wireshark: Fix Multiple CVEs

Backport fixes for: * CVE-2023-0666 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2 * CVE-2023-0667 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a * CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-06-26 11:34:40 +0530
committer: Armin Kuster <akuster808@gmail.com> 2023-06-27 07:05:40 -0400
commit: b3acca0eb15e57ea3284d98cba126dd8e5cd5901 (patch)
tree: 943da585f064fd5e921317bf7c05c5df2c574a67
parent: 30b2c1c064dc9f3a9cf3c974e18e6f5c5c0c964e (diff)
download: meta-openembedded-b3acca0eb15e57ea3284d98cba126dd8e5cd5901.tar.gz
4 files changed, 224 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
new file mode 100644
index 000000000..773291682
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
@@ -0,0 +1,122 @@
+From 265cbf15a418b629c3c8f02c0ba901913b1c8fd2 Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Thu, 18 May 2023 13:52:48 -0700
+Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
+Use the proper dest_size in various g_strlcpy calls.
+Fixes #19085
+(cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7)
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2]
+CVE: CVE-2023-0666
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
+index 5c2d1c1..ef592d7 100644
+--- a/epan/dissectors/packet-rtps.c
+++ b/epan/dissectors/packet-rtps.c
+@@ -3025,7 +3025,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+     ++tk_id;
+   }
+ 
+-  g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
+  g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
+ 
+     /* Structure of the typecode data:
+      *
+@@ -3196,7 +3196,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+                     member_name, -1, NULL, ndds_40_hack);
+         }
+         /* Finally prints the name of the struct (if provided) */
+-        g_strlcpy(type_name, "}", 40);
+        g_strlcpy(type_name, "}", sizeof(type_name));
+         break;
+ 
+     } /* end of case UNION */
+@@ -3367,7 +3367,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+           }
+         }
+         /* Finally prints the name of the struct (if provided) */
+-        g_strlcpy(type_name, "}", 40);
+        g_strlcpy(type_name, "}", sizeof(type_name));
+         break;
+       }
+ 
+@@ -3459,7 +3459,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+         offset += 4;
+         alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
+         offset += alias_name_length;
+-        g_strlcpy(type_name, alias_name, 40);
+        g_strlcpy(type_name, alias_name, sizeof(type_name));
+         break;
+     }
+ 
+@@ -3494,7 +3494,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+         if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
+           type_id_name = "valueparam";
+         }
+-        g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
+        g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
+         break;
+     }
+   } /* switch(tk_id) */
+@@ -3673,7 +3673,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
+   long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
+   name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
+   if (info)
+-    g_strlcpy(info->member_name, name, long_number);
+    g_strlcpy(info->member_name, name, sizeof(info->member_name));
+ 
+   proto_item_append_text(tree, " %s", name);
+   offset += member_length;
+@@ -3848,13 +3848,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
+   proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
+   if (member_object) {
+     member_object->member_id = member_id;
+-    g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
+    g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
+     member_object->type_id = member_type_id;
+   }
+   if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
+       mutable_member_mapping * mutable_mapping = NULL;
+       mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
+-      g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
+      g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
+       mutable_mapping->struct_type_id = info->type_id;
+       mutable_mapping->member_type_id = member_type_id;
+       mutable_mapping->member_id = member_id;
+@@ -3909,7 +3909,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     union_member_mapping * mapping = NULL;
+ 
+     mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
+    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
+     mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3922,7 +3922,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     union_member_mapping * mapping = NULL;
+ 
+     mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
+    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = -1;
+     mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3942,7 +3942,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+     ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
+     offset_tmp += 4;
+ 
+-    g_strlcpy(mapping->member_name, object.member_name, 256);
+    g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+     mapping->member_type_id = object.type_id;
+     mapping->discriminator = discriminator_case;
+     mapping->union_type_id = union_type_id + discriminator_case;
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
new file mode 100644
index 000000000..cd07395aa
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
@@ -0,0 +1,66 @@
+From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 18 May 2023 18:06:36 -0400
+Subject: [PATCH] MS-MMS: Use format_text_string()
+The length of a string transcoded from UTF-16 to UTF-8 can be
+shorter (or longer) than the original length in bytes in the packet.
+Use the new string length, not the original length.
+Use format_text_string, which is a convenience function that
+calls strlen.
+Fix #19086
+(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
+CVE: CVE-2023-0667
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-ms-mms.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
+index f4dbcd0..092a64b 100644
+--- a/epan/dissectors/packet-ms-mms.c
+++ b/epan/dissectors/packet-ms-mms.c
+@@ -740,7 +740,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro
+                                  transport_info, "Transport: (%s)", transport_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
+                    format_text_string(pinfo->pool, (const guchar*)transport_info));
+ 
+ 
+     /* Try to extract details from this string */
+@@ -837,7 +837,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
+                             ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
+ 
+         col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
+                    format_text_string(pinfo->pool, (const guchar*)server_version));
+     }
+     offset += (server_version_length*2);
+ 
+@@ -891,7 +891,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
+                    format_text_string(pinfo->pool, (const guchar*)player_info));
+ }
+ 
+ /* Dissect info about where client wants to start playing from */
+@@ -966,7 +966,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
+                    format_text_string(pinfo->pool, (const guchar*)server_file));
+ }
+ 
+ /* Dissect media details from server */
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
new file mode 100644
index 000000000..000993933
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
@@ -0,0 +1,33 @@
+From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 20 May 2023 23:08:08 -0400
+Subject: [PATCH] synphasor: Use val_to_str_const
+Don't use a value from packet data to directly index a value_string,
+particularly when the value string doesn't cover all possible values.
+Fix #19087
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9]
+CVE: CVE-2023-0668
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-synphasor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
+index 12b388b..fbde875 100644
+--- a/epan/dissectors/packet-synphasor.c
+++ b/epan/dissectors/packet-synphasor.c
+@@ -1212,7 +1212,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c
+ 
+                data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
+                                                               ett_conf_phflags, NULL, "Phasor Data flags: %s",
+-                                                              conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
+                                                              val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
+ 
+                /* first and second bytes - phasor modification flags*/
+                phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index 96603710f..025559193 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -21,6 +21,9 @@ SRC_URI += " \
    file://CVE-2023-2858.patch \
    file://CVE-2023-2879.patch \
    file://CVE-2023-2952.patch \
+    file://CVE-2023-0666.patch \
+    file://CVE-2023-0667.patch \
+    file://CVE-2023-0668.patch \
 "
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-06-26 11:34:40 +0530
committer	Armin Kuster <akuster808@gmail.com>	2023-06-27 07:05:40 -0400
commit	b3acca0eb15e57ea3284d98cba126dd8e5cd5901 (patch)
tree	943da585f064fd5e921317bf7c05c5df2c574a67
parent	30b2c1c064dc9f3a9cf3c974e18e6f5c5c0c964e (diff)
download	meta-openembedded-b3acca0eb15e57ea3284d98cba126dd8e5cd5901.tar.gz

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch new file mode 100644 index 000000000..773291682 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
@@ -0,0 +1,122 @@
		1	From 265cbf15a418b629c3c8f02c0ba901913b1c8fd2 Mon Sep 17 00:00:00 2001
		2	From: Gerald Combs <gerald@wireshark.org>
		3	Date: Thu, 18 May 2023 13:52:48 -0700
		4	Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
		5
		6	Use the proper dest_size in various g_strlcpy calls.
		7
		8	Fixes #19085
		9
		10	(cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7)
		11
		12	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2]
		13	CVE: CVE-2023-0666
		14	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		15	---
		16	epan/dissectors/packet-rtps.c \| 22 +++++++++++-----------
		17	1 file changed, 11 insertions(+), 11 deletions(-)
		18
		19	diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
		20	index 5c2d1c1..ef592d7 100644
		21	--- a/epan/dissectors/packet-rtps.c
		22	+++ b/epan/dissectors/packet-rtps.c
		23	@@ -3025,7 +3025,7 @@ static gint rtps_util_add_typecode(proto_tree tree, tvbuff_t tvb, gint offset,
		24	++tk_id;
		25	}
		26
		27	- g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
		28	+ g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
		29
		30	/* Structure of the typecode data:
		31	*
		32	@@ -3196,7 +3196,7 @@ static gint rtps_util_add_typecode(proto_tree tree, tvbuff_t tvb, gint offset,
		33	member_name, -1, NULL, ndds_40_hack);
		34	}
		35	/* Finally prints the name of the struct (if provided) */
		36	- g_strlcpy(type_name, "}", 40);
		37	+ g_strlcpy(type_name, "}", sizeof(type_name));
		38	break;
		39
		40	} /* end of case UNION */
		41	@@ -3367,7 +3367,7 @@ static gint rtps_util_add_typecode(proto_tree tree, tvbuff_t tvb, gint offset,
		42	}
		43	}
		44	/* Finally prints the name of the struct (if provided) */
		45	- g_strlcpy(type_name, "}", 40);
		46	+ g_strlcpy(type_name, "}", sizeof(type_name));
		47	break;
		48	}
		49
		50	@@ -3459,7 +3459,7 @@ static gint rtps_util_add_typecode(proto_tree tree, tvbuff_t tvb, gint offset,
		51	offset += 4;
		52	alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
		53	offset += alias_name_length;
		54	- g_strlcpy(type_name, alias_name, 40);
		55	+ g_strlcpy(type_name, alias_name, sizeof(type_name));
		56	break;
		57	}
		58
		59	@@ -3494,7 +3494,7 @@ static gint rtps_util_add_typecode(proto_tree tree, tvbuff_t tvb, gint offset,
		60	if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
		61	type_id_name = "valueparam";
		62	}
		63	- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
		64	+ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
		65	break;
		66	}
		67	} /* switch(tk_id) */
		68	@@ -3673,7 +3673,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
		69	long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
		70	name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
		71	if (info)
		72	- g_strlcpy(info->member_name, name, long_number);
		73	+ g_strlcpy(info->member_name, name, sizeof(info->member_name));
		74
		75	proto_item_append_text(tree, " %s", name);
		76	offset += member_length;
		77	@@ -3848,13 +3848,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
		78	proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
		79	if (member_object) {
		80	member_object->member_id = member_id;
		81	- g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
		82	+ g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
		83	member_object->type_id = member_type_id;
		84	}
		85	if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
		86	mutable_member_mapping * mutable_mapping = NULL;
		87	mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
		88	- g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
		89	+ g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
		90	mutable_mapping->struct_type_id = info->type_id;
		91	mutable_mapping->member_type_id = member_type_id;
		92	mutable_mapping->member_id = member_id;
		93	@@ -3909,7 +3909,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
		94	union_member_mapping * mapping = NULL;
		95
		96	mapping = wmem_new(wmem_file_scope(), union_member_mapping);
		97	- g_strlcpy(mapping->member_name, object.member_name, 256);
		98	+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
		99	mapping->member_type_id = object.type_id;
		100	mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
		101	mapping->union_type_id = union_type_id + mapping->discriminator;
		102	@@ -3922,7 +3922,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
		103	union_member_mapping * mapping = NULL;
		104
		105	mapping = wmem_new(wmem_file_scope(), union_member_mapping);
		106	- g_strlcpy(mapping->member_name, object.member_name, 256);
		107	+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
		108	mapping->member_type_id = object.type_id;
		109	mapping->discriminator = -1;
		110	mapping->union_type_id = union_type_id + mapping->discriminator;
		111	@@ -3942,7 +3942,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
		112	ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
		113	offset_tmp += 4;
		114
		115	- g_strlcpy(mapping->member_name, object.member_name, 256);
		116	+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
		117	mapping->member_type_id = object.type_id;
		118	mapping->discriminator = discriminator_case;
		119	mapping->union_type_id = union_type_id + discriminator_case;
		120	--
		121	2.25.1
		122


diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch new file mode 100644 index 000000000..cd07395aa --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
@@ -0,0 +1,66 @@
		1	From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
		2	From: John Thacker <johnthacker@gmail.com>
		3	Date: Thu, 18 May 2023 18:06:36 -0400
		4	Subject: [PATCH] MS-MMS: Use format_text_string()
		5
		6	The length of a string transcoded from UTF-16 to UTF-8 can be
		7	shorter (or longer) than the original length in bytes in the packet.
		8	Use the new string length, not the original length.
		9
		10	Use format_text_string, which is a convenience function that
		11	calls strlen.
		12
		13	Fix #19086
		14
		15	(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)
		16
		17	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
		18	CVE: CVE-2023-0667
		19	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		20	---
		21	epan/dissectors/packet-ms-mms.c \| 8 ++++----
		22	1 file changed, 4 insertions(+), 4 deletions(-)
		23
		24	diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
		25	index f4dbcd0..092a64b 100644
		26	--- a/epan/dissectors/packet-ms-mms.c
		27	+++ b/epan/dissectors/packet-ms-mms.c
		28	@@ -740,7 +740,7 @@ static void dissect_client_transport_info(tvbuff_t tvb, packet_info pinfo, pro
		29	transport_info, "Transport: (%s)", transport_info);
		30
		31	col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
		32	- format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
		33	+ format_text_string(pinfo->pool, (const guchar*)transport_info));
		34
		35
		36	/* Try to extract details from this string */
		37	@@ -837,7 +837,7 @@ static void dissect_server_info(tvbuff_t tvb, packet_info pinfo, proto_tree *t
		38	ENC_UTF_16\|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
		39
		40	col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
		41	- format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
		42	+ format_text_string(pinfo->pool, (const guchar*)server_version));
		43	}
		44	offset += (server_version_length*2);
		45
		46	@@ -891,7 +891,7 @@ static void dissect_client_player_info(tvbuff_t tvb, packet_info pinfo, proto_
		47	ENC_UTF_16\|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
		48
		49	col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
		50	- format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
		51	+ format_text_string(pinfo->pool, (const guchar*)player_info));
		52	}
		53
		54	/* Dissect info about where client wants to start playing from */
		55	@@ -966,7 +966,7 @@ static void dissect_request_server_file(tvbuff_t tvb, packet_info pinfo, proto
		56	ENC_UTF_16\|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
		57
		58	col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
		59	- format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
		60	+ format_text_string(pinfo->pool, (const guchar*)server_file));
		61	}
		62
		63	/* Dissect media details from server */
		64	--
		65	2.25.1
		66


diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch new file mode 100644 index 000000000..000993933 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
@@ -0,0 +1,33 @@
		1	From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
		2	From: John Thacker <johnthacker@gmail.com>
		3	Date: Sat, 20 May 2023 23:08:08 -0400
		4	Subject: [PATCH] synphasor: Use val_to_str_const
		5
		6	Don't use a value from packet data to directly index a value_string,
		7	particularly when the value string doesn't cover all possible values.
		8
		9	Fix #19087
		10
		11	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9]
		12	CVE: CVE-2023-0668
		13	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		14	---
		15	epan/dissectors/packet-synphasor.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
		19	index 12b388b..fbde875 100644
		20	--- a/epan/dissectors/packet-synphasor.c
		21	+++ b/epan/dissectors/packet-synphasor.c
		22	@@ -1212,7 +1212,7 @@ static gint dissect_PHSCALE(tvbuff_t tvb, proto_tree tree, gint offset, gint c
		23
		24	data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
		25	ett_conf_phflags, NULL, "Phasor Data flags: %s",
		26	- conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
		27	+ val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
		28
		29	/* first and second bytes - phasor modification flags*/
		30	phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
		31	--
		32	2.25.1
		33


diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 96603710f..025559193 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -21,6 +21,9 @@ SRC_URI += " \
21	file://CVE-2023-2858.patch \	21	file://CVE-2023-2858.patch \
22	file://CVE-2023-2879.patch \	22	file://CVE-2023-2879.patch \
23	file://CVE-2023-2952.patch \	23	file://CVE-2023-2952.patch \
		24	file://CVE-2023-0666.patch \
		25	file://CVE-2023-0667.patch \
		26	file://CVE-2023-0668.patch \
24	"	27	"
25		28
26	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"	29	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"