wireshark: Fix CVE-2023-0667 & CVE-2023-0668

Backport fixes for: * CVE-2023-0667 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/35418a73f7c9cefebe392b1ea0f012fccaf89801 && https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a * CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-06-27 17:53:33 +0530
committer: Armin Kuster <akuster808@gmail.com> 2023-07-14 07:08:54 -0400
commit: 205b72edaa8d3c52d75d43f42143c05e3c2763d4 (patch)
tree: d2b02a8c6c3a0e498b67363df9c07284bc848e3b
parent: 5f94e674795421b21fefc12f13c8152e7f6cf3d8 (diff)
download: meta-openembedded-205b72edaa8d3c52d75d43f42143c05e3c2763d4.tar.gz
4 files changed, 255 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667-pre1.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667-pre1.patch
new file mode 100644
index 0000000000..e6fc158c3a
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667-pre1.patch
@@ -0,0 +1,153 @@
+From 35418a73f7c9cefebe392b1ea0f012fccaf89801 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Wed, 19 Aug 2020 23:58:20 -0700
+Subject: [PATCH] Add format_text_string(), which gets the length with
+ strlen().
+format_text(alloc, string, strlen(string)) is a common idiom; provide
+format_text_string(), which does the strlen(string) for you.  (Any
+string used in a %s to set the text of a protocol tree item, if it was
+directly extracted from the packet, should be run through a format_text
+routine, to ensure that it's valid UTF-8 and that control characters are
+handled correctly.)
+Update comments while we're at it.
+Change-Id: Ia8549efa1c96510ffce97178ed4ff7be4b02eb6e
+Reviewed-on: https://code.wireshark.org/review/38202
+Petri-Dish: Guy Harris <gharris@sonic.net>
+Tested-by: Petri Dish Buildbot
+Reviewed-by: Guy Harris <gharris@sonic.net>
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/35418a73f7c9cefebe392b1ea0f012fccaf89801]
+Comment: to backport fix for CVE-2023-0667, add function format_text_string().
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/strutil.c | 33 ++++++++++++++++++++++++++++----
+ epan/strutil.h | 51 ++++++++++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 76 insertions(+), 8 deletions(-)
+diff --git a/epan/strutil.c b/epan/strutil.c
+index 347a173..bc3b19e 100644
+--- a/epan/strutil.c
+++ b/epan/strutil.c
+@@ -193,10 +193,11 @@ get_token_len(const guchar *linep, const guchar *lineend,
+ #define UNPOOP 0x1F4A9
+ 
+ /*
+- * Given a string, expected to be in UTF-8 but possibly containing
+- * invalid sequences (as it may have come from packet data), generate
+- * a valid UTF-8 string from it, allocated with the specified wmem
+- * allocator, that:
+ * Given a wmem scope, a not-necessarily-null-terminated string,
+ * expected to be in UTF-8 but possibly containing invalid sequences
+ * (as it may have come from packet data), and the length of the string,
+ * generate a valid UTF-8 string from it, allocated in the specified
+ * wmem scope, that:
+  *
+  *   shows printable Unicode characters as themselves;
+  *
+@@ -493,6 +494,30 @@ format_text(wmem_allocator_t* allocator, const guchar *string, size_t len)
+     return fmtbuf;
+ }
+ 
+/** Given a wmem scope and a null-terminated string, expected to be in
+ *  UTF-8 but possibly containing invalid sequences (as it may have come
+ *  from packet data), and the length of the string, generate a valid
+ *  UTF-8 string from it, allocated in the specified wmem scope, that:
+ *
+ *   shows printable Unicode characters as themselves;
+ *
+ *   shows non-printable ASCII characters as C-style escapes (octal
+ *   if not one of the standard ones such as LF -> '\n');
+ *
+ *   shows non-printable Unicode-but-not-ASCII characters as
+ *   their universal character names;
+ *
+ *   shows illegal UTF-8 sequences as a sequence of bytes represented
+ *   as C-style hex escapes;
+ *
+ *  and return a pointer to it.
+ */
+gchar *
+format_text_string(wmem_allocator_t* allocator, const guchar *string)
+{
+       return format_text(allocator, string, strlen(string));
+}
+
+ /*
+  * Given a string, generate a string from it that shows non-printable
+  * characters as C-style escapes except a whitespace character
+diff --git a/epan/strutil.h b/epan/strutil.h
+index 2046cb0..705beb5 100644
+--- a/epan/strutil.h
+++ b/epan/strutil.h
+@@ -46,18 +46,61 @@ WS_DLL_PUBLIC
+ int        get_token_len(const guchar *linep, const guchar *lineend,
+     const guchar **next_token);
+ 
+-/** Given a string, generate a string from it that shows non-printable
+- *  characters as C-style escapes, and return a pointer to it.
+/** Given a wmem scope, a not-necessarily-null-terminated string,
+ *  expected to be in UTF-8 but possibly containing invalid sequences
+ *  (as it may have come from packet data), and the length of the string,
+ *  generate a valid UTF-8 string from it, allocated in the specified
+ *  wmem scope, that:
+ *
+ *   shows printable Unicode characters as themselves;
+ *
+ *   shows non-printable ASCII characters as C-style escapes (octal
+ *   if not one of the standard ones such as LF -> '\n');
+ *
+ *   shows non-printable Unicode-but-not-ASCII characters as
+ *   their universal character names;
+ *
+ *   shows illegal UTF-8 sequences as a sequence of bytes represented
+ *   as C-style hex escapes;
+ *
+ *  and return a pointer to it.
+  *
+  * @param allocator The wmem scope
+- * @param line A pointer to the input string
+ * @param string A pointer to the input string
+  * @param len The length of the input string
+  * @return A pointer to the formatted string
+  *
+  * @see tvb_format_text()
+  */
+ WS_DLL_PUBLIC
+-gchar*     format_text(wmem_allocator_t* allocator, const guchar *line, size_t len);
+gchar*     format_text(wmem_allocator_t* allocator, const guchar *string, size_t len);
+
+/** Given a wmem scope and a null-terminated string, expected to be in
+ *  UTF-8 but possibly containing invalid sequences (as it may have come
+ *  from packet data), and the length of the string, generate a valid
+ *  UTF-8 string from it, allocated in the specified wmem scope, that:
+ *
+ *   shows printable Unicode characters as themselves;
+ *
+ *   shows non-printable ASCII characters as C-style escapes (octal
+ *   if not one of the standard ones such as LF -> '\n');
+ *
+ *   shows non-printable Unicode-but-not-ASCII characters as
+ *   their universal character names;
+ *
+ *   shows illegal UTF-8 sequences as a sequence of bytes represented
+ *   as C-style hex escapes;
+ *
+ *  and return a pointer to it.
+ *
+ * @param allocator The wmem scope
+ * @param string A pointer to the input string
+ * @return A pointer to the formatted string
+ *
+ * @see tvb_format_text()
+ */
+WS_DLL_PUBLIC
+gchar*     format_text_string(wmem_allocator_t* allocator, const guchar *string);
+ 
+ /**
+  * Given a string, generate a string from it that shows non-printable
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
new file mode 100644
index 0000000000..3fc5296073
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
@@ -0,0 +1,66 @@
+From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 18 May 2023 18:06:36 -0400
+Subject: [PATCH] MS-MMS: Use format_text_string()
+The length of a string transcoded from UTF-16 to UTF-8 can be
+shorter (or longer) than the original length in bytes in the packet.
+Use the new string length, not the original length.
+Use format_text_string, which is a convenience function that
+calls strlen.
+Fix #19086
+(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
+CVE: CVE-2023-0667
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-ms-mms.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
+index db1d2cc..3d5c7ee 100644
+--- a/epan/dissectors/packet-ms-mms.c
+++ b/epan/dissectors/packet-ms-mms.c
+@@ -739,7 +739,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro
+                                  transport_info, "Transport: (%s)", transport_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
+                    format_text_string(pinfo->pool, (const guchar*)transport_info));
+ 
+ 
+     /* Try to extract details from this string */
+@@ -836,7 +836,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
+                             ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
+ 
+         col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
+                    format_text_string(pinfo->pool, (const guchar*)server_version));
+     }
+     offset += (server_version_length*2);
+ 
+@@ -890,7 +890,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
+                    format_text_string(pinfo->pool, (const guchar*)player_info));
+ }
+ 
+ /* Dissect info about where client wants to start playing from */
+@@ -965,7 +965,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto
+                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
+ 
+     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
+-                    format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
+                    format_text_string(pinfo->pool, (const guchar*)server_file));
+ }
+ 
+ /* Dissect media details from server */
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
new file mode 100644
index 0000000000..42f8108301
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
@@ -0,0 +1,33 @@
+From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 20 May 2023 23:08:08 -0400
+Subject: [PATCH] synphasor: Use val_to_str_const
+Don't use a value from packet data to directly index a value_string,
+particularly when the value string doesn't cover all possible values.
+Fix #19087
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9]
+CVE: CVE-2023-0668
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-synphasor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
+index 2d2f4ad..47120f5 100644
+--- a/epan/dissectors/packet-synphasor.c
+++ b/epan/dissectors/packet-synphasor.c
+@@ -1130,7 +1130,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c
+ 
+                data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
+                                                               ett_conf_phflags, NULL, "Phasor Data flags: %s",
+-                                                              conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
+                                                              val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
+ 
+                /* first and second bytes - phasor modification flags*/
+                phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb
index f80f287ab4..361123d1c5 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb
@@ -14,6 +14,9 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
           file://CVE-2023-2856.patch \
           file://CVE-2023-2858.patch \
           file://CVE-2023-2952.patch \
+           file://CVE-2023-0667-pre1.patch \
+           file://CVE-2023-0667.patch \
+           file://CVE-2023-0668.patch \
           "
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-06-27 17:53:33 +0530
committer	Armin Kuster <akuster808@gmail.com>	2023-07-14 07:08:54 -0400
commit	205b72edaa8d3c52d75d43f42143c05e3c2763d4 (patch)
tree	d2b02a8c6c3a0e498b67363df9c07284bc848e3b
parent	5f94e674795421b21fefc12f13c8152e7f6cf3d8 (diff)
download	meta-openembedded-205b72edaa8d3c52d75d43f42143c05e3c2763d4.tar.gz

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667-pre1.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667-pre1.patch new file mode 100644 index 0000000000..e6fc158c3a --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667-pre1.patch
@@ -0,0 +1,153 @@
		1	From 35418a73f7c9cefebe392b1ea0f012fccaf89801 Mon Sep 17 00:00:00 2001
		2	From: Guy Harris <gharris@sonic.net>
		3	Date: Wed, 19 Aug 2020 23:58:20 -0700
		4	Subject: [PATCH] Add format_text_string(), which gets the length with
		5	strlen().
		6
		7	format_text(alloc, string, strlen(string)) is a common idiom; provide
		8	format_text_string(), which does the strlen(string) for you. (Any
		9	string used in a %s to set the text of a protocol tree item, if it was
		10	directly extracted from the packet, should be run through a format_text
		11	routine, to ensure that it's valid UTF-8 and that control characters are
		12	handled correctly.)
		13
		14	Update comments while we're at it.
		15
		16	Change-Id: Ia8549efa1c96510ffce97178ed4ff7be4b02eb6e
		17	Reviewed-on: https://code.wireshark.org/review/38202
		18	Petri-Dish: Guy Harris <gharris@sonic.net>
		19	Tested-by: Petri Dish Buildbot
		20	Reviewed-by: Guy Harris <gharris@sonic.net>
		21
		22	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/35418a73f7c9cefebe392b1ea0f012fccaf89801]
		23	Comment: to backport fix for CVE-2023-0667, add function format_text_string().
		24	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		25	---
		26	epan/strutil.c \| 33 ++++++++++++++++++++++++++++----
		27	epan/strutil.h \| 51 ++++++++++++++++++++++++++++++++++++++++++++++----
		28	2 files changed, 76 insertions(+), 8 deletions(-)
		29
		30	diff --git a/epan/strutil.c b/epan/strutil.c
		31	index 347a173..bc3b19e 100644
		32	--- a/epan/strutil.c
		33	+++ b/epan/strutil.c
		34	@@ -193,10 +193,11 @@ get_token_len(const guchar linep, const guchar lineend,
		35	#define UNPOOP 0x1F4A9
		36
		37	/*
		38	- * Given a string, expected to be in UTF-8 but possibly containing
		39	- * invalid sequences (as it may have come from packet data), generate
		40	- * a valid UTF-8 string from it, allocated with the specified wmem
		41	- * allocator, that:
		42	+ * Given a wmem scope, a not-necessarily-null-terminated string,
		43	+ * expected to be in UTF-8 but possibly containing invalid sequences
		44	+ * (as it may have come from packet data), and the length of the string,
		45	+ * generate a valid UTF-8 string from it, allocated in the specified
		46	+ * wmem scope, that:
		47	*
		48	* shows printable Unicode characters as themselves;
		49	*
		50	@@ -493,6 +494,30 @@ format_text(wmem_allocator_t* allocator, const guchar *string, size_t len)
		51	return fmtbuf;
		52	}
		53
		54	+/** Given a wmem scope and a null-terminated string, expected to be in
		55	+ * UTF-8 but possibly containing invalid sequences (as it may have come
		56	+ * from packet data), and the length of the string, generate a valid
		57	+ * UTF-8 string from it, allocated in the specified wmem scope, that:
		58	+ *
		59	+ * shows printable Unicode characters as themselves;
		60	+ *
		61	+ * shows non-printable ASCII characters as C-style escapes (octal
		62	+ * if not one of the standard ones such as LF -> '\n');
		63	+ *
		64	+ * shows non-printable Unicode-but-not-ASCII characters as
		65	+ * their universal character names;
		66	+ *
		67	+ * shows illegal UTF-8 sequences as a sequence of bytes represented
		68	+ * as C-style hex escapes;
		69	+ *
		70	+ * and return a pointer to it.
		71	+ */
		72	+gchar *
		73	+format_text_string(wmem_allocator_t* allocator, const guchar *string)
		74	+{
		75	+ return format_text(allocator, string, strlen(string));
		76	+}
		77	+
		78	/*
		79	* Given a string, generate a string from it that shows non-printable
		80	* characters as C-style escapes except a whitespace character
		81	diff --git a/epan/strutil.h b/epan/strutil.h
		82	index 2046cb0..705beb5 100644
		83	--- a/epan/strutil.h
		84	+++ b/epan/strutil.h
		85	@@ -46,18 +46,61 @@ WS_DLL_PUBLIC
		86	int get_token_len(const guchar linep, const guchar lineend,
		87	const guchar **next_token);
		88
		89	-/** Given a string, generate a string from it that shows non-printable
		90	- * characters as C-style escapes, and return a pointer to it.
		91	+/** Given a wmem scope, a not-necessarily-null-terminated string,
		92	+ * expected to be in UTF-8 but possibly containing invalid sequences
		93	+ * (as it may have come from packet data), and the length of the string,
		94	+ * generate a valid UTF-8 string from it, allocated in the specified
		95	+ * wmem scope, that:
		96	+ *
		97	+ * shows printable Unicode characters as themselves;
		98	+ *
		99	+ * shows non-printable ASCII characters as C-style escapes (octal
		100	+ * if not one of the standard ones such as LF -> '\n');
		101	+ *
		102	+ * shows non-printable Unicode-but-not-ASCII characters as
		103	+ * their universal character names;
		104	+ *
		105	+ * shows illegal UTF-8 sequences as a sequence of bytes represented
		106	+ * as C-style hex escapes;
		107	+ *
		108	+ * and return a pointer to it.
		109	*
		110	* @param allocator The wmem scope
		111	- * @param line A pointer to the input string
		112	+ * @param string A pointer to the input string
		113	* @param len The length of the input string
		114	* @return A pointer to the formatted string
		115	*
		116	* @see tvb_format_text()
		117	*/
		118	WS_DLL_PUBLIC
		119	-gchar* format_text(wmem_allocator_t* allocator, const guchar *line, size_t len);
		120	+gchar* format_text(wmem_allocator_t* allocator, const guchar *string, size_t len);
		121	+
		122	+/** Given a wmem scope and a null-terminated string, expected to be in
		123	+ * UTF-8 but possibly containing invalid sequences (as it may have come
		124	+ * from packet data), and the length of the string, generate a valid
		125	+ * UTF-8 string from it, allocated in the specified wmem scope, that:
		126	+ *
		127	+ * shows printable Unicode characters as themselves;
		128	+ *
		129	+ * shows non-printable ASCII characters as C-style escapes (octal
		130	+ * if not one of the standard ones such as LF -> '\n');
		131	+ *
		132	+ * shows non-printable Unicode-but-not-ASCII characters as
		133	+ * their universal character names;
		134	+ *
		135	+ * shows illegal UTF-8 sequences as a sequence of bytes represented
		136	+ * as C-style hex escapes;
		137	+ *
		138	+ * and return a pointer to it.
		139	+ *
		140	+ * @param allocator The wmem scope
		141	+ * @param string A pointer to the input string
		142	+ * @return A pointer to the formatted string
		143	+ *
		144	+ * @see tvb_format_text()
		145	+ */
		146	+WS_DLL_PUBLIC
		147	+gchar* format_text_string(wmem_allocator_t* allocator, const guchar *string);
		148
		149	/**
		150	* Given a string, generate a string from it that shows non-printable
		151	--
		152	2.25.1
		153


diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch new file mode 100644 index 0000000000..3fc5296073 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch
@@ -0,0 +1,66 @@
		1	From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
		2	From: John Thacker <johnthacker@gmail.com>
		3	Date: Thu, 18 May 2023 18:06:36 -0400
		4	Subject: [PATCH] MS-MMS: Use format_text_string()
		5
		6	The length of a string transcoded from UTF-16 to UTF-8 can be
		7	shorter (or longer) than the original length in bytes in the packet.
		8	Use the new string length, not the original length.
		9
		10	Use format_text_string, which is a convenience function that
		11	calls strlen.
		12
		13	Fix #19086
		14
		15	(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)
		16
		17	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
		18	CVE: CVE-2023-0667
		19	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		20	---
		21	epan/dissectors/packet-ms-mms.c \| 8 ++++----
		22	1 file changed, 4 insertions(+), 4 deletions(-)
		23
		24	diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
		25	index db1d2cc..3d5c7ee 100644
		26	--- a/epan/dissectors/packet-ms-mms.c
		27	+++ b/epan/dissectors/packet-ms-mms.c
		28	@@ -739,7 +739,7 @@ static void dissect_client_transport_info(tvbuff_t tvb, packet_info pinfo, pro
		29	transport_info, "Transport: (%s)", transport_info);
		30
		31	col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
		32	- format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
		33	+ format_text_string(pinfo->pool, (const guchar*)transport_info));
		34
		35
		36	/* Try to extract details from this string */
		37	@@ -836,7 +836,7 @@ static void dissect_server_info(tvbuff_t tvb, packet_info pinfo, proto_tree *t
		38	ENC_UTF_16\|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
		39
		40	col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
		41	- format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
		42	+ format_text_string(pinfo->pool, (const guchar*)server_version));
		43	}
		44	offset += (server_version_length*2);
		45
		46	@@ -890,7 +890,7 @@ static void dissect_client_player_info(tvbuff_t tvb, packet_info pinfo, proto_
		47	ENC_UTF_16\|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
		48
		49	col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
		50	- format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
		51	+ format_text_string(pinfo->pool, (const guchar*)player_info));
		52	}
		53
		54	/* Dissect info about where client wants to start playing from */
		55	@@ -965,7 +965,7 @@ static void dissect_request_server_file(tvbuff_t tvb, packet_info pinfo, proto
		56	ENC_UTF_16\|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
		57
		58	col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
		59	- format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
		60	+ format_text_string(pinfo->pool, (const guchar*)server_file));
		61	}
		62
		63	/* Dissect media details from server */
		64	--
		65	2.25.1
		66


diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch new file mode 100644 index 0000000000..42f8108301 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch
@@ -0,0 +1,33 @@
		1	From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
		2	From: John Thacker <johnthacker@gmail.com>
		3	Date: Sat, 20 May 2023 23:08:08 -0400
		4	Subject: [PATCH] synphasor: Use val_to_str_const
		5
		6	Don't use a value from packet data to directly index a value_string,
		7	particularly when the value string doesn't cover all possible values.
		8
		9	Fix #19087
		10
		11	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9]
		12	CVE: CVE-2023-0668
		13	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		14	---
		15	epan/dissectors/packet-synphasor.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
		19	index 2d2f4ad..47120f5 100644
		20	--- a/epan/dissectors/packet-synphasor.c
		21	+++ b/epan/dissectors/packet-synphasor.c
		22	@@ -1130,7 +1130,7 @@ static gint dissect_PHSCALE(tvbuff_t tvb, proto_tree tree, gint offset, gint c
		23
		24	data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
		25	ett_conf_phflags, NULL, "Phasor Data flags: %s",
		26	- conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
		27	+ val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
		28
		29	/* first and second bytes - phasor modification flags*/
		30	phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
		31	--
		32	2.25.1
		33


diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index f80f287ab4..361123d1c5 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb
@@ -14,6 +14,9 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
14	file://CVE-2023-2856.patch \	14	file://CVE-2023-2856.patch \
15	file://CVE-2023-2858.patch \	15	file://CVE-2023-2858.patch \
16	file://CVE-2023-2952.patch \	16	file://CVE-2023-2952.patch \
		17	file://CVE-2023-0667-pre1.patch \
		18	file://CVE-2023-0667.patch \
		19	file://CVE-2023-0668.patch \
17	"	20	"
18	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"	21	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
19		22