Accepting request 846279 from home:pmonrealgonzalez:branches:network:utilities
- Security fix: [bsc#1178466, CVE-2020-8037] * PPP decapsulator: Allocate the right buffer size - Add tcpdump-CVE-2020-8037.patch - Update to 4.9.3 [bsc#1153098] OBS-URL: https://build.opensuse.org/request/show/846279 OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=56
This commit is contained in:
parent
bbf036edab
commit
af28d45d24
63
tcpdump-CVE-2020-8037.patch
Normal file
63
tcpdump-CVE-2020-8037.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guy Harris <guy@alum.mit.edu>
|
||||||
|
Date: Sat, 18 Apr 2020 14:04:59 -0700
|
||||||
|
Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer.
|
||||||
|
|
||||||
|
The buffer should be big enough to hold the captured data, but it
|
||||||
|
doesn't need to be big enough to hold the entire on-the-network packet,
|
||||||
|
if we haven't captured all of it.
|
||||||
|
|
||||||
|
(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334)
|
||||||
|
---
|
||||||
|
print-ppp.c | 18 ++++++++++++++----
|
||||||
|
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/print-ppp.c b/print-ppp.c
|
||||||
|
index 891761728..33fb03412 100644
|
||||||
|
--- a/print-ppp.c
|
||||||
|
+++ b/print-ppp.c
|
||||||
|
@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
|
||||||
|
+ * The length argument is the on-the-wire length, not the captured
|
||||||
|
+ * length; we can only un-escape the captured part.
|
||||||
|
+ */
|
||||||
|
static void
|
||||||
|
ppp_hdlc(netdissect_options *ndo,
|
||||||
|
const u_char *p, int length)
|
||||||
|
{
|
||||||
|
+ u_int caplen = ndo->ndo_snapend - p;
|
||||||
|
u_char *b, *t, c;
|
||||||
|
const u_char *s;
|
||||||
|
- int i, proto;
|
||||||
|
+ u_int i;
|
||||||
|
+ int proto;
|
||||||
|
const void *se;
|
||||||
|
|
||||||
|
+ if (caplen == 0)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
if (length <= 0)
|
||||||
|
return;
|
||||||
|
|
||||||
|
- b = (u_char *)malloc(length);
|
||||||
|
+ b = (u_char *)malloc(caplen);
|
||||||
|
if (b == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo,
|
||||||
|
* Do this so that we dont overwrite the original packet
|
||||||
|
* contents.
|
||||||
|
*/
|
||||||
|
- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
|
||||||
|
+ for (s = p, t = b, i = caplen; i != 0; i--) {
|
||||||
|
c = *s++;
|
||||||
|
if (c == 0x7d) {
|
||||||
|
- if (i <= 1 || !ND_TTEST(*s))
|
||||||
|
+ if (i <= 1)
|
||||||
|
break;
|
||||||
|
i--;
|
||||||
|
c = *s++ ^ 0x20;
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 5 10:58:11 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Security fix: [bsc#1178466, CVE-2020-8037]
|
||||||
|
* PPP decapsulator: Allocate the right buffer size
|
||||||
|
- Add tcpdump-CVE-2020-8037.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 13 17:21:34 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com>
|
Fri Dec 13 17:21:34 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
|
||||||
@ -12,7 +19,7 @@ Tue Oct 15 07:53:47 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Oct 2 14:01:31 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
Wed Oct 2 14:01:31 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||||
|
|
||||||
- Update to 4.9.3
|
- Update to 4.9.3 [bsc#1153098]
|
||||||
* Fix buffer overflow/overread vulnerabilities:
|
* Fix buffer overflow/overread vulnerabilities:
|
||||||
- CVE-2017-16808 (AoE)
|
- CVE-2017-16808 (AoE)
|
||||||
- CVE-2018-14468 (FrameRelay)
|
- CVE-2018-14468 (FrameRelay)
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package tcpdump
|
# spec file for package tcpdump
|
||||||
#
|
#
|
||||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2020 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -29,6 +29,8 @@ Source2: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
|
|||||||
Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
|
Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
|
||||||
# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
|
# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
|
||||||
Patch0: tcpdump-CVE-2018-19519.patch
|
Patch0: tcpdump-CVE-2018-19519.patch
|
||||||
|
# PATCH-FIX-UPSTREAM bsc#1178466 CVE-2020-8037 PPP decapsulator: Allocate the right buffer size
|
||||||
|
Patch1: tcpdump-CVE-2020-8037.patch
|
||||||
BuildRequires: libpcap-devel >= %{min_libpcap_version}
|
BuildRequires: libpcap-devel >= %{min_libpcap_version}
|
||||||
BuildRequires: libsmi-devel
|
BuildRequires: libsmi-devel
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
@ -40,7 +42,7 @@ ethernet. It can be used to debug specific network problems.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1
|
%autopatch -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# guessing TSO needed in print-ip.c
|
# guessing TSO needed in print-ip.c
|
||||||
|
Loading…
Reference in New Issue
Block a user