From 817ae8fd35123d7fb23b8a76dcec63f5873718346d7c819d3f941fa3b7d1e22a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Kube=C4=8Dek?= Date: Thu, 16 Mar 2017 10:49:20 +0000 Subject: [PATCH] - fix buffer overflow in tcpcapinfo utility triggered by too large packet (CVE-2017-6429 bsc#1028234) OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpreplay?expand=0&rev=10 --- ...pture-has-a-packet-that-is-too-large.patch | 45 +++++++++++++++++++ tcpreplay.changes | 7 +++ tcpreplay.spec | 4 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 278-fail-if-capture-has-a-packet-that-is-too-large.patch diff --git a/278-fail-if-capture-has-a-packet-that-is-too-large.patch b/278-fail-if-capture-has-a-packet-that-is-too-large.patch new file mode 100644 index 0000000..0e0203e --- /dev/null +++ b/278-fail-if-capture-has-a-packet-that-is-too-large.patch @@ -0,0 +1,45 @@ +From: Fred Klassen +Date: Sun, 26 Feb 2017 20:45:59 -0800 +Subject: * #278 fail if capture has a packet that is too large +Patch-mainline: v4.2.0-beta1 +Git-commit: d689d14dbcd768c028eab2fb378d849e543dcfe9 +References: CVE-2017-6429 bsc#1028234 + +* Update CHANGELOG + +--- + src/tcpcapinfo.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/tcpcapinfo.c b/src/tcpcapinfo.c +index 775f1625b00f..96928820fe94 100644 +--- a/src/tcpcapinfo.c ++++ b/src/tcpcapinfo.c +@@ -281,6 +281,15 @@ main(int argc, char *argv[]) + caplen = pcap_ph.caplen; + } + ++ if (caplentoobig) { ++ printf("\n\nCapture file appears to be damaged or corrupt.\n" ++ "Contains packet of size %u, bigger than snap length %u\n", ++ caplen, pcap_fh.snaplen); ++ ++ close(fd); ++ break; ++ } ++ + /* check to make sure timestamps don't go backwards */ + if (last_sec > 0 && last_usec > 0) { + if ((pcap_ph.ts.tv_sec == last_sec) ? +@@ -306,7 +315,7 @@ main(int argc, char *argv[]) + } + + close(fd); +- continue; ++ break; + } + + /* print the frame checksum */ +-- +2.12.0 + diff --git a/tcpreplay.changes b/tcpreplay.changes index c4e6801..2b0213a 100644 --- a/tcpreplay.changes +++ b/tcpreplay.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 16 10:29:56 UTC 2017 - mkubecek@suse.cz + +- 278-fail-if-capture-has-a-packet-that-is-too-large.patch: + buffer overflow in tcpcapinfo utility triggered by too large + packet (CVE-2017-6429 bsc#1028234) + ------------------------------------------------------------------- Mon Nov 21 12:23:37 UTC 2016 - mkubecek@suse.cz diff --git a/tcpreplay.spec b/tcpreplay.spec index d285d63..635e7e3 100644 --- a/tcpreplay.spec +++ b/tcpreplay.spec @@ -1,7 +1,7 @@ # # spec file for package tcpreplay # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,7 @@ Url: http://tcpreplay.appneta.com/ Source0: https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring +Patch1: 278-fail-if-capture-has-a-packet-that-is-too-large.patch BuildRequires: libdnet-devel BuildRequires: libpcap-devel BuildRequires: tcpdump @@ -45,6 +46,7 @@ switches, routers, and IP Flow/NetFlow appliances. %prep %setup -q +%patch1 -p1 %build %configure \