pool/tcpreplay
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 479994 from network:utilities

Browse Source 
- security fix for CVE-2017-6429 /  bsc#1028234

OBS-URL: https://build.opensuse.org/request/show/479994
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tcpreplay?expand=0&rev=3
This commit is contained in:
Dominique Leuenberger 2017-03-20 16:09:00 +00:00 committed by Git OBS Bridge
commit 42f80f846c
3 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
278-fail-if-capture-has-a-packet-that-is-too-large.patch Normal file
View File

@ -0,0 +1,45 @@
From: Fred Klassen <fklassen@appneta.com>
Date: Sun, 26 Feb 2017 20:45:59 -0800
Subject: * #278 fail if capture has a packet that is too large
Patch-mainline: v4.2.0-beta1
Git-commit: d689d14dbcd768c028eab2fb378d849e543dcfe9
References: CVE-2017-6429 bsc#1028234
* Update CHANGELOG
---
src/tcpcapinfo.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/tcpcapinfo.c b/src/tcpcapinfo.c
index 775f1625b00f..96928820fe94 100644
--- a/src/tcpcapinfo.c
+++ b/src/tcpcapinfo.c
@@ -281,6 +281,15 @@ main(int argc, char *argv[])
caplen = pcap_ph.caplen;
}
+ if (caplentoobig) {
+ printf("\n\nCapture file appears to be damaged or corrupt.\n"
+ "Contains packet of size %u, bigger than snap length %u\n",
+ caplen, pcap_fh.snaplen);
+
+ close(fd);
+ break;
+ }
+
/* check to make sure timestamps don't go backwards */
if (last_sec > 0 && last_usec > 0) {
if ((pcap_ph.ts.tv_sec == last_sec) ?
@@ -306,7 +315,7 @@ main(int argc, char *argv[])
}
close(fd);
- continue;
+ break;
}
/* print the frame checksum */
--
2.12.0

7
tcpreplay.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Mar 16 10:29:56 UTC 2017 - mkubecek@suse.cz
- 278-fail-if-capture-has-a-packet-that-is-too-large.patch:
buffer overflow in tcpcapinfo utility triggered by too large
packet (CVE-2017-6429 bsc#1028234)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 21 12:23:37 UTC 2016 - mkubecek@suse.cz Mon Nov 21 12:23:37 UTC 2016 - mkubecek@suse.cz

4
tcpreplay.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package tcpreplay # spec file for package tcpreplay
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,6 +26,7 @@ Url: http://tcpreplay.appneta.com/
Source0: https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc Source1: https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc
Source2: %{name}.keyring Source2: %{name}.keyring
Patch1: 278-fail-if-capture-has-a-packet-that-is-too-large.patch
BuildRequires: libdnet-devel BuildRequires: libdnet-devel
BuildRequires: libpcap-devel BuildRequires: libpcap-devel
BuildRequires: tcpdump BuildRequires: tcpdump
@ -45,6 +46,7 @@ switches, routers, and IP Flow/NetFlow appliances.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%build %build
%configure \ %configure \