[oe] [meta-networking][PATCH] wireshark: CVE-2017-17935
akuster808
akuster808 at gmail.com
Wed Jan 3 22:23:40 UTC 2018
On 01/03/2018 12:34 AM, Zhixiong Chi wrote:
> Backport patch from the upstream:
> https://code.wireshark.org/review/gitweb?p=wireshark.git;
> a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
> https://nvd.nist.gov/vuln/detail/CVE-2017-17935
>
> The File_read_line function in epan/wslua/wslua_file.c in Wireshark
> through 2.2.11 does not properly strip '\n' characters, which allows
> remote attackers to cause a denial of service (buffer underflow and
> application crash) via a crafted packet that triggers the attempted
> processing of an empty line.
Thank you for the security patch.
In master-next is an update to wireshark to version 2.2.11. I think
this wont be necessary once the update hits master.
- armin
>
> Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
> ---
> .../wireshark/wireshark/CVE-2017-17935.patch | 37 ++++++++++++++++++++++
> .../recipes-support/wireshark/wireshark_2.2.10.bb | 4 ++-
> 2 files changed, 40 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch
>
> diff --git a/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch
> new file mode 100644
> index 000000000..46ad83ea0
> --- /dev/null
> +++ b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch
> @@ -0,0 +1,37 @@
> +From 137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 Mon Sep 17 00:00:00 2001
> +From: Martin Mathieson <martin.r.mathieson at googlemail.com>
> +Date: Tue, 26 Dec 2017 11:48:04 +0000
> +Subject: [PATCH 1/1] potential buffer underflow in File_read_line function in
> + epan/wslua/wslua_file.c
> +
> +Putting up for review, though I am not completely convinced that
> +file_gets() can return an empty line.
> +
> +Bug: 14295
> +Change-Id: If36761ea511b66c01a9f167809a218a7eadbfcc5
> +Reviewed-on: https://code.wireshark.org/review/24997
> +Petri-Dish: Martin Mathieson <martin.r.mathieson at googlemail.com>
> +Tested-by: Petri Dish Buildbot
> +Reviewed-by: Anders Broman <a.broman58 at gmail.com>
> +
> +Upstream-Status: Backport
> +Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
> +---
> + epan/wslua/wslua_file.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/epan/wslua/wslua_file.c b/epan/wslua/wslua_file.c
> +index 79bf4f7..73bacc6 100644
> +--- a/epan/wslua/wslua_file.c
> ++++ b/epan/wslua/wslua_file.c
> +@@ -192,7 +192,7 @@ static int File_read_line(lua_State *L, FILE_T ft) {
> + length = (gint)(file_tell(ft) - pos_before);
> +
> + /* ...but don't want to include newline in line length */
> +- if (linebuff[length-1] == '\n') {
> ++ if (length > 0 && linebuff[length-1] == '\n') {
> + length--;
> + /* Nor do we want '\r' (as will be written when log is created on windows) */
> + if (length > 0 && linebuff[length - 1] == '\r') {
> +--
> +2.7.4
> diff --git a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb
> index 5358ba07f..e3915d203 100644
> --- a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb
> +++ b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb
> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e271234ba1a13c6e512e76b94ac2f77"
>
> DEPENDS = "pcre expat glib-2.0 glib-2.0-native"
>
> -SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2"
> +SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2 \
> + file://CVE-2017-17935.patch \
> +"
>
> PE = "1"
>
More information about the Openembedded-devel
mailing list