pool/wireshark
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

checked in

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=9
This commit is contained in:
OBS User autobuild 2009-11-02 15:10:08 +00:00 committed by Git OBS Bridge
parent 2b71d2705e
commit d253ef2a1b
8 changed files with 385 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
ready Normal file
View File

293
wireshark-1.2.1-CVE-2009-3241.patch Normal file
View File

@ -0,0 +1,293 @@
Index: plugins/opcua/opcua_simpletypes.c
===================================================================
--- plugins/opcua/opcua_simpletypes.c (revision 29812)
+++ plugins/opcua/opcua_simpletypes.c (revision 29813)
@@ -34,9 +34,6 @@
#include <string.h>
#include <epan/emem.h>
-/* string buffer */
-#define MAX_BUFFER 256
-
#define DIAGNOSTICINFO_ENCODINGMASK_SYMBOLICID_FLAG 0x01
#define DIAGNOSTICINFO_ENCODINGMASK_NAMESPACE_FLAG 0x02
#define DIAGNOSTICINFO_ENCODINGMASK_LOCALIZEDTEXT_FLAG 0x04
@@ -56,6 +53,9 @@
#define EXTOBJ_ENCODINGMASK_BINBODY_FLAG 0x01
#define EXTOBJ_ENCODINGMASK_XMLBODY_FLAG 0x02
+/* Chosen arbitrarily */
+#define MAX_ARRAY_LEN 10000
+
static int hf_opcua_diag_mask_symbolicflag = -1;
static int hf_opcua_diag_mask_namespaceflag = -1;
static int hf_opcua_diag_mask_localizedtextflag = -1;
@@ -338,35 +338,28 @@
void parseString(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex)
{
- char *szValue = ep_alloc(MAX_BUFFER);
+ char *szValue;
gint iOffset = *pOffset;
gint32 iLen = tvb_get_letohl(tvb, *pOffset);
iOffset+=4;
- if (szValue)
+ if (iLen == -1)
{
- if (iLen == -1)
- {
- g_snprintf(szValue, MAX_BUFFER, "[OpcUa Null String]");
- }
- else if (iLen >= 0)
- {
- int iStrLen = iLen;
- if (iStrLen > (MAX_BUFFER-1)) iStrLen = MAX_BUFFER - 1;
- /* copy non null terminated string of length iStrlen */
- strncpy(szValue, (char*)&tvb->real_data[iOffset], iStrLen);
- /* set null terminator */
- szValue[iStrLen] = 0;
- iOffset += iLen; /* eat the whole string */
- }
- else
- {
- g_snprintf(szValue, MAX_BUFFER, "[Invalid String] Ups, something is wrong with this message.");
- }
-
+ proto_tree_add_string(tree, hfIndex, tvb, *pOffset, (iOffset - *pOffset),
+ "[OpcUa Null String]");
+ }
+ else if (iLen >= 0)
+ {
+ iOffset += iLen; /* eat the whole string */
+ proto_tree_add_item(tree, hfIndex, tvb, *pOffset, (iOffset - *pOffset), TRUE);
+ }
+ else
+ {
+ szValue = ep_strdup_printf("[Invalid String] Invalid length: %d", iLen);
proto_tree_add_string(tree, hfIndex, tvb, *pOffset, (iOffset - *pOffset), szValue);
- *pOffset = iOffset;
}
+
+ *pOffset = iOffset;
}
void parseStatusCode(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex)
@@ -644,10 +637,18 @@
proto_tree *subtree = proto_item_add_subtree(ti, ett_opcua_array);
int i;
- for (i=0; i<ArrayLength; i++)
+ if (ArrayLength < MAX_ARRAY_LEN)
{
- parseInt32(subtree, tvb, pOffset, hf_opcua_Int32);
+ for (i=0; i<ArrayLength; i++)
+ {
+ parseInt32(subtree, tvb, pOffset, hf_opcua_Int32);
+ }
}
+ else
+ {
+ /* XXX - This should be expert_add_info_format, but we need pinfo for that */
+ PROTO_ITEM_SET_GENERATED(proto_tree_add_text(tree, tvb, iOffset, 4, "Array length %d too large to process", ArrayLength));
+ }
}
*pOffset = iOffset;
@@ -668,11 +669,17 @@
/* read array length */
iLen = tvb_get_letohl(tvb, *pOffset);
proto_tree_add_item(subtree, hf_opcua_ArraySize, tvb, *pOffset, 4, TRUE);
- *pOffset += 4;
if (iLen == -1) return; /* no array */
if (iLen == 0) return; /* array with zero elements*/
+ if (iLen > MAX_ARRAY_LEN)
+ {
+ PROTO_ITEM_SET_GENERATED(proto_tree_add_text(tree, tvb, *pOffset, 4, "Array length %d too large to process", iLen));
+ return;
+ }
+
+ *pOffset += 4;
for (i=0; i<iLen; i++)
{
(*pParserFunction)(subtree, tvb, pOffset, hfIndex);
@@ -694,11 +701,17 @@
/* read array length */
iLen = tvb_get_letohl(tvb, *pOffset);
proto_tree_add_item(subtree, hf_opcua_ArraySize, tvb, *pOffset, 4, TRUE);
- *pOffset += 4;
if (iLen == -1) return; /* no array */
if (iLen == 0) return; /* array with zero elements*/
+ if (iLen > MAX_ARRAY_LEN)
+ {
+ PROTO_ITEM_SET_GENERATED(proto_tree_add_text(tree, tvb, *pOffset, 4, "Array length %d too large to process", iLen));
+ return;
+ }
+
+ *pOffset += 4;
for (i=0; i<iLen; i++)
{
(*pParserFunction)(subtree, tvb, pOffset);
@@ -719,11 +732,17 @@
/* read array length */
iLen = tvb_get_letohl(tvb, *pOffset);
proto_tree_add_item(subtree, hf_opcua_ArraySize, tvb, *pOffset, 4, TRUE);
- *pOffset += 4;
if (iLen == -1) return; /* no array */
if (iLen == 0) return; /* array with zero elements*/
+ if (iLen > MAX_ARRAY_LEN)
+ {
+ PROTO_ITEM_SET_GENERATED(proto_tree_add_text(tree, tvb, *pOffset, 4, "Array length %d too large to process", iLen));
+ return;
+ }
+
+ *pOffset += 4;
for (i=0; i<iLen; i++)
{
char szNum[20];
Index: plugins/opcua/opcua.c
===================================================================
--- plugins/opcua/opcua.c (revision 29812)
+++ plugins/opcua/opcua.c (revision 29813)
@@ -167,32 +167,32 @@
col_set_str(pinfo->cinfo, COL_PROTOCOL, "OpcUa");
/* parse message type */
- if (tvb->real_data[0] == 'H' && tvb->real_data[1] == 'E' && tvb->real_data[2] == 'L')
+ if (tvb_memeql(tvb, 0, "HEL", 3))
{
msgtype = MSG_HELLO;
pfctParse = parseHello;
}
- else if (tvb->real_data[0] == 'A' && tvb->real_data[1] == 'C' && tvb->real_data[2] == 'K')
+ else if (tvb_memeql(tvb, 0, "ACK", 3))
{
msgtype = MSG_ACKNOWLEDGE;
pfctParse = parseAcknowledge;
}
- else if (tvb->real_data[0] == 'E' && tvb->real_data[1] == 'R' && tvb->real_data[2] == 'R')
+ else if (tvb_memeql(tvb, 0, "ERR", 3))
{
msgtype = MSG_ERROR;
pfctParse = parseError;
}
- else if (tvb->real_data[0] == 'M' && tvb->real_data[1] == 'S' && tvb->real_data[2] == 'G')
+ else if (tvb_memeql(tvb, 0, "MSG", 3))
{
msgtype = MSG_MESSAGE;
pfctParse = parseMessage;
}
- else if (tvb->real_data[0] == 'O' && tvb->real_data[1] == 'P' && tvb->real_data[2] == 'N')
+ else if (tvb_memeql(tvb, 0, "OPN", 3))
{
msgtype = MSG_OPENSECURECHANNEL;
pfctParse = parseOpenSecureChannel;
}
- else if (tvb->real_data[0] == 'C' && tvb->real_data[1] == 'L' && tvb->real_data[2] == 'O')
+ else if (tvb_memeql(tvb, 0, "CLO", 3))
{
msgtype = MSG_CLOSESECURECHANNEL;
pfctParse = parseCloseSecureChannel;
Index: plugins/opcua/opcua_transport_layer.c
===================================================================
--- plugins/opcua/opcua_transport_layer.c (revision 29812)
+++ plugins/opcua/opcua_transport_layer.c (revision 29813)
@@ -126,35 +126,11 @@
proto_register_field_array(proto, hf, array_length(hf));
}
-/** helper functions for adding strings,
- * that are not zero terminated.
- */
-void addString(proto_tree *tree,
- int hfindex,
- tvbuff_t *tvb,
- gint start,
- gint length,
- const char *value)
-{
- char *szValue = ep_alloc(256);
-
- if (szValue)
- {
- if (length > 255) length = 255;
- /* copy non null terminated string data */
- strncpy(szValue, value, length);
- /* set null terminator */
- szValue[length] = 0;
-
- proto_tree_add_string(tree, hfindex, tvb, start, length, szValue);
- }
-}
-
/* Transport Layer: message parsers */
void parseHello(proto_tree *tree, tvbuff_t *tvb, gint *pOffset)
{
- addString(tree, hf_opcua_transport_type, tvb, *pOffset, 3, tvb->real_data); *pOffset+=3;
- addString(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, &tvb->real_data[*pOffset]); *pOffset+=1;
+ proto_tree_add_item(tree, hf_opcua_transport_type, tvb, *pOffset, 3, TRUE); *pOffset+=3;
+ proto_tree_add_item(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, TRUE); *pOffset+=1;
proto_tree_add_item(tree, hf_opcua_transport_size, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_ver, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_rbs, tvb, *pOffset, 4, TRUE); *pOffset+=4;
@@ -166,8 +142,8 @@
void parseAcknowledge(proto_tree *tree, tvbuff_t *tvb, gint *pOffset)
{
- addString(tree, hf_opcua_transport_type, tvb, *pOffset, 3, tvb->real_data); *pOffset+=3;
- addString(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, &tvb->real_data[*pOffset]); *pOffset+=1;
+ proto_tree_add_item(tree, hf_opcua_transport_type, tvb, *pOffset, 3, TRUE); *pOffset+=3;
+ proto_tree_add_item(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, TRUE); *pOffset+=1;
proto_tree_add_item(tree, hf_opcua_transport_size, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_ver, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_rbs, tvb, *pOffset, 4, TRUE); *pOffset+=4;
@@ -178,8 +154,8 @@
void parseError(proto_tree *tree, tvbuff_t *tvb, gint *pOffset)
{
- addString(tree, hf_opcua_transport_type, tvb, *pOffset, 3, tvb->real_data); *pOffset+=3;
- addString(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, &tvb->real_data[*pOffset]); *pOffset+=1;
+ proto_tree_add_item(tree, hf_opcua_transport_type, tvb, *pOffset, 3, TRUE); *pOffset+=3;
+ proto_tree_add_item(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, TRUE); *pOffset+=1;
proto_tree_add_item(tree, hf_opcua_transport_size, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_error, tvb, *pOffset, 4, TRUE); *pOffset+=4;
parseString(tree, tvb, pOffset, hf_opcua_transport_reason);
@@ -192,8 +168,8 @@
proto_tree *nodeid_tree;
int ServiceId = 0;
- addString(tree, hf_opcua_transport_type, tvb, *pOffset, 3, tvb->real_data); *pOffset+=3;
- addString(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, &tvb->real_data[*pOffset]); *pOffset+=1;
+ proto_tree_add_item(tree, hf_opcua_transport_type, tvb, *pOffset, 3, TRUE); *pOffset+=3;
+ proto_tree_add_item(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, TRUE); *pOffset+=1;
proto_tree_add_item(tree, hf_opcua_transport_size, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_scid, tvb, *pOffset, 4, TRUE); *pOffset+=4;
@@ -223,8 +199,8 @@
proto_tree *nodeid_tree;
int ServiceId = 0;
- addString(tree, hf_opcua_transport_type, tvb, *pOffset, 3, tvb->real_data); *pOffset+=3;
- addString(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, &tvb->real_data[*pOffset]); *pOffset+=1;
+ proto_tree_add_item(tree, hf_opcua_transport_type, tvb, *pOffset, 3, TRUE); *pOffset+=3;
+ proto_tree_add_item(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, TRUE); *pOffset+=1;
proto_tree_add_item(tree, hf_opcua_transport_size, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_scid, tvb, *pOffset, 4, TRUE); *pOffset+=4;
parseString(tree, tvb, pOffset, hf_opcua_transport_spu);
@@ -247,8 +223,8 @@
void parseCloseSecureChannel(proto_tree *tree, tvbuff_t *tvb, gint *pOffset)
{
- addString(tree, hf_opcua_transport_type, tvb, *pOffset, 3, tvb->real_data); *pOffset+=3;
- addString(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, &tvb->real_data[*pOffset]); *pOffset+=1;
+ proto_tree_add_item(tree, hf_opcua_transport_type, tvb, *pOffset, 3, TRUE); *pOffset+=3;
+ proto_tree_add_item(tree, hf_opcua_transport_chunk, tvb, *pOffset, 1, TRUE); *pOffset+=1;
proto_tree_add_item(tree, hf_opcua_transport_size, tvb, *pOffset, 4, TRUE); *pOffset+=4;
proto_tree_add_item(tree, hf_opcua_transport_scid, tvb, *pOffset, 4, TRUE); *pOffset+=4;
}

12
wireshark-1.2.1-CVE-2009-3242.patch Normal file
View File

@ -0,0 +1,12 @@
Index: epan/dissectors/packet-gsm_a_rr.c
===================================================================
--- epan/dissectors/packet-gsm_a_rr.c (revision 29402)
+++ epan/dissectors/packet-gsm_a_rr.c (revision 29403)
@@ -10154,6 +10154,7 @@
void
proto_reg_handoff_gsm_a_rr(void)
{
+ data_handle = find_dissector("data");
rrc_irat_ho_info_handle = find_dissector("rrc.irat.irat_ho_info");
rrc_irat_ho_to_utran_cmd_handle = find_dissector("rrc.irat.ho_to_utran_cmd");
}

67
wireshark-1.2.1-CVE-2009-3243.patch Normal file
View File

@ -0,0 +1,67 @@
Index: epan/dissectors/packet-ssl-utils.c
===================================================================
--- epan/dissectors/packet-ssl-utils.c (revision 29905)
+++ epan/dissectors/packet-ssl-utils.c (revision 29906)
@@ -43,6 +43,17 @@
* Lookup tables
*
*/
+const gchar* ssl_version_short_names[] = {
+ "SSL",
+ "SSLv2",
+ "SSLv3",
+ "TLSv1",
+ "TLSv1.1",
+ "DTLSv1.0",
+ "PCT",
+ "TLSv1.2"
+};
+
const value_string ssl_20_msg_types[] = {
{ SSL2_HND_ERROR, "Error" },
{ SSL2_HND_CLIENT_HELLO, "Client Hello" },
Index: epan/dissectors/packet-ssl-utils.h
===================================================================
--- epan/dissectors/packet-ssl-utils.h (revision 29905)
+++ epan/dissectors/packet-ssl-utils.h (revision 29906)
@@ -150,6 +150,7 @@
* Lookup tables
*
*/
+extern const gchar* ssl_version_short_names[];
extern const value_string ssl_20_msg_types[];
extern const value_string ssl_20_cipher_suites[];
extern const value_string ssl_20_certificate_type[];
Index: epan/dissectors/packet-dtls.c
===================================================================
--- epan/dissectors/packet-dtls.c (revision 29905)
+++ epan/dissectors/packet-dtls.c (revision 29906)
@@ -74,8 +74,6 @@
#include "inet_v6defs.h"
#include "packet-ssl-utils.h"
-extern const gchar *ssl_version_short_names[];
-
/* we need to remember the top tree so that subdissectors we call are created
* at the root and not deep down inside the DTLS decode
*/
Index: epan/dissectors/packet-ssl.c
===================================================================
--- epan/dissectors/packet-ssl.c (revision 29905)
+++ epan/dissectors/packet-ssl.c (revision 29906)
@@ -272,15 +272,6 @@
static gchar* ssl_debug_file_name = NULL;
#endif
-const gchar* ssl_version_short_names[] = {
- "SSL",
- "SSLv2",
- "SSLv3",
- "TLSv1",
- "TLSv1.1",
- "DTLSv1.0",
- "PCT"
-};
/* Forward declaration we need below */
void proto_reg_handoff_ssl(void);

3
wireshark-1.2.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b3e1f4ec8385747e8aaf7aa33fe971df5e598b5bab6c8d106b90ea802e16b399
size 15129422

3
wireshark-1.2.3.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5515ba01277773a2f9c97599d4d28d0898d8b1d7afd5c8942cab087306c28703
size 15215978

66
wireshark.changes
View File

@ -1,69 +1,3 @@
-------------------------------------------------------------------
Fri Oct 30 15:47:50 CET 2009 - prusnak@suse.cz
- updated to 1.2.3
* Security fixes:
- The Paltalk dissector could crash on alignment-sensitive processors.
- The DCERPC/NT dissector could crash.
- The SMB dissector could crash.
* Bug fixes:
- Wireshark memory leak with each file open and/or display filter change.
- DHCP Dissector displays negative lease time.
- Invalid advertised window line on tcptrace style graph.
- SMB get_dfs_referral referral entry is not dissected correctly.
- Error dissecting eMule sourceOBFU message.
- Typos in Diameter XML files.
- RSL dissector for MS Power IE is broken.
- FIP dissector throws assertion.
- TCAP problem with indefinite length 'components' SEQ OF.
- GSM MAP: an-APDU not decoded.
- Add "Drag and Drop entries..." message on Columns preferences page.
- Editcap -t and -w option parses fractional digits incorrectly.
* Updated Protocol Support
- DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP,
Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS
- updated to 1.2.2
* Security fixes:
- The GSM A RR dissector could crash. (Bug 3893)
- The OpcUa dissector could use excessive CPU and memory. (Bug 3986)
- The TLS dissector could crash on some platforms. (Bug 4008)
* Bug fixes:
- The "Capture->Interfaces" window can't be closed.
- tshark-1.0.2 (dumpcap) signal abort core saved.
- Memory leak fixes.
- Display filter autocompletion doesn't work for some RADIUS and WiMAX ASNCP fields.
- Wireshark Portable includes wrong WinPcap installer.
- Crash when loading a profile.
- The proto,colinfo tap doesn't work if the INFO column isn't being printed.
- Flow Graph adds too much unnecessary garbage.
- The EAP Diameter dictionary file was missing in the distribution.
- Graph analysis window is behind other window.
- IKEv2 Cert Request payload dissection error.
- DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified domain-name.
- Malformed RTCP Packet error while sending Payload specific RTCP feedback packet (as per RFC 4585).
- 802.11n Block Ack packet Bitmap field missing.
- Wireshark doesn't decode WBXML/ActiveSync information correctly.
- Malformed packet when IPv6 packet has Next Header == 59.
- Wireshark could crash while reading an ERF file.
- Minor errors in gsm rr dissectors.
- WPA Decryption Issues.
- GSM A RR sys info dissection problem.
- GSM A RR inverts MEAS-VALID values.
- PDML output leaks ~300 bytes / packet.
- Incorrect station identifier parsing in Kingfisher dissector.
- DHCPv6, Vendor-Specific Informantion, SubOption"Option Request" parser incorrect.
- Wireshark could leak memory while analyzing SSL.
- Wireshark could crash while updating menu items after reading a file in some cases.
* Updated Protocol Support
- DCERPC, DHCPv6, DNS, E.212, GSM A RR, GTPv2, H.248, IEEE 802.11,
IPMI, ISAKMP/IKE, ISUP, Kingfisher, LDAP, OpcUA, RTCP, SCTP, SIP,
SSL, TCP, WBXML, ZRTP
* Updated Capture File Support
- ERF
- dropped obsoleted 3 CVE patches (see previous entry)
-------------------------------------------------------------------
Fri Oct 2 18:19:09 CEST 2009 - prusnak@suse.cz

11
wireshark.spec
View File

@ -22,7 +22,7 @@ Name: wireshark
License: GPL v2 or later
Group: Productivity/Networking/Diagnostic
Summary: A Network Traffic Analyser
Version: 1.2.3
Version: 1.2.1
Release: 2
Url: http://www.wireshark.org/
Source: http://www.wireshark.org/download/src/%{name}-%{version}.tar.bz2
@ -35,6 +35,12 @@ Patch1: %{name}-1.2.0-disable-warning-dialog.patch
Patch2: %{name}-1.2.0-asneeded.patch
# PATCH-FEATURE-OPENSUSE wireshark-1.2.0-geoip.patch prusnak@suse.cz -- search in /var/lib/GeoIP if user hasn't set any GeoIP folders
Patch3: %{name}-1.2.0-geoip.patch
# PATCH-FIX-UPSTREAM wireshark-1.2.1-CVE-2009-3241.patch prusnak@suse.cz - secfix [bnc#541654]
Patch4: %{name}-1.2.1-CVE-2009-3241.patch
# PATCH-FIX-UPSTREAM wireshark-1.2.1-CVE-2009-3242.patch prusnak@suse.cz - secfix [bnc#541659]
Patch5: %{name}-1.2.1-CVE-2009-3242.patch
# PATCH-FIX-UPSTREAM wireshark-1.2.1-CVE-2009-3243.patch prusnak@suse.cz - secfix [bnc#541655]
Patch6: %{name}-1.2.1-CVE-2009-3243.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: xdg-utils
Provides: ethereal = %{version}
@ -151,6 +157,9 @@ Authors:
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%build
%configure