diff options
| author | Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> | 2022-05-25 11:24:56 +0530 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2022-05-25 19:34:39 -0700 |
| commit | deee226017877d51188e0a46f9e6b93c10ffbb34 (patch) | |
| tree | 1f6db1aa3d7ea2af7167dcb7d9eb58af42252862 /meta-networking | |
| parent | 9f361cff9c73fdb532d3dde229633cc687424805 (diff) | |
| download | meta-openembedded-deee226017877d51188e0a46f9e6b93c10ffbb34.tar.gz | |
tcpdump: Add fix for CVE-2018-16301
Add patch for CVE issue: CVE-2018-16301
Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86
Upstream-Status: Pending
Issue: MGUBSYS-5370
Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch | 111 | ||||
| -rw-r--r-- | meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb | 1 |
2 files changed, 112 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch new file mode 100644 index 0000000000..5f5c68ccd6 --- /dev/null +++ b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch | |||
| @@ -0,0 +1,111 @@ | |||
| 1 | From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Guy Harris <gharris@sonic.net> | ||
| 3 | Date: Wed, 30 Sep 2020 11:37:30 -0700 | ||
| 4 | Subject: [PATCH] Handle very large -f files by rejecting them. | ||
| 5 | |||
| 6 | _read(), on Windows, has a 32-bit size argument and a 32-bit return | ||
| 7 | value, so reject -f files that have more than 2^31-1 characters. | ||
| 8 | |||
| 9 | Add some #defines so that, on Windows, we use _fstati64 to get the size | ||
| 10 | of that file, to handle large files. | ||
| 11 | |||
| 12 | Don't assume that our definition for ssize_t is the same size as size_t; | ||
| 13 | by the time we want to print the return value of the read, we know it'll | ||
| 14 | fit into an int, so just cast it to int and print it with %d. | ||
| 15 | |||
| 16 | (cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77) | ||
| 17 | |||
| 18 | CVE: CVE-2022-25308 | ||
| 19 | Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86] | ||
| 20 | |||
| 21 | Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> | ||
| 22 | |||
| 23 | --- | ||
| 24 | netdissect-stdinc.h | 16 +++++++++++++++- | ||
| 25 | tcpdump.c | 15 ++++++++++++--- | ||
| 26 | 2 files changed, 27 insertions(+), 4 deletions(-) | ||
| 27 | |||
| 28 | diff --git a/netdissect-stdinc.h b/netdissect-stdinc.h | ||
| 29 | index 8282c5846..9941c2a16 100644 | ||
| 30 | --- a/netdissect-stdinc.h | ||
| 31 | +++ b/netdissect-stdinc.h | ||
| 32 | @@ -149,10 +149,17 @@ | ||
| 33 | #ifdef _MSC_VER | ||
| 34 | #define stat _stat | ||
| 35 | #define open _open | ||
| 36 | -#define fstat _fstat | ||
| 37 | #define read _read | ||
| 38 | #define close _close | ||
| 39 | #define O_RDONLY _O_RDONLY | ||
| 40 | + | ||
| 41 | +/* | ||
| 42 | + * We define our_fstat64 as _fstati64, and define our_statb as | ||
| 43 | + * struct _stati64, so we get 64-bit file sizes. | ||
| 44 | + */ | ||
| 45 | +#define our_fstat _fstati64 | ||
| 46 | +#define our_statb struct _stati64 | ||
| 47 | + | ||
| 48 | #endif /* _MSC_VER */ | ||
| 49 | |||
| 50 | /* | ||
| 51 | @@ -211,6 +218,13 @@ typedef char* caddr_t; | ||
| 52 | |||
| 53 | #include <arpa/inet.h> | ||
| 54 | |||
| 55 | +/* | ||
| 56 | + * We should have large file support enabled, if it's available, | ||
| 57 | + * so just use fstat as our_fstat and struct stat as our_statb. | ||
| 58 | + */ | ||
| 59 | +#define our_fstat fstat | ||
| 60 | +#define our_statb struct stat | ||
| 61 | + | ||
| 62 | #endif /* _WIN32 */ | ||
| 63 | |||
| 64 | #ifndef HAVE___ATTRIBUTE__ | ||
| 65 | diff --git a/tcpdump.c b/tcpdump.c | ||
| 66 | index 043bda1d7..8f27ba2a4 100644 | ||
| 67 | --- a/tcpdump.c | ||
| 68 | +++ b/tcpdump.c | ||
| 69 | @@ -108,6 +108,7 @@ The Regents of the University of California. All rights reserved.\n"; | ||
| 70 | #endif /* HAVE_CAP_NG_H */ | ||
| 71 | #endif /* HAVE_LIBCAP_NG */ | ||
| 72 | |||
| 73 | +#include "netdissect-stdinc.h" | ||
| 74 | #include "netdissect.h" | ||
| 75 | #include "interface.h" | ||
| 76 | #include "addrtoname.h" | ||
| 77 | @@ -861,15 +862,22 @@ read_infile(char *fname) | ||
| 78 | { | ||
| 79 | register int i, fd, cc; | ||
| 80 | register char *cp; | ||
| 81 | - struct stat buf; | ||
| 82 | + our_statb buf; | ||
| 83 | |||
| 84 | fd = open(fname, O_RDONLY|O_BINARY); | ||
| 85 | if (fd < 0) | ||
| 86 | error("can't open %s: %s", fname, pcap_strerror(errno)); | ||
| 87 | |||
| 88 | - if (fstat(fd, &buf) < 0) | ||
| 89 | + if (our_fstat(fd, &buf) < 0) | ||
| 90 | error("can't stat %s: %s", fname, pcap_strerror(errno)); | ||
| 91 | |||
| 92 | + /* | ||
| 93 | + * Reject files whose size doesn't fit into an int; a filter | ||
| 94 | + * *that* large will probably be too big. | ||
| 95 | + */ | ||
| 96 | + if (buf.st_size > INT_MAX) | ||
| 97 | + error("%s is too large", fname); | ||
| 98 | + | ||
| 99 | cp = malloc((u_int)buf.st_size + 1); | ||
| 100 | if (cp == NULL) | ||
| 101 | error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1, | ||
| 102 | @@ -878,7 +886,8 @@ read_infile(char *fname) | ||
| 103 | if (cc < 0) | ||
| 104 | error("read %s: %s", fname, pcap_strerror(errno)); | ||
| 105 | if (cc != buf.st_size) | ||
| 106 | - error("short read %s (%d != %d)", fname, cc, (int)buf.st_size); | ||
| 107 | + error("short read %s (%d != %d)", fname, (int) cc, | ||
| 108 | + (int)buf.st_size); | ||
| 109 | |||
| 110 | close(fd); | ||
| 111 | /* replace "# comment" with spaces */ | ||
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb index 2ea493863a..66bf217751 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb | |||
| @@ -18,6 +18,7 @@ SRC_URI = " \ | |||
| 18 | file://add-ptest.patch \ | 18 | file://add-ptest.patch \ |
| 19 | file://run-ptest \ | 19 | file://run-ptest \ |
| 20 | file://0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch \ | 20 | file://0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch \ |
| 21 | file://CVE-2018-16301.patch \ | ||
| 21 | " | 22 | " |
| 22 | 23 | ||
| 23 | SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" | 24 | SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" |
