2 files changed, 43 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
new file mode 100644
index 0000000000..4c9f8d29c0
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
@@ -0,0 +1,42 @@
+From a8586fde3a6512466afb2a660538ef3fe712076b Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 23 Nov 2023 13:47:51 -0500
+Subject: [PATCH] gvcp: Don't try to add a NULL string to a column
+This was caught as an invalid argument by g_strlcpy before 4.2,
+but it was never a good idea.
+Fix #19496
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b]
+CVE: CVE-2024-0208
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-gvcp.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+diff --git a/epan/dissectors/packet-gvcp.c b/epan/dissectors/packet-gvcp.c
+index 6a17cff..eb849c0 100644
+--- a/epan/dissectors/packet-gvcp.c
+++ b/epan/dissectors/packet-gvcp.c
+@@ -2222,15 +2222,12 @@ static void dissect_readreg_ack(proto_tree *gvcp_telegram_tree, tvbuff_t *tvb, p
+                        if (addr_list_size > 0)
+                        {
+                                address_string = get_register_name_from_address(*((guint32*)wmem_array_index(gvcp_trans->addr_list, 0)), gvcp_info, &is_custom_register);
+                               col_append_str(pinfo->cinfo, COL_INFO, address_string);
+                        }
+ 
+                        if (num_registers)
+                        {
+-                               col_append_fstr(pinfo->cinfo, COL_INFO, "%s Value=0x%08X", address_string, tvb_get_ntohl(tvb, offset));
+-                       }
+-                       else
+-                       {
+-                               col_append_str(pinfo->cinfo, COL_INFO, address_string);
+                               col_append_sep_fstr(pinfo->cinfo, COL_INFO, " ", "Value=0x%08X", tvb_get_ntohl(tvb, offset));
+                        }
+                }
+        }
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index 365ec5e90a..f5e316d9dc 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -27,6 +27,7 @@ SRC_URI += " \
    file://CVE-2023-2906.patch \
    file://CVE-2023-1992.patch \
    file://CVE-2022-4345.patch \
+    file://CVE-2024-0208.patch \
 "
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch new file mode 100644 index 0000000000..4c9f8d29c0 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch
@@ -0,0 +1,42 @@
		1	From a8586fde3a6512466afb2a660538ef3fe712076b Mon Sep 17 00:00:00 2001
		2	From: John Thacker <johnthacker@gmail.com>
		3	Date: Thu, 23 Nov 2023 13:47:51 -0500
		4	Subject: [PATCH] gvcp: Don't try to add a NULL string to a column
		5
		6	This was caught as an invalid argument by g_strlcpy before 4.2,
		7	but it was never a good idea.
		8
		9	Fix #19496
		10
		11	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b]
		12	CVE: CVE-2024-0208
		13	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		14	---
		15	epan/dissectors/packet-gvcp.c \| 7 ++-----
		16	1 file changed, 2 insertions(+), 5 deletions(-)
		17
		18	diff --git a/epan/dissectors/packet-gvcp.c b/epan/dissectors/packet-gvcp.c
		19	index 6a17cff..eb849c0 100644
		20	--- a/epan/dissectors/packet-gvcp.c
		21	+++ b/epan/dissectors/packet-gvcp.c
		22	@@ -2222,15 +2222,12 @@ static void dissect_readreg_ack(proto_tree gvcp_telegram_tree, tvbuff_t tvb, p
		23	if (addr_list_size > 0)
		24	{
		25	address_string = get_register_name_from_address(((guint32)wmem_array_index(gvcp_trans->addr_list, 0)), gvcp_info, &is_custom_register);
		26	+ col_append_str(pinfo->cinfo, COL_INFO, address_string);
		27	}
		28
		29	if (num_registers)
		30	{
		31	- col_append_fstr(pinfo->cinfo, COL_INFO, "%s Value=0x%08X", address_string, tvb_get_ntohl(tvb, offset));
		32	- }
		33	- else
		34	- {
		35	- col_append_str(pinfo->cinfo, COL_INFO, address_string);
		36	+ col_append_sep_fstr(pinfo->cinfo, COL_INFO, " ", "Value=0x%08X", tvb_get_ntohl(tvb, offset));
		37	}
		38	}
		39	}
		40	--
		41	2.25.1
		42


diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 365ec5e90a..f5e316d9dc 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -27,6 +27,7 @@ SRC_URI += " \
27	file://CVE-2023-2906.patch \	27	file://CVE-2023-2906.patch \
28	file://CVE-2023-1992.patch \	28	file://CVE-2023-1992.patch \
29	file://CVE-2022-4345.patch \	29	file://CVE-2022-4345.patch \
		30	file://CVE-2024-0208.patch \
30	"	31	"
31		32
32	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"	33	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"