diff options
author | vkumbhar <vkumbhar@mvista.com> | 2023-12-08 10:08:06 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-01-12 07:14:16 -0500 |
commit | e80ffdd368644ae5646f3a8206a3aef1f872fad0 (patch) | |
tree | f9eb319fdbe8d39a28a5ca932d56900678470ad1 | |
parent | 1cd6f3e074ce019080ea3bdd39e0b62ca0e50b07 (diff) | |
download | meta-openembedded-e80ffdd368644ae5646f3a8206a3aef1f872fad0.tar.gz |
wireshark: fix CVE-2023-1992 RPCoRDMA dissector crash
Upstream-Status: Backport from https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch | 61 | ||||
-rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | 1 |
2 files changed, 62 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch new file mode 100644 index 000000000..6bddf975d --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001 | ||
2 | From: John Thacker <johnthacker@gmail.com> | ||
3 | Date: Sun, 19 Mar 2023 15:16:39 -0400 | ||
4 | Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets | ||
5 | |||
6 | Add a frame end routine for a global which is assigned to packet | ||
7 | scoped memory. It really should be made proto data, but is used | ||
8 | in a function in the header (that doesn't take the packet info | ||
9 | struct as an argument) and this fix needs to be made in stable | ||
10 | branches. | ||
11 | |||
12 | Fix #18852 | ||
13 | |||
14 | Upstream-Status: Backport [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741] | ||
15 | CVE: CVE-2023-1992 | ||
16 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
17 | --- | ||
18 | epan/dissectors/packet-rpcrdma.c | 14 ++++++++++++++ | ||
19 | 1 file changed, 14 insertions(+) | ||
20 | |||
21 | diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c | ||
22 | index 76085c7..9d57bae 100644 | ||
23 | --- a/epan/dissectors/packet-rpcrdma.c | ||
24 | +++ b/epan/dissectors/packet-rpcrdma.c | ||
25 | @@ -24,6 +24,7 @@ | ||
26 | #include <epan/addr_resolv.h> | ||
27 | |||
28 | #include "packet-rpcrdma.h" | ||
29 | +#include "packet-frame.h" | ||
30 | #include "packet-infiniband.h" | ||
31 | #include "packet-iwarp-ddp-rdmap.h" | ||
32 | |||
33 | @@ -270,6 +271,18 @@ void rpcrdma_insert_offset(gint offset) | ||
34 | wmem_array_append_one(gp_rdma_write_offsets, offset); | ||
35 | } | ||
36 | |||
37 | +/* | ||
38 | + * Reset the array of write offsets at the end of the frame. These | ||
39 | + * are packet scoped, so they don't need to be freed, but we want | ||
40 | + * to ensure that the global doesn't point to no longer allocated | ||
41 | + * memory in a later packet. | ||
42 | + */ | ||
43 | +static void | ||
44 | +reset_write_offsets(void) | ||
45 | +{ | ||
46 | + gp_rdma_write_offsets = NULL; | ||
47 | +} | ||
48 | + | ||
49 | /* Get conversation state, it is created if it does not exist */ | ||
50 | static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo) | ||
51 | { | ||
52 | @@ -1392,6 +1405,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data | ||
53 | if (write_size > 0 && !pinfo->fd->visited) { | ||
54 | /* Initialize array of write chunk offsets */ | ||
55 | gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint)); | ||
56 | + register_frame_end_routine(pinfo, reset_write_offsets); | ||
57 | TRY { | ||
58 | /* | ||
59 | * Call the upper layer dissector to get a list of offsets | ||
60 | -- | ||
61 | 2.40.1 | ||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 19489a8bc..f233b4253 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb | |||
@@ -25,6 +25,7 @@ SRC_URI += " \ | |||
25 | file://CVE-2023-0667.patch \ | 25 | file://CVE-2023-0667.patch \ |
26 | file://CVE-2023-0668.patch \ | 26 | file://CVE-2023-0668.patch \ |
27 | file://CVE-2023-2906.patch \ | 27 | file://CVE-2023-2906.patch \ |
28 | file://CVE-2023-1992.patch \ | ||
28 | " | 29 | " |
29 | 30 | ||
30 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" | 31 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" |