tcpreplay: fix CVE-2023-43279

Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2025-09-03 15:31:48 +0530
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-09-06 16:27:59 +0200
commit: f8c52b138bb2ba79b8aae7a60898373009213047 (patch)
tree: 579b14cb0481bbc5379e90f0c08ce81fc2437577 /meta-networking
parent: a2c4c10aed8439eddddc8241dc1c669a39e3ced8 (diff)
download: meta-openembedded-f8c52b138bb2ba79b8aae7a60898373009213047.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch
new file mode 100644
index 0000000000..d26700efde
--- /dev/null
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch
@@ -0,0 +1,36 @@
+From 3164a75f2660a5c3537feff9fd8751346cf5ca57 Mon Sep 17 00:00:00 2001
+From: Gabriel Ganne <gabriel.ganne@gmail.com>
+Date: Sun, 21 Jan 2024 09:16:38 +0100
+Subject: [PATCH] add check for empty cidr
+This causes tcprewrite to exit with an error instead of crashing.
+Fixes: #824
+Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/a0b6d847f468217b8fd675f788e6eca74a21a90c]
+CVE: CVE-2023-43279
+Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/common/cidr.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/src/common/cidr.c b/src/common/cidr.c
+index 687fd04..9afbfec 100644
+--- a/src/common/cidr.c
+++ b/src/common/cidr.c
+@@ -249,6 +249,10 @@ parse_cidr(tcpr_cidr_t **cidrdata, char *cidrin, char *delim)
+     char *network;
+     char *token = NULL;
+    if (cidrin == NULL) {
+        errx(-1, "%s", "Unable to parse empty CIDR");
+    }
+
+     mask_cidr6(&cidrin, delim);
+     /* first iteration of input using strtok */
+--
+2.25.1
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
index 09831d8c80..064a60fccc 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcprepl
           file://CVE-2023-4256.patch \
           file://CVE-2024-22654-0001.patch \
           file://CVE-2024-22654-0002.patch \
+           file://CVE-2023-43279.patch \
           file://0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch \
 "
author	Archana Polampalli <archana.polampalli@windriver.com>	2025-09-03 15:31:48 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-06 16:27:59 +0200
commit	f8c52b138bb2ba79b8aae7a60898373009213047 (patch)
tree	579b14cb0481bbc5379e90f0c08ce81fc2437577 /meta-networking
parent	a2c4c10aed8439eddddc8241dc1c669a39e3ced8 (diff)
download	meta-openembedded-f8c52b138bb2ba79b8aae7a60898373009213047.tar.gz

diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch new file mode 100644 index 0000000000..d26700efde --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch
@@ -0,0 +1,36 @@
		1	From 3164a75f2660a5c3537feff9fd8751346cf5ca57 Mon Sep 17 00:00:00 2001
		2	From: Gabriel Ganne <gabriel.ganne@gmail.com>
		3	Date: Sun, 21 Jan 2024 09:16:38 +0100
		4	Subject: [PATCH] add check for empty cidr
		5
		6	This causes tcprewrite to exit with an error instead of crashing.
		7
		8	Fixes: #824
		9
		10	Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/a0b6d847f468217b8fd675f788e6eca74a21a90c]
		11
		12	CVE: CVE-2023-43279
		13
		14	Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
		15	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		16	---
		17	src/common/cidr.c \| 4 ++++
		18	1 file changed, 4 insertions(+)
		19
		20	diff --git a/src/common/cidr.c b/src/common/cidr.c
		21	index 687fd04..9afbfec 100644
		22	--- a/src/common/cidr.c
		23	+++ b/src/common/cidr.c
		24	@@ -249,6 +249,10 @@ parse_cidr(tcpr_cidr_t *cidrdata, char cidrin, char *delim)
		25	char *network;
		26	char *token = NULL;
		27
		28	+ if (cidrin == NULL) {
		29	+ errx(-1, "%s", "Unable to parse empty CIDR");
		30	+ }
		31	+
		32	mask_cidr6(&cidrin, delim);
		33
		34	/* first iteration of input using strtok */
		35	--
		36	2.25.1


diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb index 09831d8c80..064a60fccc 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcprepl
11	file://CVE-2023-4256.patch \	11	file://CVE-2023-4256.patch \
12	file://CVE-2024-22654-0001.patch \	12	file://CVE-2024-22654-0001.patch \
13	file://CVE-2024-22654-0002.patch \	13	file://CVE-2024-22654-0002.patch \
		14	file://CVE-2023-43279.patch \
14	file://0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch \	15	file://0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch \
15	"	16	"
16		17