summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVijay Anusuri <vanusuri@mvista.com>2024-09-14 17:00:13 +0530
committerSteve Sakoman <steve@sakoman.com>2024-09-27 05:57:34 -0700
commit037c58c6454d7f314fc69c1ad893a5a84b75d8c7 (patch)
tree406f27bca7bac7403f45c86e957ac9a1f0d838f3
parente938b18b5342bd28eadb44ad39dbf1f5cf5be09b (diff)
downloadpoky-037c58c6454d7f314fc69c1ad893a5a84b75d8c7.tar.gz
libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006
Reference: https://security-tracker.debian.org/tracker/CVE-2023-7256 https://security-tracker.debian.org/tracker/CVE-2024-8006 Upstream commits: https://github.com/the-tcpdump-group/libpcap/commit/ba493d37d418b126d7357df553bd065cbc99384e https://github.com/the-tcpdump-group/libpcap/commit/f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6 https://github.com/the-tcpdump-group/libpcap/commit/c1ceab8f191031a81996035af20685e6f9b7f1b7 https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 (From OE-Core rev: ea9d2a0189036c7c323685ad931392cb467ade7e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch99
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch131
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch67
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch37
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch368
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch42
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb10
7 files changed, 753 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
new file mode 100644
index 0000000000..6965034656
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
@@ -0,0 +1,99 @@
1From f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6 Mon Sep 17 00:00:00 2001
2From: Guy Harris <gharris@sonic.net>
3Date: Wed, 21 Jul 2021 23:50:32 -0700
4Subject: [PATCH] rpcap: don't do pointless integer->string and then
5 string->integer conversions.
6
7The string->integer conversion was also broken, as it passed a pointer
8to a 16-bit integer to a sscanf() call that used %d rather than %hd.
9It'd overwrite 2 bytes past the 16-bit integer; it may set the integer
10"correctly" on a little-endian, but wouldn't even do *that* on a
11big-endian machine.
12
13(cherry picked from commit efaddfe8eae4dab252bb2d35e004a40e4b72db24)
14
15Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6]
16CVE: CVE-2023-7256 #Dependency Patch1
17Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
18---
19 pcap-rpcap.c | 34 ++++++++++++++++++++++++----------
20 1 file changed, 24 insertions(+), 10 deletions(-)
21
22diff --git a/pcap-rpcap.c b/pcap-rpcap.c
23index 225b420904..f5c126dbc1 100644
24--- a/pcap-rpcap.c
25+++ b/pcap-rpcap.c
26@@ -1060,7 +1060,7 @@ static int pcap_startcapture_remote(pcap_t *fp)
27 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
28 char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data to be sent is buffered */
29 int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
30- char portdata[PCAP_BUF_SIZE]; /* temp variable needed to keep the network port for the data connection */
31+ uint16 portdata = 0; /* temp variable needed to keep the network port for the data connection */
32 uint32 plen;
33 int active = 0; /* '1' if we're in active mode */
34 struct activehosts *temp; /* temp var needed to scan the host list chain, to detect if we're in active mode */
35@@ -1073,6 +1073,8 @@ static int pcap_startcapture_remote(pcap_t *fp)
36 struct sockaddr_storage saddr; /* temp, needed to retrieve the network data port chosen on the local machine */
37 socklen_t saddrlen; /* temp, needed to retrieve the network data port chosen on the local machine */
38 int ai_family; /* temp, keeps the address family used by the control connection */
39+ struct sockaddr_in *sin4;
40+ struct sockaddr_in6 *sin6;
41
42 /* RPCAP-related variables*/
43 struct rpcap_header header; /* header of the RPCAP packet */
44@@ -1171,11 +1173,22 @@ static int pcap_startcapture_remote(pcap_t *fp)
45 goto error_nodiscard;
46 }
47
48- /* Get the local port the system picked up */
49- if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
50- 0, portdata, sizeof(portdata), NI_NUMERICSERV))
51- {
52- sock_geterror("getnameinfo()", fp->errbuf, PCAP_ERRBUF_SIZE);
53+ switch (saddr.ss_family) {
54+
55+ case AF_INET:
56+ sin4 = (struct sockaddr_in *)&saddr;
57+ portdata = sin4->sin_port;
58+ break;
59+
60+ case AF_INET6:
61+ sin6 = (struct sockaddr_in6 *)&saddr;
62+ portdata = sin6->sin6_port;
63+ break;
64+
65+ default:
66+ snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
67+ "Local address has unknown address family %u",
68+ saddr.ss_family);
69 goto error_nodiscard;
70 }
71 }
72@@ -1208,8 +1221,7 @@ static int pcap_startcapture_remote(pcap_t *fp)
73 /* portdata on the openreq is meaningful only if we're in active mode */
74 if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
75 {
76- sscanf(portdata, "%d", (int *)&(startcapreq->portdata)); /* cast to avoid a compiler warning */
77- startcapreq->portdata = htons(startcapreq->portdata);
78+ startcapreq->portdata = portdata;
79 }
80
81 startcapreq->snaplen = htonl(fp->snapshot);
82@@ -1258,13 +1270,15 @@ static int pcap_startcapture_remote(pcap_t *fp)
83 {
84 if (!active)
85 {
86+ char portstring[PCAP_BUF_SIZE];
87+
88 memset(&hints, 0, sizeof(struct addrinfo));
89 hints.ai_family = ai_family; /* Use the same address family of the control socket */
90 hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
91- snprintf(portdata, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
92+ snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
93
94 /* Let's the server pick up a free network port for us */
95- if (sock_initaddress(host, portdata, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
96+ if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
97 goto error;
98
99 if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch
new file mode 100644
index 0000000000..618480f10e
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch
@@ -0,0 +1,131 @@
1From ba493d37d418b126d7357df553bd065cbc99384e Mon Sep 17 00:00:00 2001
2From: Guy Harris <gharris@sonic.net>
3Date: Sun, 31 Jul 2022 11:30:43 -0700
4Subject: [PATCH] rpcap: improve error messages for host and port resolution
5 errors.
6
7If we don't want a particular port nuber in a sock_initaddress() call,
8pass NULL rather than "0". If the service name parameter passsed to
9sock_initaddress() is NULL, pass "0" as the service name parameter to
10getaddrinfo().
11
12Have get_gai_errstring() precede the host/port name information with an
13indication as to whethe it's a host name, port name, or host name and
14port name. Don't say "host name" for EAI_NONAME; rely on the
15description get_gai_errstring() provides. If there's only a port
16number, don't preceded it with ":" in get_gai_errstring().
17
18This makes the error message reported if a host and port are provided
19not say that the host name couldn't be resolved, because it could be a
20problem with the port name (sadly, getaddinfo() doesn't indicate which
21is the one with the problem).
22
23It also makes the error message reported if only a port is provided not
24say that it's a problem with the host name or show the "host name" as
25":<port>".
26
27(cherry picked from commit 33cf6fb70a13a982d70f6a5e5e63aa765073c8e8)
28
29Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/ba493d37d418b126d7357df553bd065cbc99384e]
30CVE: CVE-2023-7256 #Dependency Patch2
31Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
32---
33 pcap-rpcap.c | 6 +++---
34 rpcapd/daemon.c | 4 ++--
35 sockutils.c | 19 ++++++++++++++-----
36 3 files changed, 19 insertions(+), 10 deletions(-)
37
38diff --git a/pcap-rpcap.c b/pcap-rpcap.c
39index 889ade32f6..b68af65d52 100644
40--- a/pcap-rpcap.c
41+++ b/pcap-rpcap.c
42@@ -1020,7 +1020,7 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
43 hints.ai_family = PF_UNSPEC;
44 hints.ai_socktype = SOCK_STREAM;
45
46- retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf,
47+ retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
48 PCAP_ERRBUF_SIZE);
49 if (retval != 0)
50 {
51@@ -1172,7 +1172,7 @@ static int pcap_startcapture_remote(pcap_t *fp)
52 hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */
53
54 /* Let's the server pick up a free network port for us */
55- if (sock_initaddress(NULL, "0", &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
56+ if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
57 goto error_nodiscard;
58
59 if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER,
60@@ -3024,7 +3024,7 @@ int pcap_remoteact_close(const char *host, char *errbuf)
61 hints.ai_family = PF_UNSPEC;
62 hints.ai_socktype = SOCK_STREAM;
63
64- retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf,
65+ retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
66 PCAP_ERRBUF_SIZE);
67 if (retval != 0)
68 {
69diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
70index 362f4b9bb0..4b91a43242 100644
71--- a/rpcapd/daemon.c
72+++ b/rpcapd/daemon.c
73@@ -2085,8 +2085,8 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
74 {
75 hints.ai_flags = AI_PASSIVE;
76
77- // Let's the server socket pick up a free network port for us
78- if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
79+ // Make the server socket pick up a free network port for us
80+ if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
81 goto error;
82
83 if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
84diff --git a/sockutils.c b/sockutils.c
85index a34f0d1738..ca5b683720 100644
86--- a/sockutils.c
87+++ b/sockutils.c
88@@ -548,13 +548,13 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
89 char hostport[PCAP_ERRBUF_SIZE];
90
91 if (hostname != NULL && portname != NULL)
92- snprintf(hostport, PCAP_ERRBUF_SIZE, "%s:%s",
93+ snprintf(hostport, PCAP_ERRBUF_SIZE, "host and port %s:%s",
94 hostname, portname);
95 else if (hostname != NULL)
96- snprintf(hostport, PCAP_ERRBUF_SIZE, "%s",
97+ snprintf(hostport, PCAP_ERRBUF_SIZE, "host %s",
98 hostname);
99 else if (portname != NULL)
100- snprintf(hostport, PCAP_ERRBUF_SIZE, ":%s",
101+ snprintf(hostport, PCAP_ERRBUF_SIZE, "port %s",
102 portname);
103 else
104 snprintf(hostport, PCAP_ERRBUF_SIZE, "<no host or port!>");
105@@ -618,7 +618,7 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
106
107 case EAI_NONAME:
108 snprintf(errbuf, errbuflen,
109- "%sThe host name %s couldn't be resolved",
110+ "%sThe %s couldn't be resolved",
111 prefix, hostport);
112 break;
113
114@@ -720,7 +720,16 @@ int sock_initaddress(const char *host, const char *port,
115 {
116 int retval;
117
118- retval = getaddrinfo(host, port, hints, addrinfo);
119+ /*
120+ * We allow both the host and port to be null, but getaddrinfo()
121+ * is not guaranteed to do so; to handle that, if port is null,
122+ * we provide "0" as the port number.
123+ *
124+ * This results in better error messages from get_gai_errstring(),
125+ * as those messages won't talk about a problem with the port if
126+ * no port was specified.
127+ */
128+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
129 if (retval != 0)
130 {
131 if (errbuf)
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch
new file mode 100644
index 0000000000..12d42fb252
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch
@@ -0,0 +1,67 @@
1From c1ceab8f191031a81996035af20685e6f9b7f1b7 Mon Sep 17 00:00:00 2001
2From: Guy Harris <gharris@sonic.net>
3Date: Sun, 31 Jul 2022 11:54:22 -0700
4Subject: [PATCH] rpcap: try to distringuish between host and port errors.
5
6getaddrinfo() won't do it for us, so do it ourselves.
7
8(cherry picked from commit a83992a1bec91661b2f0e1a6fc910343793a97f1)
9
10Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/c1ceab8f191031a81996035af20685e6f9b7f1b7]
11CVE: CVE-2023-7256 #Dependency Patch3
12Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
13---
14 sockutils.c | 40 ++++++++++++++++++++++++++++++++++++++--
15 1 file changed, 38 insertions(+), 2 deletions(-)
16
17diff --git a/sockutils.c b/sockutils.c
18index ca5b683720..84024ac67d 100644
19--- a/sockutils.c
20+++ b/sockutils.c
21@@ -734,8 +734,44 @@ int sock_initaddress(const char *host, const char *port,
22 {
23 if (errbuf)
24 {
25- get_gai_errstring(errbuf, errbuflen, "", retval,
26- host, port);
27+ if (host != NULL && port != NULL) {
28+ /*
29+ * Try with just a host, to distinguish
30+ * between "host is bad" and "port is
31+ * bad".
32+ */
33+ int try_retval;
34+
35+ try_retval = getaddrinfo(host, NULL, hints,
36+ addrinfo);
37+ if (try_retval == 0) {
38+ /*
39+ * Worked with just the host,
40+ * so assume the problem is
41+ * with the port.
42+ *
43+ * Free up the addres info first.
44+ */
45+ freeaddrinfo(*addrinfo);
46+ get_gai_errstring(errbuf, errbuflen,
47+ "", retval, NULL, port);
48+ } else {
49+ /*
50+ * Didn't work with just the host,
51+ * so assume the problem is
52+ * with the host.
53+ */
54+ get_gai_errstring(errbuf, errbuflen,
55+ "", retval, host, NULL);
56+ }
57+ } else {
58+ /*
59+ * Either the host or port was null, so
60+ * there's nothing to determine.
61+ */
62+ get_gai_errstring(errbuf, errbuflen, "",
63+ retval, host, port);
64+ }
65 }
66 return -1;
67 }
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch
new file mode 100644
index 0000000000..dcf203f754
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch
@@ -0,0 +1,37 @@
1From 73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f Mon Sep 17 00:00:00 2001
2From: Rose <83477269+AtariDreams@users.noreply.github.com>
3Date: Tue, 16 May 2023 12:37:11 -0400
4Subject: [PATCH] Remove unused variable retval in sock_present2network
5
6This quiets the compiler since it is not even returned anyway, and is a misleading variable name.
7
8(cherry picked from commit c7b90298984c46d820d3cee79a96d24870b5f200)
9
10Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f]
11CVE: CVE-2023-7256 #Dependency Patch4
12Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
13---
14 sockutils.c | 3 +--
15 1 file changed, 1 insertion(+), 2 deletions(-)
16
17diff --git a/sockutils.c b/sockutils.c
18index 1c07f76fd1..6752f296af 100644
19--- a/sockutils.c
20+++ b/sockutils.c
21@@ -2082,7 +2082,6 @@ int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *addres
22 */
23 int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen)
24 {
25- int retval;
26 struct addrinfo *addrinfo;
27 struct addrinfo hints;
28
29@@ -2090,7 +2089,7 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,
30
31 hints.ai_family = addr_family;
32
33- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1)
34+ if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1)
35 return 0;
36
37 if (addrinfo->ai_family == PF_INET)
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
new file mode 100644
index 0000000000..2b6c6476a9
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
@@ -0,0 +1,368 @@
1From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001
2From: Guy Harris <gharris@sonic.net>
3Date: Thu, 28 Sep 2023 00:37:57 -0700
4Subject: [PATCH] Have sock_initaddress() return the list of addrinfo
5 structures or NULL.
6
7Its return address is currently 0 for success and -1 for failure, with a
8pointer to the first element of the list of struct addrinfos returned
9through a pointer on success; change it to return that pointer on
10success and NULL on failure.
11
12That way, we don't have to worry about what happens to the pointer
13pointeed to by the argument in question on failure; we know that we got
14NULL back if no struct addrinfos were found because getaddrinfo()
15failed. Thus, we know that we have something to free iff
16sock_initaddress() returned a pointer to that something rather than
17returning NULL.
18
19This avoids a double-free in some cases.
20
21This is apparently CVE-2023-40400.
22
23(backported from commit 262e4f34979872d822ccedf9f318ed89c4d31c03)
24
25Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d]
26CVE: CVE-2023-7256
27Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
28---
29 pcap-rpcap.c | 48 ++++++++++++++++++++--------------------
30 rpcapd/daemon.c | 8 +++++--
31 rpcapd/rpcapd.c | 8 +++++--
32 sockutils.c | 58 ++++++++++++++++++++++++++++---------------------
33 sockutils.h | 5 ++---
34 5 files changed, 72 insertions(+), 55 deletions(-)
35
36diff --git a/pcap-rpcap.c b/pcap-rpcap.c
37index 91f8557..733077b 100644
38--- a/pcap-rpcap.c
39+++ b/pcap-rpcap.c
40@@ -995,7 +995,6 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
41 {
42 struct activehosts *temp; /* temp var needed to scan the host list chain */
43 struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
44- int retval;
45
46 /* retrieve the network address corresponding to 'host' */
47 addrinfo = NULL;
48@@ -1003,9 +1002,9 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
49 hints.ai_family = PF_UNSPEC;
50 hints.ai_socktype = SOCK_STREAM;
51
52- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
53+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
54 PCAP_ERRBUF_SIZE);
55- if (retval != 0)
56+ if (addrinfo == NULL)
57 {
58 *error = 1;
59 return NULL;
60@@ -1153,7 +1152,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
61 hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */
62
63 /* Let's the server pick up a free network port for us */
64- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
65+ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf,
66+ PCAP_ERRBUF_SIZE);
67+ if (addrinfo == NULL)
68 goto error_nodiscard;
69
70 if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER,
71@@ -1277,7 +1278,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
72 snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
73
74 /* Let's the server pick up a free network port for us */
75- if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
76+ addrinfo = sock_initaddress(host, portstring, &hints,
77+ fp->errbuf, PCAP_ERRBUF_SIZE);
78+ if (addrinfo == NULL)
79 goto error;
80
81 if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
82@@ -2220,16 +2223,16 @@ rpcap_setup_session(const char *source, struct pcap_rmtauth *auth,
83 if (port[0] == 0)
84 {
85 /* the user chose not to specify the port */
86- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
87- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
88- return -1;
89+ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
90+ &hints, errbuf, PCAP_ERRBUF_SIZE);
91 }
92 else
93 {
94- if (sock_initaddress(host, port, &hints, &addrinfo,
95- errbuf, PCAP_ERRBUF_SIZE) == -1)
96- return -1;
97+ addrinfo = sock_initaddress(host, port, &hints,
98+ errbuf, PCAP_ERRBUF_SIZE);
99 }
100+ if (addrinfo == NULL)
101+ return -1;
102
103 if ((*sockctrlp = sock_open(addrinfo, SOCKOPEN_CLIENT, 0,
104 errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
105@@ -2825,19 +2828,19 @@ SOCKET pcap_remoteact_accept_ex(const char *address, const char *port, const cha
106 /* Do the work */
107 if ((port == NULL) || (port[0] == 0))
108 {
109- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
110- {
111- return (SOCKET)-2;
112- }
113+ addrinfo = sock_initaddress(address,
114+ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf,
115+ PCAP_ERRBUF_SIZE);
116 }
117 else
118 {
119- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
120- {
121- return (SOCKET)-2;
122- }
123+ addrinfo = sock_initaddress(address, port, &hints, errbuf,
124+ PCAP_ERRBUF_SIZE);
125+ }
126+ if (addrinfo == NULL)
127+ {
128+ return (SOCKET)-2;
129 }
130-
131
132 if ((sockmain = sock_open(addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
133 {
134@@ -2994,7 +2997,6 @@ int pcap_remoteact_close(const char *host, char *errbuf)
135 {
136 struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */
137 struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
138- int retval;
139
140 temp = activeHosts;
141 prev = NULL;
142@@ -3005,9 +3007,9 @@ int pcap_remoteact_close(const char *host, char *errbuf)
143 hints.ai_family = PF_UNSPEC;
144 hints.ai_socktype = SOCK_STREAM;
145
146- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
147+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
148 PCAP_ERRBUF_SIZE);
149- if (retval != 0)
150+ if (addrinfo == NULL)
151 {
152 return -1;
153 }
154diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
155index 8f50899..925d381 100644
156--- a/rpcapd/daemon.c
157+++ b/rpcapd/daemon.c
158@@ -2065,7 +2065,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
159 goto error;
160 }
161
162- if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
163+ addrinfo = sock_initaddress(peerhost, portdata, &hints,
164+ errmsgbuf, PCAP_ERRBUF_SIZE);
165+ if (addrinfo == NULL)
166 goto error;
167
168 if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
169@@ -2076,7 +2078,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
170 hints.ai_flags = AI_PASSIVE;
171
172 // Make the server socket pick up a free network port for us
173- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
174+ addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf,
175+ PCAP_ERRBUF_SIZE);
176+ if (addrinfo == NULL)
177 goto error;
178
179 if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
180diff --git a/rpcapd/rpcapd.c b/rpcapd/rpcapd.c
181index b91a401..74c138b 100644
182--- a/rpcapd/rpcapd.c
183+++ b/rpcapd/rpcapd.c
184@@ -610,7 +610,9 @@ void main_startup(void)
185 //
186 // Get a list of sockets on which to listen.
187 //
188- if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
189+ addrinfo = sock_initaddress((address[0]) ? address : NULL,
190+ port, &mainhints, errbuf, PCAP_ERRBUF_SIZE);
191+ if (addrinfo == NULL)
192 {
193 rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
194 return;
195@@ -1347,7 +1349,9 @@ main_active(void *ptr)
196 memset(errbuf, 0, sizeof(errbuf));
197
198 // Do the work
199- if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
200+ addrinfo = sock_initaddress(activepars->address, activepars->port,
201+ &hints, errbuf, PCAP_ERRBUF_SIZE);
202+ if (addrinfo == NULL)
203 {
204 rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
205 return 0;
206diff --git a/sockutils.c b/sockutils.c
207index 0b0bcee..4d02d96 100644
208--- a/sockutils.c
209+++ b/sockutils.c
210@@ -704,20 +704,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
211 * \param errbuflen: length of the buffer that will contains the error. The error message cannot be
212 * larger than 'errbuflen - 1' because the last char is reserved for the string terminator.
213 *
214- * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned
215- * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is
216- * returned into the addrinfo parameter.
217+ * \return a pointer to the first element in a list of addrinfo structures
218+ * if everything is fine, NULL if some errors occurred. The error message
219+ * is returned in the 'errbuf' variable.
220 *
221- * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when
222- * it is no longer needed.
223+ * \warning The list of addrinfo structures returned has to be deleted by
224+ * the programmer by calling freeaddrinfo() when it is no longer needed.
225 *
226 * \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same
227 * of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest
228 * the programmer to look at that function in order to set the 'hints' variable appropriately.
229 */
230-int sock_initaddress(const char *host, const char *port,
231- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen)
232+struct addrinfo *sock_initaddress(const char *host, const char *port,
233+ struct addrinfo *hints, char *errbuf, int errbuflen)
234 {
235+ struct addrinfo *addrinfo;
236 int retval;
237
238 /*
239@@ -729,9 +730,13 @@ int sock_initaddress(const char *host, const char *port,
240 * as those messages won't talk about a problem with the port if
241 * no port was specified.
242 */
243- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
244+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo);
245 if (retval != 0)
246 {
247+ /*
248+ * That call failed.
249+ * Determine whether the problem is that the host is bad.
250+ */
251 if (errbuf)
252 {
253 if (host != NULL && port != NULL) {
254@@ -743,7 +748,7 @@ int sock_initaddress(const char *host, const char *port,
255 int try_retval;
256
257 try_retval = getaddrinfo(host, NULL, hints,
258- addrinfo);
259+ &addrinfo);
260 if (try_retval == 0) {
261 /*
262 * Worked with just the host,
263@@ -752,14 +757,16 @@ int sock_initaddress(const char *host, const char *port,
264 *
265 * Free up the addres info first.
266 */
267- freeaddrinfo(*addrinfo);
268+ freeaddrinfo(addrinfo);
269 get_gai_errstring(errbuf, errbuflen,
270 "", retval, NULL, port);
271 } else {
272 /*
273 * Didn't work with just the host,
274 * so assume the problem is
275- * with the host.
276+ * with the host; we assume
277+ * the original error indicates
278+ * the underlying problem.
279 */
280 get_gai_errstring(errbuf, errbuflen,
281 "", retval, host, NULL);
282@@ -767,13 +774,14 @@ int sock_initaddress(const char *host, const char *port,
283 } else {
284 /*
285 * Either the host or port was null, so
286- * there's nothing to determine.
287+ * there's nothing to determine; report
288+ * the error from the original call.
289 */
290 get_gai_errstring(errbuf, errbuflen, "",
291 retval, host, port);
292 }
293 }
294- return -1;
295+ return NULL;
296 }
297 /*
298 * \warning SOCKET: I should check all the accept() in order to bind to all addresses in case
299@@ -788,30 +796,28 @@ int sock_initaddress(const char *host, const char *port,
300 * ignore all addresses that are neither? (What, no IPX
301 * support? :-))
302 */
303- if (((*addrinfo)->ai_family != PF_INET) &&
304- ((*addrinfo)->ai_family != PF_INET6))
305+ if ((addrinfo->ai_family != PF_INET) &&
306+ (addrinfo->ai_family != PF_INET6))
307 {
308 if (errbuf)
309 snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported");
310- freeaddrinfo(*addrinfo);
311- *addrinfo = NULL;
312- return -1;
313+ freeaddrinfo(addrinfo);
314+ return NULL;
315 }
316
317 /*
318 * You can't do multicast (or broadcast) TCP.
319 */
320- if (((*addrinfo)->ai_socktype == SOCK_STREAM) &&
321- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0))
322+ if ((addrinfo->ai_socktype == SOCK_STREAM) &&
323+ (sock_ismcastaddr(addrinfo->ai_addr) == 0))
324 {
325 if (errbuf)
326 snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams");
327- freeaddrinfo(*addrinfo);
328- *addrinfo = NULL;
329- return -1;
330+ freeaddrinfo(addrinfo);
331+ return NULL;
332 }
333
334- return 0;
335+ return addrinfo;
336 }
337
338 /*
339@@ -1720,7 +1726,9 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,
340
341 hints.ai_family = addr_family;
342
343- if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1)
344+ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints,
345+ errbuf, errbuflen);
346+ if (addrinfo == NULL)
347 return 0;
348
349 if (addrinfo->ai_family == PF_INET)
350diff --git a/sockutils.h b/sockutils.h
351index e748662..ede86a1 100644
352--- a/sockutils.h
353+++ b/sockutils.h
354@@ -129,9 +129,8 @@ int sock_init(char *errbuf, int errbuflen);
355 void sock_cleanup(void);
356 void sock_fmterror(const char *caller, int errcode, char *errbuf, int errbuflen);
357 void sock_geterror(const char *caller, char *errbuf, int errbufsize);
358-int sock_initaddress(const char *address, const char *port,
359- struct addrinfo *hints, struct addrinfo **addrinfo,
360- char *errbuf, int errbuflen);
361+struct addrinfo *sock_initaddress(const char *address, const char *port,
362+ struct addrinfo *hints, char *errbuf, int errbuflen);
363 int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall,
364 char *errbuf, int errbuflen);
365 int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size,
366--
3672.25.1
368
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
new file mode 100644
index 0000000000..987d6d51b3
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
@@ -0,0 +1,42 @@
1From 8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Mon Sep 17 00:00:00 2001
2From: Nicolas Badoux <n.badoux@hotmail.com>
3Date: Mon, 19 Aug 2024 12:31:53 +0200
4Subject: [PATCH] makes pcap_findalldevs_ex errors out if the directory does
5 not exist
6
7(backported from commit 0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29)
8
9Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6]
10CVE: CVE-2024-8006
11Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
12---
13 pcap-new.c | 7 ++++++-
14 1 file changed, 6 insertions(+), 1 deletion(-)
15
16diff --git a/pcap-new.c b/pcap-new.c
17index 7c00659..ac88065 100644
18--- a/pcap-new.c
19+++ b/pcap-new.c
20@@ -231,13 +231,18 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
21 #else
22 /* opening the folder */
23 unixdir= opendir(path);
24+ if (unixdir == NULL) {
25+ snprintf(errbuf, PCAP_ERRBUF_SIZE,
26+ "Error when listing files: does folder '%s' exist?", path);
27+ return -1;
28+ }
29
30 /* get the first file into it */
31 filedata= readdir(unixdir);
32
33 if (filedata == NULL)
34 {
35- snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
36+ snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path);
37 return -1;
38 }
39 #endif
40--
412.25.1
42
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
index dbe2fd8157..584e98c76d 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
@@ -10,7 +10,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
10 file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" 10 file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
11DEPENDS = "flex-native bison-native" 11DEPENDS = "flex-native bison-native"
12 12
13SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" 13SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
14 file://CVE-2023-7256-pre1.patch \
15 file://CVE-2023-7256-pre2.patch \
16 file://CVE-2023-7256-pre3.patch \
17 file://CVE-2023-7256-pre4.patch \
18 file://CVE-2023-7256.patch \
19 file://CVE-2024-8006.patch \
20 "
21
14SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" 22SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4"
15 23
16inherit autotools binconfig-disabled pkgconfig 24inherit autotools binconfig-disabled pkgconfig
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-21 18:11:15 +0000