packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-2856

Browse Source 
(cherry picked from commit b2e40596d4d8b7c5bf86df74c00088a41cf805ee)
This commit is contained in:
starlet-dx 2023-05-31 10:30:57 +08:00 committed by openeuler-sync-bot
parent a41ba7e94c
commit 559e6a01ae
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
CVE-2023-2856.patch Normal file
View File

@ -0,0 +1,66 @@
From 1c264ced5701dd7ec22f425ee82c9e7abc45fe94 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Thu, 18 May 2023 15:03:23 -0700
Subject: [PATCH] vms: fix the search for the packet length field.
The packet length field is of the form
Total Length = DDD = ^xXXX
where "DDD" is the length in decimal and "XXX" is the length in
hexadecimal.
Search for "length ". not just "Length", as we skip past "Length ", not
just "Length", so if we assume we found "Length " but only found
"Length", we'd skip past the end of the string.
While we're at it, fail if we don't find a length field, rather than
just blithely acting as if the packet length were zero.
Fixes #19083.
(backported from commit db5135826de3a5fdb3618225c2ff02f4207012ca)
---
wiretap/vms.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/wiretap/vms.c b/wiretap/vms.c
index 600282e506c..7f82461570c 100644
--- a/wiretap/vms.c
+++ b/wiretap/vms.c
@@ -322,6 +322,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
{
char line[VMS_LINE_LENGTH + 1];
int num_items_scanned;
+ gboolean have_pkt_len = FALSE;
guint32 pkt_len = 0;
int pktnum;
int csec = 101;
@@ -378,7 +379,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
return FALSE;
}
}
- if ( (! pkt_len) && (p = strstr(line, "Length"))) {
+ if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
p += sizeof("Length ");
while (*p && ! g_ascii_isdigit(*p))
p++;
@@ -394,9 +395,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
*err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
return FALSE;
}
+ have_pkt_len = TRUE;
break;
}
} while (! isdumpline(line));
+ if (! have_pkt_len) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("vms: Length field not found");
+ return FALSE;
+ }
if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
--
GitLab

7
wireshark.spec
View File

@ -1,6 +1,6 @@
Name: wireshark Name: wireshark
Version: 2.6.2 Version: 2.6.2
Release: 21 Release: 22
Epoch: 1 Epoch: 1
Summary: Network traffic analyzer Summary: Network traffic analyzer
License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD and ISC License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD and ISC
@ -63,6 +63,8 @@ Patch6045: CVE-2021-22207.patch
Patch6046: CVE-2021-4181.patch Patch6046: CVE-2021-4181.patch
#https://gitlab.com/wireshark/wireshark/-/commit/a0084bd76f45f9566bd94c49d7fb7571e0d4bdaa #https://gitlab.com/wireshark/wireshark/-/commit/a0084bd76f45f9566bd94c49d7fb7571e0d4bdaa
Patch6047: CVE-2021-4185.patch Patch6047: CVE-2021-4185.patch
#https://gitlab.com/wireshark/wireshark/-/commit/1c264ced5701dd7ec22f425ee82c9e7abc45fe94
Patch6048: CVE-2023-2856.patch
Requires: %{name}-help = %{epoch}:%{version}-%{release} Requires: %{name}-help = %{epoch}:%{version}-%{release}
Requires(pre): shadow-utils Requires(pre): shadow-utils
@ -170,6 +172,9 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/* %{_mandir}/man?/*
%changelog %changelog
* Wed May 31 2023 yaoxin <yao_xin001@hoperun.com> - 1:2.6.2-22
- Fix CVE-2023-2856
* Fri Apr 1 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-21 * Fri Apr 1 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-21
- Fix CVE-2021-22191 CVE-2021-22207 CVE-2021-4181 CVE-2021-4185 - Fix CVE-2021-22191 CVE-2021-22207 CVE-2021-4181 CVE-2021-4185