Accepting request 76454 from home:cyliu:branches:network:utilities
fix bnc#697516 OBS-URL: https://build.opensuse.org/request/show/76454 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=42
This commit is contained in:
parent
1abf33274b
commit
bd7bf7f8c2
24
wireshark-1.2.17-CVE-2011-1957.patch
Normal file
24
wireshark-1.2.17-CVE-2011-1957.patch
Normal file
@ -0,0 +1,24 @@
|
||||
--- trunk/epan/dissectors/packet-dcm.c 2011/04/30 08:36:00 36957
|
||||
+++ trunk/epan/dissectors/packet-dcm.c 2011/04/30 17:43:05 36958
|
||||
@@ -6519,6 +6519,7 @@
|
||||
|
||||
/* Process all PDUs in the buffer */
|
||||
while (pdu_start < tlen) {
|
||||
+ guint32 old_pdu_start;
|
||||
|
||||
if ((pdu_len+6) > (tlen-offset)) {
|
||||
|
||||
@@ -6539,7 +6540,13 @@
|
||||
offset=dissect_dcm_pdu(tvb, pinfo, tree, pdu_start);
|
||||
|
||||
/* Next PDU */
|
||||
+ old_pdu_start = pdu_start;
|
||||
pdu_start = pdu_start + pdu_len + 6;
|
||||
+ if (pdu_start <= old_pdu_start) {
|
||||
+ expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR,
|
||||
+ "Invalid PDU length (%u)", pdu_len);
|
||||
+ THROW(ReportedBoundsError);
|
||||
+ }
|
||||
|
||||
if (pdu_start < tlen - 6) {
|
||||
/* we got at least 6 bytes of the next PDU still in the buffer */
|
29
wireshark-1.2.17-CVE-2011-1958.patch
Normal file
29
wireshark-1.2.17-CVE-2011-1958.patch
Normal file
@ -0,0 +1,29 @@
|
||||
--- trunk/epan/diam_dict.l 2011/05/06 15:05:51 37010
|
||||
+++ trunk/epan/diam_dict.l 2011/05/06 19:39:47 37011
|
||||
@@ -269,9 +269,6 @@
|
||||
yyterminate();
|
||||
}
|
||||
|
||||
- include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
|
||||
-
|
||||
-
|
||||
for (e = ents.next; e; e = e->next) {
|
||||
if (strcmp(e->name,yytext) == 0) {
|
||||
yyin = ddict_open(sys_dir,e->file);
|
||||
@@ -282,6 +279,7 @@
|
||||
yyterminate();
|
||||
}
|
||||
} else {
|
||||
+ include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
|
||||
yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) );
|
||||
BEGIN LOADING;
|
||||
}
|
||||
@@ -290,7 +288,7 @@
|
||||
}
|
||||
|
||||
if (!e) {
|
||||
- fprintf(stderr, "Could not find entity: '%s'", e->name );
|
||||
+ fprintf(stderr, "Could not find entity: '%s'\n", yytext );
|
||||
yyterminate();
|
||||
}
|
||||
|
19
wireshark-1.2.17-CVE-2011-1959.patch
Normal file
19
wireshark-1.2.17-CVE-2011-1959.patch
Normal file
@ -0,0 +1,19 @@
|
||||
--- trunk/wiretap/snoop.c 2011/05/11 20:40:14 37067
|
||||
+++ trunk/wiretap/snoop.c 2011/05/11 22:36:59 37068
|
||||
@@ -473,6 +473,16 @@
|
||||
rec_size = g_ntohl(hdr.rec_len);
|
||||
orig_size = g_ntohl(hdr.orig_len);
|
||||
packet_size = g_ntohl(hdr.incl_len);
|
||||
+ if (orig_size > WTAP_MAX_PACKET_SIZE) {
|
||||
+ /*
|
||||
+ * Probably a corrupt capture file; don't blow up trying
|
||||
+ * to allocate space for an immensely-large packet.
|
||||
+ */
|
||||
+ *err = WTAP_ERR_BAD_RECORD;
|
||||
+ *err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u",
|
||||
+ orig_size, WTAP_MAX_PACKET_SIZE);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
if (packet_size > WTAP_MAX_PACKET_SIZE) {
|
||||
/*
|
||||
* Probably a corrupt capture file; don't blow up trying
|
13
wireshark-1.2.17-CVE-2011-2174.patch
Normal file
13
wireshark-1.2.17-CVE-2011-2174.patch
Normal file
@ -0,0 +1,13 @@
|
||||
--- trunk/epan/tvbuff.c 2011/05/12 15:48:51 37080
|
||||
+++ trunk/epan/tvbuff.c 2011/05/12 16:31:42 37081
|
||||
@@ -3425,9 +3425,9 @@
|
||||
inflateEnd(strm);
|
||||
g_free(strm);
|
||||
g_free(strmbuf);
|
||||
- g_free(compr);
|
||||
|
||||
if (uncompr == NULL) {
|
||||
+ g_free(compr);
|
||||
return NULL;
|
||||
}
|
||||
|
18
wireshark-1.2.17-CVE-2011-2175.patch
Normal file
18
wireshark-1.2.17-CVE-2011-2175.patch
Normal file
@ -0,0 +1,18 @@
|
||||
--- trunk/wiretap/visual.c 2011/05/13 17:05:05 37127
|
||||
+++ trunk/wiretap/visual.c 2011/05/13 17:12:44 37128
|
||||
@@ -420,6 +420,15 @@
|
||||
break;
|
||||
}
|
||||
|
||||
+ if (wth->phdr.len > WTAP_MAX_PACKET_SIZE) {
|
||||
+ /* Check if wth->phdr.len is sane, small values of wth.phdr.len before
|
||||
+ the case loop above can cause integer underflows */
|
||||
+ *err = WTAP_ERR_BAD_RECORD;
|
||||
+ *err_info = g_strdup_printf("visual: File has %u-byte original packet, bigger than maximum of %u",
|
||||
+ wth->phdr.len, WTAP_MAX_PACKET_SIZE);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
/* Sanity check */
|
||||
if (wth->phdr.len < wth->phdr.caplen)
|
||||
{
|
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 18 07:43:08 UTC 2011 - cyliu@novell.com
|
||||
|
||||
- security fixes [#bnc 697516]
|
||||
* CVE-2011-1957: Large/infinite loop in the DICOM dissector
|
||||
* CVE-2011-1959: A corrupted snoop file could crash Wireshark
|
||||
* CVE-2011-2174: Malformed compressed capture data could crash Wireshark
|
||||
* CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark
|
||||
* CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter
|
||||
dictionary
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 24 16:40:30 CEST 2011 - dimstar@opensuse.org
|
||||
|
||||
|
@ -38,6 +38,11 @@ Patch3: %{name}-corosync-packet-dissector.patch
|
||||
Patch4: %{name}-1.2.4-enable_lua.patch
|
||||
# PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options
|
||||
Patch5: %{name}-nfsv4-opts.patch
|
||||
Patch6: %{name}-1.2.17-CVE-2011-1957.patch
|
||||
Patch7: %{name}-1.2.17-CVE-2011-1959.patch
|
||||
Patch8: %{name}-1.2.17-CVE-2011-2174.patch
|
||||
Patch9: %{name}-1.2.17-CVE-2011-2175.patch
|
||||
Patch10: %{name}-1.2.17-CVE-2011-1958.patch
|
||||
BuildRequires: bison
|
||||
BuildRequires: cairo-devel
|
||||
BuildRequires: flex
|
||||
@ -100,6 +105,11 @@ view the reconstructed stream of a TCP session.
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
|
||||
# run as root on 11.3 and older - bnc#349782
|
||||
|
Loading…
Reference in New Issue
Block a user