mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-17 06:50:07 +00:00
Code Issues Projects Releases Wiki Activity

wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops

Browse Source 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
vkumbhar
2023-12-13 17:25:03 +05:30
committed by Armin Kuster
parent 3bcc5bb4de
commit fc632d5bb0
2 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch
+52
View File
@@ -0,0 +1,52 @@
From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Thu, 1 Dec 2022 20:46:15 -0500
Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats
The ofp_stats struct length field includes the fixed 4 bytes.
If the length is smaller than that, report the length error
and break out. In particular, a value of zero can cause
infinite loops if this isn't done.
(cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db)
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f]
CVE: CVE-2022-4345
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
epan/dissectors/packet-openflow_v6.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c
index f3bd0ef..96a3233 100644
--- a/epan/dissectors/packet-openflow_v6.c
+++ b/epan/dissectors/packet-openflow_v6.c
@@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
static int
dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_)
{
+ proto_item *ti;
guint32 stats_length;
int oxs_end;
guint32 padding;
proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA);
- proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length);
+ ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length);
oxs_end = offset + stats_length;
offset+=4;
+ if (stats_length < 4) {
+ expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short);
+ return offset;
+ }
+
while (offset < oxs_end) {
offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset);
}
--
2.40.1
meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb
+1
View File
@@ -20,6 +20,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
file://CVE-2023-2906.patch \ file://CVE-2023-2906.patch \
file://CVE-2023-3649.patch \ file://CVE-2023-3649.patch \
file://CVE-2022-0585-CVE-2023-2879.patch \ file://CVE-2022-0585-CVE-2023-2879.patch \
file://CVE-2022-4345.patch \
" "
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"