afc3b28087122ebe2d19 (diff) | |
download | meta-openembedded-d9ba954b6a0aa4ece40c2e3e52ea1bd9c0f4a5b6.tar.gz |
wireshark: Fix CVE-2022-0585-CVE-2023-2879
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/8d3c2177793e900cfc7cfaac776a2807e4ea289f && https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2022-0585-CVE-2023-2879.patch | 93 | ||||
-rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 1 |
2 files changed, 94 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-0585-CVE-2023-2879.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-0585-CVE-2023-2879.patch new file mode 100644 index 000000000..1fc4a5fe3 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-0585-CVE-2023-2879.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From 5a7a80e139396c07d45e70d63c6d3974c50ae5e8 Mon Sep 17 00:00:00 2001 | ||
2 | From: John Thacker <johnthacker@gmail.com> | ||
3 | Date: Sat, 13 May 2023 21:45:16 -0400 | ||
4 | Subject: GDSDB: Make sure our offset advances. | ||
5 | |||
6 | add_uint_string() returns the next offset to use, not the number | ||
7 | of bytes consumed. So to consume all the bytes and make sure the | ||
8 | offset advances, return the entire reported tvb length, not the | ||
9 | number of bytes remaining. | ||
10 | |||
11 | Fixup 8d3c2177793e900cfc7cfaac776a2807e4ea289f | ||
12 | |||
13 | Fixes #19068 | ||
14 | |||
15 | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/8d3c2177793e900cfc7cfaac776a2807e4ea289f && https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677] | ||
16 | CVE: CVE-2022-0585 & CVE-2023-2879 | ||
17 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
18 | --- | ||
19 | epan/dissectors/packet-gdsdb.c | 23 ++++++++++++++++++++++- | ||
20 | 1 file changed, 22 insertions(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/epan/dissectors/packet-gdsdb.c b/epan/dissectors/packet-gdsdb.c | ||
23 | index 95fed7e..950d68f 100644 | ||
24 | --- a/epan/dissectors/packet-gdsdb.c | ||
25 | +++ b/epan/dissectors/packet-gdsdb.c | ||
26 | @@ -15,6 +15,7 @@ | ||
27 | #include "config.h" | ||
28 | |||
29 | #include <epan/packet.h> | ||
30 | +#include <epan/expert.h> | ||
31 | |||
32 | void proto_register_gdsdb(void); | ||
33 | void proto_reg_handoff_gdsdb(void); | ||
34 | @@ -182,6 +183,8 @@ static int hf_gdsdb_cursor_type = -1; | ||
35 | static int hf_gdsdb_sqlresponse_messages = -1; | ||
36 | #endif | ||
37 | |||
38 | +static expert_field ei_gdsdb_invalid_length = EI_INIT; | ||
39 | + | ||
40 | enum | ||
41 | { | ||
42 | op_void = 0, | ||
43 | @@ -474,7 +477,12 @@ static int add_uint_string(proto_tree *tree, int hf_string, tvbuff_t *tvb, int o | ||
44 | offset, 4, ENC_ASCII|ENC_BIG_ENDIAN); | ||
45 | length = dword_align(tvb_get_ntohl(tvb, offset))+4; | ||
46 | proto_item_set_len(ti, length); | ||
47 | - return offset + length; | ||
48 | + int ret_offset = offset + length; | ||
49 | + if (length < 4 || ret_offset < offset) { | ||
50 | + expert_add_info_format(NULL, ti, &ei_gdsdb_invalid_length, "Invalid length: %d", length); | ||
51 | + return tvb_reported_length(tvb); | ||
52 | + } | ||
53 | + return ret_offset; | ||
54 | } | ||
55 | |||
56 | static int add_byte_array(proto_tree *tree, int hf_len, int hf_byte, tvbuff_t *tvb, int offset) | ||
57 | @@ -1407,7 +1415,12 @@ dissect_gdsdb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U | ||
58 | offset, 4, ENC_BIG_ENDIAN); | ||
59 | |||
60 | /* opcode < op_max */ | ||
61 | + int old_offset = offset; | ||
62 | offset = gdsdb_handle_opcode[opcode](tvb, pinfo, gdsdb_tree, offset+4); | ||
63 | + if (offset <= old_offset) { | ||
64 | + expert_add_info(NULL, ti, &ei_gdsdb_invalid_length); | ||
65 | + return tvb_reported_length_remaining(tvb, old_offset); | ||
66 | + } | ||
67 | if (offset < 0) | ||
68 | { | ||
69 | /* But at this moment we don't know how much we will need */ | ||
70 | @@ -2022,12 +2035,20 @@ proto_register_gdsdb(void) | ||
71 | &ett_gdsdb_connect_pref | ||
72 | }; | ||
73 | |||
74 | +/* Expert info */ | ||
75 | + static ei_register_info ei[] = { | ||
76 | + { &ei_gdsdb_invalid_length, { "gdsdb.invalid_length", PI_MALFORMED, PI_ERROR, | ||
77 | + "Invalid length", EXPFILL }}, | ||
78 | + }; | ||
79 | + | ||
80 | proto_gdsdb = proto_register_protocol( | ||
81 | "Firebird SQL Database Remote Protocol", | ||
82 | "FB/IB GDS DB", "gdsdb"); | ||
83 | |||
84 | proto_register_field_array(proto_gdsdb, hf, array_length(hf)); | ||
85 | proto_register_subtree_array(ett, array_length(ett)); | ||
86 | + expert_module_t *expert_gdsdb = expert_register_protocol(proto_gdsdb); | ||
87 | + expert_register_field_array(expert_gdsdb, ei, array_length(ei)); | ||
88 | } | ||
89 | |||
90 | void | ||
91 | -- | ||
92 | 2.25.1 | ||
93 | |||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index b4425cb66..b35c24328 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | |||
@@ -19,6 +19,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz | |||
19 | file://CVE-2023-0668.patch \ | 19 | file://CVE-2023-0668.patch \ |
20 | file://CVE-2023-2906.patch \ | 20 | file://CVE-2023-2906.patch \ |
21 | file://CVE-2023-3649.patch \ | 21 | file://CVE-2023-3649.patch \ |
22 | file://CVE-2022-0585-CVE-2023-2879.patch \ | ||
22 | " | 23 | " |
23 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" | 24 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" |
24 | 25 | ||