diff options
author | vkumbhar <vkumbhar@mvista.com> | 2023-12-13 17:25:03 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-12-17 15:36:42 -0500 |
commit | fc632d5bb0936e91e4e0191547b9aa8ca47b4ffe (patch) | |
tree | 3ae4d47234add8bb2d91540c9a084245e4b321f2 | |
parent | 3bcc5bb4deee32f04b4c6ba0a3b342c864f1c03d (diff) | |
download | meta-openembedded-fc632d5bb0936e91e4e0191547b9aa8ca47b4ffe.tar.gz |
wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch | 52 | ||||
-rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch new file mode 100644 index 000000000..938b7cf77 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001 | ||
2 | From: John Thacker <johnthacker@gmail.com> | ||
3 | Date: Thu, 1 Dec 2022 20:46:15 -0500 | ||
4 | Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats | ||
5 | |||
6 | The ofp_stats struct length field includes the fixed 4 bytes. | ||
7 | If the length is smaller than that, report the length error | ||
8 | and break out. In particular, a value of zero can cause | ||
9 | infinite loops if this isn't done. | ||
10 | |||
11 | |||
12 | (cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db) | ||
13 | |||
14 | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f] | ||
15 | CVE: CVE-2022-4345 | ||
16 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
17 | --- | ||
18 | epan/dissectors/packet-openflow_v6.c | 8 +++++++- | ||
19 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
20 | |||
21 | diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c | ||
22 | index f3bd0ef..96a3233 100644 | ||
23 | --- a/epan/dissectors/packet-openflow_v6.c | ||
24 | +++ b/epan/dissectors/packet-openflow_v6.c | ||
25 | @@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, | ||
26 | static int | ||
27 | dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_) | ||
28 | { | ||
29 | + proto_item *ti; | ||
30 | guint32 stats_length; | ||
31 | int oxs_end; | ||
32 | guint32 padding; | ||
33 | |||
34 | proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA); | ||
35 | |||
36 | - proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); | ||
37 | + ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); | ||
38 | |||
39 | oxs_end = offset + stats_length; | ||
40 | offset+=4; | ||
41 | |||
42 | + if (stats_length < 4) { | ||
43 | + expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short); | ||
44 | + return offset; | ||
45 | + } | ||
46 | + | ||
47 | while (offset < oxs_end) { | ||
48 | offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset); | ||
49 | } | ||
50 | -- | ||
51 | 2.40.1 | ||
52 | |||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index b35c24328..7d99a1438 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | |||
@@ -20,6 +20,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz | |||
20 | file://CVE-2023-2906.patch \ | 20 | file://CVE-2023-2906.patch \ |
21 | file://CVE-2023-3649.patch \ | 21 | file://CVE-2023-3649.patch \ |
22 | file://CVE-2022-0585-CVE-2023-2879.patch \ | 22 | file://CVE-2022-0585-CVE-2023-2879.patch \ |
23 | file://CVE-2022-4345.patch \ | ||
23 | " | 24 | " |
24 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" | 25 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" |
25 | 26 | ||