packages/libpcap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!33 fix CVE-2023-7256, CVE-2024-8006

Browse Source 
From: @XWwalker 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12
This commit is contained in:
openeuler-ci-bot 2024-09-24 02:28:33 +00:00 committed by Gitee
commit 6ab78d519c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 812 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
backport-0001-CVE-2023-7256.patch Normal file
View File

@ -0,0 +1,103 @@
From f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Wed, 21 Jul 2021 23:50:32 -0700
Subject: [PATCH] rpcap: don't do pointless integer->string and then
string->integer conversions.
The string->integer conversion was also broken, as it passed a pointer
to a 16-bit integer to a sscanf() call that used %d rather than %hd.
It'd overwrite 2 bytes past the 16-bit integer; it may set the integer
"correctly" on a little-endian, but wouldn't even do *that* on a
big-endian machine.
(cherry picked from commit efaddfe8eae4dab252bb2d35e004a40e4b72db24)
Conflict:Replacing snprintf with pcap_snprintf
context adapt
Reference:https://github.com/the-tcpdump-group/libpcap/commit/f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6
---
pcap-rpcap.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/pcap-rpcap.c b/pcap-rpcap.c
index 705f06f..d9609c7 100644
--- a/pcap-rpcap.c
+++ b/pcap-rpcap.c
@@ -1014,7 +1014,7 @@ static int pcap_startcapture_remote(pcap_t *fp)
struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data to be sent is buffered */
int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
- char portdata[PCAP_BUF_SIZE]; /* temp variable needed to keep the network port for the data connection */
+ uint16 portdata = 0; /* temp variable needed to keep the network port for the data connection */
uint32 plen;
int active = 0; /* '1' if we're in active mode */
struct activehosts *temp; /* temp var needed to scan the host list chain, to detect if we're in active mode */
@@ -1027,6 +1027,8 @@ static int pcap_startcapture_remote(pcap_t *fp)
struct sockaddr_storage saddr; /* temp, needed to retrieve the network data port chosen on the local machine */
socklen_t saddrlen; /* temp, needed to retrieve the network data port chosen on the local machine */
int ai_family; /* temp, keeps the address family used by the control connection */
+ struct sockaddr_in *sin4;
+ struct sockaddr_in6 *sin6;
/* RPCAP-related variables*/
struct rpcap_header header; /* header of the RPCAP packet */
@@ -1121,11 +1123,22 @@ static int pcap_startcapture_remote(pcap_t *fp)
goto error_nodiscard;
}
- /* Get the local port the system picked up */
- if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
- 0, portdata, sizeof(portdata), NI_NUMERICSERV))
- {
- sock_geterror("getnameinfo()", fp->errbuf, PCAP_ERRBUF_SIZE);
+ switch (saddr.ss_family) {
+
+ case AF_INET:
+ sin4 = (struct sockaddr_in *)&saddr;
+ portdata = sin4->sin_port;
+ break;
+
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6 *)&saddr;
+ portdata = sin6->sin6_port;
+ break;
+
+ default:
+ pcap_snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
+ "Local address has unknown address family %u",
+ saddr.ss_family);
goto error_nodiscard;
}
}
@@ -1158,8 +1171,7 @@ static int pcap_startcapture_remote(pcap_t *fp)
/* portdata on the openreq is meaningful only if we're in active mode */
if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
{
- sscanf(portdata, "%d", (int *)&(startcapreq->portdata)); /* cast to avoid a compiler warning */
- startcapreq->portdata = htons(startcapreq->portdata);
+ startcapreq->portdata = portdata;
}
startcapreq->snaplen = htonl(fp->snapshot);
@@ -1208,13 +1220,15 @@ static int pcap_startcapture_remote(pcap_t *fp)
{
if (!active)
{
+ char portstring[PCAP_BUF_SIZE];
+
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = ai_family; /* Use the same address family of the control socket */
hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
- pcap_snprintf(portdata, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
+ pcap_snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
/* Let's the server pick up a free network port for us */
- if (sock_initaddress(host, portdata, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
+ if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
--
2.33.0

47
backport-0002-CVE-2023-7256.patch Normal file
View File

@ -0,0 +1,47 @@
From a47f0cbb3d76db07b1c88ec70fd9ef1cec8c3c72 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Sat, 10 Apr 2021 19:20:49 -0700
Subject: [PATCH] Use sock_initaddress() to look up rpcap server addresses.
It does additional checking, and returns better error messages.
(cherry picked from commit b8b358a098500d68b790f7a303388d939621e256)
Conflict:Replacing snprintf with pcap_snprintf
Reference:https://github.com/the-tcpdump-group/libpcap/commit/a47f0cbb3d76db07b1c88ec70fd9ef1cec8c3c72
---
pcap-rpcap.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/pcap-rpcap.c b/pcap-rpcap.c
index a2612e9924..0c6c558960 100644
--- a/pcap-rpcap.c
+++ b/pcap-rpcap.c
@@ -1003,11 +1003,10 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
- retval = getaddrinfo(host, "0", &hints, &addrinfo);
+ retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf,
+ PCAP_ERRBUF_SIZE);
if (retval != 0)
{
- pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s",
- gai_strerror(retval));
*error = 1;
return NULL;
}
@@ -2992,10 +2991,10 @@ int pcap_remoteact_close(const char *host, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
- retval = getaddrinfo(host, "0", &hints, &addrinfo);
+ retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf,
+ PCAP_ERRBUF_SIZE);
if (retval != 0)
{
- pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s", gai_strerror(retval));
return -1;
}

134
backport-0003-CVE-2023-7256.patch Normal file
View File

@ -0,0 +1,134 @@
From ba493d37d418b126d7357df553bd065cbc99384e Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Sun, 31 Jul 2022 11:30:43 -0700
Subject: [PATCH] rpcap: improve error messages for host and port resolution
errors.
If we don't want a particular port nuber in a sock_initaddress() call,
pass NULL rather than "0". If the service name parameter passsed to
sock_initaddress() is NULL, pass "0" as the service name parameter to
getaddrinfo().
Have get_gai_errstring() precede the host/port name information with an
indication as to whethe it's a host name, port name, or host name and
port name. Don't say "host name" for EAI_NONAME; rely on the
description get_gai_errstring() provides. If there's only a port
number, don't preceded it with ":" in get_gai_errstring().
This makes the error message reported if a host and port are provided
not say that the host name couldn't be resolved, because it could be a
problem with the port name (sadly, getaddinfo() doesn't indicate which
is the one with the problem).
It also makes the error message reported if only a port is provided not
say that it's a problem with the host name or show the "host name" as
":<port>".
(cherry picked from commit 33cf6fb70a13a982d70f6a5e5e63aa765073c8e8)
Conflict:Replacing snprintf with pcap_snprintf
context adapt
Reference:https://github.com/the-tcpdump-group/libpcap/commit/ba493d37d418b126d7357df553bd065cbc99384e
---
pcap-rpcap.c | 6 +++---
rpcapd/daemon.c | 4 ++--
sockutils.c | 19 ++++++++++++++-----
3 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/pcap-rpcap.c b/pcap-rpcap.c
index 3f1845e..7577e3d 100644
--- a/pcap-rpcap.c
+++ b/pcap-rpcap.c
@@ -957,7 +957,7 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
- retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf,
+ retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
PCAP_ERRBUF_SIZE);
if (retval != 0)
{
@@ -1103,7 +1103,7 @@ static int pcap_startcapture_remote(pcap_t *fp)
hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */
/* Let's the server pick up a free network port for us */
- if (sock_initaddress(NULL, "0", &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
+ if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error_nodiscard;
if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER,
@@ -2792,7 +2792,7 @@ int pcap_remoteact_close(const char *host, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
- retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf,
+ retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
PCAP_ERRBUF_SIZE);
if (retval != 0)
{
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 209dba2..e34b853 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1757,8 +1757,8 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
{
hints.ai_flags = AI_PASSIVE;
- // Let's the server socket pick up a free network port for us
- if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+ // Make the server socket pick up a free network port for us
+ if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
diff --git a/sockutils.c b/sockutils.c
index d3e9464..ffd2b02 100644
--- a/sockutils.c
+++ b/sockutils.c
@@ -527,13 +527,13 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
char hostport[PCAP_ERRBUF_SIZE];
if (hostname != NULL && portname != NULL)
- pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, "%s:%s",
+ pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, "host and port %s:%s",
hostname, portname);
else if (hostname != NULL)
- pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, "%s",
+ pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, "host %s",
hostname);
else if (portname != NULL)
- pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, ":%s",
+ pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, "port %s",
portname);
else
pcap_snprintf(hostport, PCAP_ERRBUF_SIZE, "<no host or port!>");
@@ -597,7 +597,7 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
case EAI_NONAME:
pcap_snprintf(errbuf, errbuflen,
- "%sThe host name %s couldn't be resolved",
+ "%sThe %s couldn't be resolved",
prefix, hostport);
break;
@@ -699,7 +699,16 @@ int sock_initaddress(const char *host, const char *port,
{
int retval;
- retval = getaddrinfo(host, port, hints, addrinfo);
+ /*
+ * We allow both the host and port to be null, but getaddrinfo()
+ * is not guaranteed to do so; to handle that, if port is null,
+ * we provide "0" as the port number.
+ *
+ * This results in better error messages from get_gai_errstring(),
+ * as those messages won't talk about a problem with the port if
+ * no port was specified.
+ */
+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
if (retval != 0)
{
if (errbuf)
--
2.33.0

67
backport-0004-CVE-2023-7256.patch Normal file
View File

@ -0,0 +1,67 @@
From c1ceab8f191031a81996035af20685e6f9b7f1b7 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Sun, 31 Jul 2022 11:54:22 -0700
Subject: [PATCH] rpcap: try to distringuish between host and port errors.
getaddrinfo() won't do it for us, so do it ourselves.
(cherry picked from commit a83992a1bec91661b2f0e1a6fc910343793a97f1)
Conflict:NA
Reference:https://github.com/the-tcpdump-group/libpcap/commit/c1ceab8f191031a81996035af20685e6f9b7f1b7
---
sockutils.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/sockutils.c b/sockutils.c
index ca5b683720..84024ac67d 100644
--- a/sockutils.c
+++ b/sockutils.c
@@ -734,8 +734,44 @@ int sock_initaddress(const char *host, const char *port,
{
if (errbuf)
{
- get_gai_errstring(errbuf, errbuflen, "", retval,
- host, port);
+ if (host != NULL && port != NULL) {
+ /*
+ * Try with just a host, to distinguish
+ * between "host is bad" and "port is
+ * bad".
+ */
+ int try_retval;
+
+ try_retval = getaddrinfo(host, NULL, hints,
+ addrinfo);
+ if (try_retval == 0) {
+ /*
+ * Worked with just the host,
+ * so assume the problem is
+ * with the port.
+ *
+ * Free up the addres info first.
+ */
+ freeaddrinfo(*addrinfo);
+ get_gai_errstring(errbuf, errbuflen,
+ "", retval, NULL, port);
+ } else {
+ /*
+ * Didn't work with just the host,
+ * so assume the problem is
+ * with the host.
+ */
+ get_gai_errstring(errbuf, errbuflen,
+ "", retval, host, NULL);
+ }
+ } else {
+ /*
+ * Either the host or port was null, so
+ * there's nothing to determine.
+ */
+ get_gai_errstring(errbuf, errbuflen, "",
+ retval, host, port);
+ }
}
return -1;
}

37
backport-0005-CVE-2023-7256.patch Normal file
View File

@ -0,0 +1,37 @@
From 73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Tue, 16 May 2023 12:37:11 -0400
Subject: [PATCH] Remove unused variable retval in sock_present2network
This quiets the compiler since it is not even returned anyway, and is a misleading variable name.
(cherry picked from commit c7b90298984c46d820d3cee79a96d24870b5f200)
Conflict:NA
Reference:https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f
---
sockutils.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sockutils.c b/sockutils.c
index 1c07f76fd1..6752f296af 100644
--- a/sockutils.c
+++ b/sockutils.c
@@ -2082,7 +2082,6 @@ int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *addres
*/
int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen)
{
- int retval;
struct addrinfo *addrinfo;
struct addrinfo hints;
@@ -2090,7 +2089,7 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,
hints.ai_family = addr_family;
- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1)
+ if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1)
return 0;
if (addrinfo->ai_family == PF_INET)

368
backport-0006-CVE-2023-7256.patch Normal file
View File

@ -0,0 +1,368 @@
From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Thu, 28 Sep 2023 00:37:57 -0700
Subject: [PATCH] Have sock_initaddress() return the list of addrinfo
structures or NULL.
Its return address is currently 0 for success and -1 for failure, with a
pointer to the first element of the list of struct addrinfos returned
through a pointer on success; change it to return that pointer on
success and NULL on failure.
That way, we don't have to worry about what happens to the pointer
pointeed to by the argument in question on failure; we know that we got
NULL back if no struct addrinfos were found because getaddrinfo()
failed. Thus, we know that we have something to free iff
sock_initaddress() returned a pointer to that something rather than
returning NULL.
This avoids a double-free in some cases.
This is apparently CVE-2023-40400.
(backported from commit 262e4f34979872d822ccedf9f318ed89c4d31c03)
Conflict:context adapt
Reference:https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d
---
pcap-rpcap.c | 48 ++++++++++++++++++++--------------------
rpcapd/daemon.c | 8 +++++--
rpcapd/rpcapd.c | 8 +++++--
sockutils.c | 58 ++++++++++++++++++++++++++++---------------------
sockutils.h | 5 ++---
5 files changed, 72 insertions(+), 55 deletions(-)
diff --git a/pcap-rpcap.c b/pcap-rpcap.c
index 7577e3d..3926528 100644
--- a/pcap-rpcap.c
+++ b/pcap-rpcap.c
@@ -949,7 +949,6 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
{
struct activehosts *temp; /* temp var needed to scan the host list chain */
struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
- int retval;
/* retrieve the network address corresponding to 'host' */
addrinfo = NULL;
@@ -957,9 +956,9 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
PCAP_ERRBUF_SIZE);
- if (retval != 0)
+ if (addrinfo == NULL)
{
*error = 1;
return NULL;
@@ -1103,7 +1102,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */
/* Let's the server pick up a free network port for us */
- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf,
+ PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
goto error_nodiscard;
if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER,
@@ -1227,7 +1228,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
pcap_snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
/* Let's the server pick up a free network port for us */
- if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(host, portstring, &hints,
+ fp->errbuf, PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
goto error;
if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
@@ -2125,16 +2128,16 @@ rpcap_setup_session(const char *source, struct pcap_rmtauth *auth,
if (port[0] == 0)
{
/* the user chose not to specify the port */
- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
- return -1;
+ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
+ &hints, errbuf, PCAP_ERRBUF_SIZE);
}
else
{
- if (sock_initaddress(host, port, &hints, &addrinfo,
- errbuf, PCAP_ERRBUF_SIZE) == -1)
- return -1;
+ addrinfo = sock_initaddress(host, port, &hints,
+ errbuf, PCAP_ERRBUF_SIZE);
}
+ if (addrinfo == NULL)
+ return -1;
if ((*sockctrlp = sock_open(addrinfo, SOCKOPEN_CLIENT, 0,
errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
@@ -2667,19 +2670,19 @@ SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *
/* Do the work */
if ((port == NULL) || (port[0] == 0))
{
- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
- {
- return (SOCKET)-2;
- }
+ addrinfo = sock_initaddress(address,
+ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf,
+ PCAP_ERRBUF_SIZE);
}
else
{
- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
- {
- return (SOCKET)-2;
- }
+ addrinfo = sock_initaddress(address, port, &hints, errbuf,
+ PCAP_ERRBUF_SIZE);
+ }
+ if (addrinfo == NULL)
+ {
+ return (SOCKET)-2;
}
-
if ((sockmain = sock_open(addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
{
@@ -2781,7 +2784,6 @@ int pcap_remoteact_close(const char *host, char *errbuf)
{
struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */
struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
- int retval;
temp = activeHosts;
prev = NULL;
@@ -2792,9 +2794,9 @@ int pcap_remoteact_close(const char *host, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
PCAP_ERRBUF_SIZE);
- if (retval != 0)
+ if (addrinfo == NULL)
{
return -1;
}
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index e34b853..503499c 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1747,7 +1747,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
goto error;
}
- if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(peerhost, portdata, &hints,
+ errmsgbuf, PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
goto error;
if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
@@ -1758,7 +1760,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
hints.ai_flags = AI_PASSIVE;
// Make the server socket pick up a free network port for us
- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf,
+ PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
goto error;
if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
diff --git a/rpcapd/rpcapd.c b/rpcapd/rpcapd.c
index 430acdc..3062eb2 100644
--- a/rpcapd/rpcapd.c
+++ b/rpcapd/rpcapd.c
@@ -549,7 +549,9 @@ void main_startup(void)
//
// Get a list of sockets on which to listen.
//
- if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress((address[0]) ? address : NULL,
+ port, &mainhints, errbuf, PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
{
rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
return;
@@ -1286,7 +1288,9 @@ main_active(void *ptr)
memset(errbuf, 0, sizeof(errbuf));
// Do the work
- if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(activepars->address, activepars->port,
+ &hints, errbuf, PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
{
rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
return 0;
diff --git a/sockutils.c b/sockutils.c
index 7ffade3..14a7f13 100644
--- a/sockutils.c
+++ b/sockutils.c
@@ -683,20 +683,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
* \param errbuflen: length of the buffer that will contains the error. The error message cannot be
* larger than 'errbuflen - 1' because the last char is reserved for the string terminator.
*
- * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned
- * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is
- * returned into the addrinfo parameter.
+ * \return a pointer to the first element in a list of addrinfo structures
+ * if everything is fine, NULL if some errors occurred. The error message
+ * is returned in the 'errbuf' variable.
*
- * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when
- * it is no longer needed.
+ * \warning The list of addrinfo structures returned has to be deleted by
+ * the programmer by calling freeaddrinfo() when it is no longer needed.
*
* \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same
* of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest
* the programmer to look at that function in order to set the 'hints' variable appropriately.
*/
-int sock_initaddress(const char *host, const char *port,
- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen)
+struct addrinfo *sock_initaddress(const char *host, const char *port,
+ struct addrinfo *hints, char *errbuf, int errbuflen)
{
+ struct addrinfo *addrinfo;
int retval;
/*
@@ -708,9 +709,13 @@ int sock_initaddress(const char *host, const char *port,
* as those messages won't talk about a problem with the port if
* no port was specified.
*/
- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo);
if (retval != 0)
{
+ /*
+ * That call failed.
+ * Determine whether the problem is that the host is bad.
+ */
if (errbuf)
{
if (host != NULL && port != NULL) {
@@ -722,7 +727,7 @@ int sock_initaddress(const char *host, const char *port,
int try_retval;
try_retval = getaddrinfo(host, NULL, hints,
- addrinfo);
+ &addrinfo);
if (try_retval == 0) {
/*
* Worked with just the host,
@@ -731,14 +736,16 @@ int sock_initaddress(const char *host, const char *port,
*
* Free up the addres info first.
*/
- freeaddrinfo(*addrinfo);
+ freeaddrinfo(addrinfo);
get_gai_errstring(errbuf, errbuflen,
"", retval, NULL, port);
} else {
/*
* Didn't work with just the host,
* so assume the problem is
- * with the host.
+ * with the host; we assume
+ * the original error indicates
+ * the underlying problem.
*/
get_gai_errstring(errbuf, errbuflen,
"", retval, host, NULL);
@@ -746,13 +753,14 @@ int sock_initaddress(const char *host, const char *port,
} else {
/*
* Either the host or port was null, so
- * there's nothing to determine.
+ * there's nothing to determine; report
+ * the error from the original call.
*/
get_gai_errstring(errbuf, errbuflen, "",
retval, host, port);
}
}
- return -1;
+ return NULL;
}
/*
* \warning SOCKET: I should check all the accept() in order to bind to all addresses in case
@@ -767,30 +775,28 @@ int sock_initaddress(const char *host, const char *port,
* ignore all addresses that are neither? (What, no IPX
* support? :-))
*/
- if (((*addrinfo)->ai_family != PF_INET) &&
- ((*addrinfo)->ai_family != PF_INET6))
+ if ((addrinfo->ai_family != PF_INET) &&
+ (addrinfo->ai_family != PF_INET6))
{
if (errbuf)
pcap_snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported");
- freeaddrinfo(*addrinfo);
- *addrinfo = NULL;
- return -1;
+ freeaddrinfo(addrinfo);
+ return NULL;
}
/*
* You can't do multicast (or broadcast) TCP.
*/
- if (((*addrinfo)->ai_socktype == SOCK_STREAM) &&
- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0))
+ if ((addrinfo->ai_socktype == SOCK_STREAM) &&
+ (sock_ismcastaddr(addrinfo->ai_addr) == 0))
{
if (errbuf)
pcap_snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams");
- freeaddrinfo(*addrinfo);
- *addrinfo = NULL;
- return -1;
+ freeaddrinfo(addrinfo);
+ return NULL;
}
- return 0;
+ return addrinfo;
}
/*
@@ -1659,7 +1665,9 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,
hints.ai_family = addr_family;
- if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1)
+ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints,
+ errbuf, errbuflen);
+ if (addrinfo == NULL)
return 0;
if (addrinfo->ai_family == PF_INET)
diff --git a/sockutils.h b/sockutils.h
index 8a45b3d..f5b147b 100644
--- a/sockutils.h
+++ b/sockutils.h
@@ -125,9 +125,8 @@ int sock_init(char *errbuf, int errbuflen);
void sock_cleanup(void);
void sock_fmterror(const char *caller, int errcode, char *errbuf, int errbuflen);
void sock_geterror(const char *caller, char *errbuf, int errbufsize);
-int sock_initaddress(const char *address, const char *port,
- struct addrinfo *hints, struct addrinfo **addrinfo,
- char *errbuf, int errbuflen);
+struct addrinfo *sock_initaddress(const char *address, const char *port,
+ struct addrinfo *hints, char *errbuf, int errbuflen);
int sock_recv(SOCKET sock, void *buffer, size_t size, int receiveall,
char *errbuf, int errbuflen);
int sock_recv_dgram(SOCKET sock, void *buffer, size_t size,
--
2.33.0

42
backport-CVE-2024-8006.patch Normal file
View File

@ -0,0 +1,42 @@
From 8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Mon Sep 17 00:00:00 2001
From: Nicolas Badoux <n.badoux@hotmail.com>
Date: Mon, 19 Aug 2024 12:31:53 +0200
Subject: [PATCH] makes pcap_findalldevs_ex errors out if the directory does
not exist
(backported from commit 0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29)
Conflict:Remove unnecessary macros DIAG_OFF_FORMAT_TRUNCATION, DIAG_ON_FORMAT_TRUNCATION
Replacing snprintf with pcap_snprintf
context adapt
Reference:https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6
---
pcap-new.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pcap-new.c b/pcap-new.c
index 7c00659..ac88065 100644
--- a/pcap-new.c
+++ b/pcap-new.c
@@ -231,13 +231,18 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
#else
/* opening the folder */
unixdir= opendir(path);
+ if (unixdir == NULL) {
+ pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
+ "Error when listing files: does folder '%s' exist?", path);
+ return -1;
+ }
/* get the first file into it */
filedata= readdir(unixdir);
if (filedata == NULL)
{
- pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
+ pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path);
return -1;
}
#endif

15
libpcap.spec
View File

@ -1,7 +1,7 @@
Name: libpcap Name: libpcap
Epoch: 14 Epoch: 14
Version: 1.9.1 Version: 1.9.1
Release: 6 Release: 7
Summary: A system-independent interface for user-level packet capture Summary: A system-independent interface for user-level packet capture
License: BSD with advertising License: BSD with advertising
URL: http://www.tcpdump.org URL: http://www.tcpdump.org
@ -13,6 +13,13 @@ Patch2: fix-optimize-add-a-bunch-of-overflow-checks.patch
Patch3: 0611-With-MSVC-abort-if-_BitScanForward-returns-0.patch Patch3: 0611-With-MSVC-abort-if-_BitScanForward-returns-0.patch
Patch4: 0875-optimize-make-some-variables-unsigned.patch Patch4: 0875-optimize-make-some-variables-unsigned.patch
Patch5: 0876-optimize-fix-some-of-those-changes.patch Patch5: 0876-optimize-fix-some-of-those-changes.patch
Patch6: backport-0001-CVE-2023-7256.patch
Patch7: backport-0002-CVE-2023-7256.patch
Patch8: backport-0003-CVE-2023-7256.patch
Patch9: backport-0004-CVE-2023-7256.patch
Patch10: backport-0005-CVE-2023-7256.patch
Patch11: backport-0006-CVE-2023-7256.patch
Patch12: backport-CVE-2024-8006.patch
BuildRequires: bison bluez-libs-devel flex gcc git glibc-kernheaders >= 2.2.0 BuildRequires: bison bluez-libs-devel flex gcc git glibc-kernheaders >= 2.2.0
@ -63,6 +70,12 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
%{_mandir}/man* %{_mandir}/man*
%changelog %changelog
* Thu Sep 19 2024 xingwei14 <xingwei14@h-partners.com> - 14:1.9.1-7
- Type:CVE
- CVE:CVE-2023-7256 CVE-2024-8006
- SUG:NA
- DESC:fix CVE-2023-7256 and CVE-2024-8006
* Fri Aug 07 2020 lunankun <lunankun@huawei.com> - 14:1.9.1-6 * Fri Aug 07 2020 lunankun <lunankun@huawei.com> - 14:1.9.1-6
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA