Accepting request 479994 from network:utilities

- security fix for CVE-2017-6429 / bsc#1028234 OBS-URL: https://build.opensuse.org/request/show/479994 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tcpreplay?expand=0&rev=3
2017-03-20 16:09:00 +00:00 · 2017-03-20 16:09:00 +00:00 · 42f80f846c
commit 42f80f846c
parent 1ddfce8a72 817ae8fd35
3 changed files with 55 additions and 1 deletions
--- a/278-fail-if-capture-has-a-packet-that-is-too-large.patch
+++ b/278-fail-if-capture-has-a-packet-that-is-too-large.patch
@ -0,0 +1,45 @@
+From: Fred Klassen <fklassen@appneta.com>
+Date: Sun, 26 Feb 2017 20:45:59 -0800
+Subject: * #278 fail if capture has a packet that is too large
+Patch-mainline: v4.2.0-beta1
+Git-commit: d689d14dbcd768c028eab2fb378d849e543dcfe9
+References: CVE-2017-6429 bsc#1028234
+
+* Update CHANGELOG
+
+---
+ src/tcpcapinfo.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/tcpcapinfo.c b/src/tcpcapinfo.c
+index 775f1625b00f..96928820fe94 100644
+--- a/src/tcpcapinfo.c
+++ b/src/tcpcapinfo.c
+@@ -281,6 +281,15 @@ main(int argc, char *argv[])
+                 caplen = pcap_ph.caplen;
+             }
+ 
+            if (caplentoobig) {
+                printf("\n\nCapture file appears to be damaged or corrupt.\n"
+                        "Contains packet of size %u, bigger than snap length %u\n",
+                        caplen, pcap_fh.snaplen);
+
+                close(fd);
+                break;
+            }
+
+             /* check to make sure timestamps don't go backwards */
+             if (last_sec > 0 && last_usec > 0) {
+                 if ((pcap_ph.ts.tv_sec == last_sec) ? 
+@@ -306,7 +315,7 @@ main(int argc, char *argv[])
+                 }
+ 
+                 close(fd);
+-                continue;
+                break;
+             }
+ 
+             /* print the frame checksum */
+-- 
+2.12.0
+
--- a/tcpreplay.changes
+++ b/tcpreplay.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Mar 16 10:29:56 UTC 2017 - mkubecek@suse.cz
+
+- 278-fail-if-capture-has-a-packet-that-is-too-large.patch:
+  buffer overflow in tcpcapinfo utility triggered by too large
+  packet (CVE-2017-6429 bsc#1028234)
+
 -------------------------------------------------------------------
 Mon Nov 21 12:23:37 UTC 2016 - mkubecek@suse.cz

--- a/tcpreplay.spec
+++ b/tcpreplay.spec
@ -1,7 +1,7 @@
 #
 # spec file for package tcpreplay
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -26,6 +26,7 @@ Url:            http://tcpreplay.appneta.com/
 Source0:        https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:        https://github.com/appneta/tcpreplay/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
+Patch1:         278-fail-if-capture-has-a-packet-that-is-too-large.patch
 BuildRequires:  libdnet-devel
 BuildRequires:  libpcap-devel
 BuildRequires:  tcpdump
@ -45,6 +46,7 @@ switches, routers, and IP Flow/NetFlow appliances.

 %prep
 %setup -q
+%patch1 -p1

 %build
 %configure \