diff options
author | vkumbhar <vkumbhar@mvista.com> | 2023-12-13 12:07:01 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-01-12 07:14:16 -0500 |
commit | 52e23d3fcd48a64af71f5423233f261af6c59f60 (patch) | |
tree | 2abde802d3c5e29d9ea4e78c6aeac4ec218904f7 | |
parent | e80ffdd368644ae5646f3a8206a3aef1f872fad0 (diff) | |
download | meta-openembedded-52e23d3fcd48a64af71f5423233f261af6c59f60.tar.gz |
wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch | 52 | ||||
-rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch new file mode 100644 index 000000000..ccf04459e --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001 | ||
2 | From: John Thacker <johnthacker@gmail.com> | ||
3 | Date: Thu, 1 Dec 2022 20:46:15 -0500 | ||
4 | Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats | ||
5 | |||
6 | The ofp_stats struct length field includes the fixed 4 bytes. | ||
7 | If the length is smaller than that, report the length error | ||
8 | and break out. In particular, a value of zero can cause | ||
9 | infinite loops if this isn't done. | ||
10 | |||
11 | |||
12 | (cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db) | ||
13 | |||
14 | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f] | ||
15 | CVE: CVE-2022-4345 | ||
16 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
17 | --- | ||
18 | epan/dissectors/packet-openflow_v6.c | 8 +++++++- | ||
19 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
20 | |||
21 | diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c | ||
22 | index 16016af..3e24d76 100644 | ||
23 | --- a/epan/dissectors/packet-openflow_v6.c | ||
24 | +++ b/epan/dissectors/packet-openflow_v6.c | ||
25 | @@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, | ||
26 | static int | ||
27 | dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_) | ||
28 | { | ||
29 | + proto_item *ti; | ||
30 | guint32 stats_length; | ||
31 | int oxs_end; | ||
32 | guint32 padding; | ||
33 | |||
34 | proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA); | ||
35 | |||
36 | - proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); | ||
37 | + ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); | ||
38 | |||
39 | oxs_end = offset + stats_length; | ||
40 | offset+=4; | ||
41 | |||
42 | + if (stats_length < 4) { | ||
43 | + expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short); | ||
44 | + return offset; | ||
45 | + } | ||
46 | + | ||
47 | while (offset < oxs_end) { | ||
48 | offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset); | ||
49 | } | ||
50 | -- | ||
51 | 2.40.1 | ||
52 | |||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index f233b4253..365ec5e90 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | |||
@@ -26,6 +26,7 @@ SRC_URI += " \ | |||
26 | file://CVE-2023-0668.patch \ | 26 | file://CVE-2023-0668.patch \ |
27 | file://CVE-2023-2906.patch \ | 27 | file://CVE-2023-2906.patch \ |
28 | file://CVE-2023-1992.patch \ | 28 | file://CVE-2023-1992.patch \ |
29 | file://CVE-2022-4345.patch \ | ||
29 | " | 30 | " |
30 | 31 | ||
31 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" | 32 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" |