diff options
| -rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch | 52 | ||||
| -rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch new file mode 100644 index 0000000000..938b7cf772 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: John Thacker <johnthacker@gmail.com> | ||
| 3 | Date: Thu, 1 Dec 2022 20:46:15 -0500 | ||
| 4 | Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats | ||
| 5 | |||
| 6 | The ofp_stats struct length field includes the fixed 4 bytes. | ||
| 7 | If the length is smaller than that, report the length error | ||
| 8 | and break out. In particular, a value of zero can cause | ||
| 9 | infinite loops if this isn't done. | ||
| 10 | |||
| 11 | |||
| 12 | (cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db) | ||
| 13 | |||
| 14 | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f] | ||
| 15 | CVE: CVE-2022-4345 | ||
| 16 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
| 17 | --- | ||
| 18 | epan/dissectors/packet-openflow_v6.c | 8 +++++++- | ||
| 19 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
| 20 | |||
| 21 | diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c | ||
| 22 | index f3bd0ef..96a3233 100644 | ||
| 23 | --- a/epan/dissectors/packet-openflow_v6.c | ||
| 24 | +++ b/epan/dissectors/packet-openflow_v6.c | ||
| 25 | @@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, | ||
| 26 | static int | ||
| 27 | dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_) | ||
| 28 | { | ||
| 29 | + proto_item *ti; | ||
| 30 | guint32 stats_length; | ||
| 31 | int oxs_end; | ||
| 32 | guint32 padding; | ||
| 33 | |||
| 34 | proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA); | ||
| 35 | |||
| 36 | - proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); | ||
| 37 | + ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); | ||
| 38 | |||
| 39 | oxs_end = offset + stats_length; | ||
| 40 | offset+=4; | ||
| 41 | |||
| 42 | + if (stats_length < 4) { | ||
| 43 | + expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short); | ||
| 44 | + return offset; | ||
| 45 | + } | ||
| 46 | + | ||
| 47 | while (offset < oxs_end) { | ||
| 48 | offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset); | ||
| 49 | } | ||
| 50 | -- | ||
| 51 | 2.40.1 | ||
| 52 | |||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index b35c243284..7d99a1438b 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz | |||
| 20 | file://CVE-2023-2906.patch \ | 20 | file://CVE-2023-2906.patch \ |
| 21 | file://CVE-2023-3649.patch \ | 21 | file://CVE-2023-3649.patch \ |
| 22 | file://CVE-2022-0585-CVE-2023-2879.patch \ | 22 | file://CVE-2022-0585-CVE-2023-2879.patch \ |
| 23 | file://CVE-2022-4345.patch \ | ||
| 23 | " | 24 | " |
| 24 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" | 25 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" |
| 25 | 26 | ||