[oe] [meta-networking][PATCH] wireshark: CVE-2017-17935
Zhixiong Chi
zhixiong.chi at windriver.com
Thu Jan 4 02:15:35 UTC 2018
On 2018年01月04日 06:23, akuster808 wrote:
>
> On 01/03/2018 12:34 AM, Zhixiong Chi wrote:
>> Backport patch from the upstream:
>> https://code.wireshark.org/review/gitweb?p=wireshark.git;
>> a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
>> https://nvd.nist.gov/vuln/detail/CVE-2017-17935
>>
>> The File_read_line function in epan/wslua/wslua_file.c in Wireshark
>> through 2.2.11 does not properly strip '\n' characters, which allows
>> remote attackers to cause a denial of service (buffer underflow and
>> application crash) via a crafted packet that triggers the attempted
>> processing of an empty line.
> Thank you for the security patch.
>
> In master-next is an update to wireshark to version 2.2.11. I think
> this wont be necessary once the update hits master.
Got it.
Thanks for your response.
Zhixiong.
>
> - armin
>> Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
>> ---
>> .../wireshark/wireshark/CVE-2017-17935.patch | 37 ++++++++++++++++++++++
>> .../recipes-support/wireshark/wireshark_2.2.10.bb | 4 ++-
>> 2 files changed, 40 insertions(+), 1 deletion(-)
>> create mode 100644 meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch
>>
>> diff --git a/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch
>> new file mode 100644
>> index 000000000..46ad83ea0
>> --- /dev/null
>> +++ b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch
>> @@ -0,0 +1,37 @@
>> +From 137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 Mon Sep 17 00:00:00 2001
>> +From: Martin Mathieson <martin.r.mathieson at googlemail.com>
>> +Date: Tue, 26 Dec 2017 11:48:04 +0000
>> +Subject: [PATCH 1/1] potential buffer underflow in File_read_line function in
>> + epan/wslua/wslua_file.c
>> +
>> +Putting up for review, though I am not completely convinced that
>> +file_gets() can return an empty line.
>> +
>> +Bug: 14295
>> +Change-Id: If36761ea511b66c01a9f167809a218a7eadbfcc5
>> +Reviewed-on: https://code.wireshark.org/review/24997
>> +Petri-Dish: Martin Mathieson <martin.r.mathieson at googlemail.com>
>> +Tested-by: Petri Dish Buildbot
>> +Reviewed-by: Anders Broman <a.broman58 at gmail.com>
>> +
>> +Upstream-Status: Backport
>> +Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
>> +---
>> + epan/wslua/wslua_file.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/epan/wslua/wslua_file.c b/epan/wslua/wslua_file.c
>> +index 79bf4f7..73bacc6 100644
>> +--- a/epan/wslua/wslua_file.c
>> ++++ b/epan/wslua/wslua_file.c
>> +@@ -192,7 +192,7 @@ static int File_read_line(lua_State *L, FILE_T ft) {
>> + length = (gint)(file_tell(ft) - pos_before);
>> +
>> + /* ...but don't want to include newline in line length */
>> +- if (linebuff[length-1] == '\n') {
>> ++ if (length > 0 && linebuff[length-1] == '\n') {
>> + length--;
>> + /* Nor do we want '\r' (as will be written when log is created on windows) */
>> + if (length > 0 && linebuff[length - 1] == '\r') {
>> +--
>> +2.7.4
>> diff --git a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb
>> index 5358ba07f..e3915d203 100644
>> --- a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb
>> +++ b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb
>> @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e271234ba1a13c6e512e76b94ac2f77"
>>
>> DEPENDS = "pcre expat glib-2.0 glib-2.0-native"
>>
>> -SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2"
>> +SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2 \
>> + file://CVE-2017-17935.patch \
>> +"
>>
>> PE = "1"
>>
>
--
---------------------
Thanks,
Zhixiong Chi
Tel: +86-10-8477-7036
More information about the Openembedded-devel
mailing list