rpm/wireshark
SHA256
1
0
Fork 0
forked from pool/wireshark
Code Pull Requests Activity

Accepting request 69943 from home:cyliu:branches:network:utilities

Browse Source 
fix bug #688109 & #685023

OBS-URL: https://build.opensuse.org/request/show/69943
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=39
This commit is contained in:
Pavol Rusnak 2011-05-10 11:13:33 +00:00 committed by Git OBS Bridge
parent 3f2093436f
commit 4987763d14
5 changed files with 724 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

598
wireshark-1.4.4-CVE-2011-1590.patch Normal file
View File

@ -0,0 +1,598 @@
--- asn1/x509if/packet-x509if-template.c 2011/04/12 20:29:42 36607
+++ asn1/x509if/packet-x509if-template.c 2011/04/12 20:39:48 36608
@@ -37,6 +37,7 @@
#include "packet-x509if.h"
#include "packet-x509sat.h"
#include <epan/strutil.h>
+#include <epan/dissectors/packet-frame.h>
#define PNAME "X.509 Information Framework"
#define PSNAME "X509IF"
@@ -51,13 +52,12 @@
/* Initialize the subtree pointers */
#include "packet-x509if-ett.c"
-static const char *object_identifier_id;
+static const char *object_identifier_id = NULL;
static proto_tree *top_of_dn = NULL;
static proto_tree *top_of_rdn = NULL;
static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */
static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */
-static gboolean doing_dn = TRUE;
static gboolean doing_attr = FALSE;
#define MAX_RDN_STR_LEN 64
@@ -72,6 +72,22 @@
#define MAX_AVA_STR_LEN 64
static char *last_ava = NULL;
+static void
+x509if_frame_end(void)
+{
+ object_identifier_id = NULL;
+ top_of_dn = NULL;
+ top_of_rdn = NULL;
+
+ rdn_one_value = FALSE;
+ dn_one_rdn = FALSE;
+ doing_attr = FALSE;
+
+ last_dn = NULL;
+ last_rdn = NULL;
+ last_ava = NULL;
+}
+
#include "packet-x509if-fn.c"
const char * x509if_get_last_dn(void)
--- asn1/x509if/x509if.cnf 2011/04/12 20:29:42 36607
+++ asn1/x509if/x509if.cnf 2011/04/12 20:39:48 36608
@@ -197,7 +197,7 @@
name = oid_resolved_from_string(object_identifier_id);
if(!name) name = object_identifier_id;
- if(doing_dn) { /* append it to the RDN */
+ if(last_rdn) { /* append it to the RDN */
g_strlcat(last_rdn, name, MAX_RDN_STR_LEN);
g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN);
@@ -213,6 +213,7 @@
if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) {
/* we have a format */
last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0';
+ register_frame_end_routine (x509if_frame_end);
g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt);
@@ -245,7 +246,7 @@
/* it was a string - format it */
value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb));
- if(doing_dn) {
+ if(last_rdn) {
g_strlcat(last_rdn, value, MAX_RDN_STR_LEN);
/* append it to the tree*/
@@ -255,11 +256,15 @@
if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) {
/* we have a format */
- if(!(name = oid_resolved_from_string(object_identifier_id)))
- name = object_identifier_id;
- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value);
+ if (!last_ava) {
+ last_ava = ep_alloc(MAX_AVA_STR_LEN);
+ }
+
+ if(!(name = oid_resolved_from_string(object_identifier_id)))
+ name = object_identifier_id;
+ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value);
- proto_item_append_text(tree, " %%s", last_ava);
+ proto_item_append_text(tree, " %%s", last_ava);
}
}
@@ -330,7 +335,7 @@
rdn_one_value = FALSE;
top_of_rdn = tree;
last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0';
- doing_dn = TRUE;
+ register_frame_end_routine (x509if_frame_end);
%(DEFAULT_BODY)s
@@ -349,7 +354,6 @@
}
}
- doing_dn = FALSE;
last_rdn = NULL; /* it will get freed when the next packet is dissected */
#.FN_BODY RelativeDistinguishedName/_item
@@ -358,7 +362,7 @@
top_of_rdn = tree;
} else {
- if(doing_dn)
+ if(last_rdn)
/* this is an additional value - delimit */
g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN);
}
@@ -373,6 +377,8 @@
dn_one_rdn = FALSE; /* reset */
last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0';
top_of_dn = NULL;
+ register_frame_end_routine (x509if_frame_end);
+
%(DEFAULT_BODY)s
@@ -402,6 +408,7 @@
ava_hf_index = hf_index;
last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0';
+ register_frame_end_routine (x509if_frame_end);
%(DEFAULT_BODY)s
@@ -409,10 +416,9 @@
#.FN_BODY Attribute
doing_attr = TRUE;
+ register_frame_end_routine (x509if_frame_end);
%(DEFAULT_BODY)s
-
- doing_attr = FALSE;
#.END
--- epan/dissectors/packet-x509if.c 2011/04/12 20:29:42 36607
+++ epan/dissectors/packet-x509if.c 2011/04/12 20:39:48 36608
@@ -5,7 +5,7 @@
/* Input file: packet-x509if-template.c */
-#line 1 "packet-x509if-template.c"
+#line 1 "../../asn1/x509if/packet-x509if-template.c"
/* packet-x509if.c
* Routines for X.509 Information Framework packet dissection
* Ronnie Sahlberg 2004
@@ -45,6 +45,7 @@
#include "packet-x509if.h"
#include "packet-x509sat.h"
#include <epan/strutil.h>
+#include <epan/dissectors/packet-frame.h>
#define PNAME "X.509 Information Framework"
#define PSNAME "X509IF"
@@ -56,7 +57,7 @@
static int hf_x509if_any_string = -1;
/*--- Included file: packet-x509if-hf.c ---*/
-#line 1 "packet-x509if-hf.c"
+#line 1 "../../asn1/x509if/packet-x509if-hf.c"
static int hf_x509if_DistinguishedName_PDU = -1; /* DistinguishedName */
static int hf_x509if_SubtreeSpecification_PDU = -1; /* SubtreeSpecification */
static int hf_x509if_HierarchyLevel_PDU = -1; /* HierarchyLevel */
@@ -214,12 +215,12 @@
static int hf_x509if_AllowedSubset_wholeSubtree = -1;
/*--- End of included file: packet-x509if-hf.c ---*/
-#line 50 "packet-x509if-template.c"
+#line 51 "../../asn1/x509if/packet-x509if-template.c"
/* Initialize the subtree pointers */
/*--- Included file: packet-x509if-ett.c ---*/
-#line 1 "packet-x509if-ett.c"
+#line 1 "../../asn1/x509if/packet-x509if-ett.c"
static gint ett_x509if_Attribute = -1;
static gint ett_x509if_T_values = -1;
static gint ett_x509if_T_valuesWithContext = -1;
@@ -295,15 +296,14 @@
static gint ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString = -1;
/*--- End of included file: packet-x509if-ett.c ---*/
-#line 53 "packet-x509if-template.c"
+#line 54 "../../asn1/x509if/packet-x509if-template.c"
-static const char *object_identifier_id;
+static const char *object_identifier_id = NULL;
static proto_tree *top_of_dn = NULL;
static proto_tree *top_of_rdn = NULL;
static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */
static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */
-static gboolean doing_dn = TRUE;
static gboolean doing_attr = FALSE;
#define MAX_RDN_STR_LEN 64
@@ -318,9 +318,25 @@
#define MAX_AVA_STR_LEN 64
static char *last_ava = NULL;
+static void
+x509if_frame_end(void)
+{
+ object_identifier_id = NULL;
+ top_of_dn = NULL;
+ top_of_rdn = NULL;
+
+ rdn_one_value = FALSE;
+ dn_one_rdn = FALSE;
+ doing_attr = FALSE;
+
+ last_dn = NULL;
+ last_rdn = NULL;
+ last_ava = NULL;
+}
+
/*--- Included file: packet-x509if-fn.c ---*/
-#line 1 "packet-x509if-fn.c"
+#line 1 "../../asn1/x509if/packet-x509if-fn.c"
/*--- Cyclic dependencies ---*/
/* Refinement -> Refinement/and -> Refinement */
@@ -349,7 +365,7 @@
static int
dissect_x509if_T_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 310 "x509if.cnf"
+#line 315 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -374,7 +390,7 @@
static int
dissect_x509if_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 280 "x509if.cnf"
+#line 285 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree);
@@ -395,7 +411,7 @@
static int
dissect_x509if_T_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 292 "x509if.cnf"
+#line 297 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -492,15 +508,14 @@
int
dissect_x509if_Attribute(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 411 "x509if.cnf"
+#line 418 "../../asn1/x509if/x509if.cnf"
doing_attr = TRUE;
+ register_frame_end_routine (x509if_frame_end);
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
Attribute_sequence, hf_index, ett_x509if_Attribute);
- doing_attr = FALSE;
-
return offset;
}
@@ -518,7 +533,7 @@
int
dissect_x509if_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 298 "x509if.cnf"
+#line 303 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -539,7 +554,7 @@
static int
dissect_x509if_T_assertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 304 "x509if.cnf"
+#line 309 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -569,7 +584,7 @@
static int
dissect_x509if_T_ca_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 184 "x509if.cnf"
+#line 184 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -650,10 +665,11 @@
int
dissect_x509if_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 402 "x509if.cnf"
+#line 408 "../../asn1/x509if/x509if.cnf"
ava_hf_index = hf_index;
last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0';
+ register_frame_end_routine (x509if_frame_end);
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
AttributeValueAssertion_sequence, hf_index, ett_x509if_AttributeValueAssertion);
@@ -707,7 +723,7 @@
static int
dissect_x509if_T_type_02(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 190 "x509if.cnf"
+#line 190 "../../asn1/x509if/x509if.cnf"
const char *fmt;
const char *name;
@@ -719,7 +735,7 @@
name = oid_resolved_from_string(object_identifier_id);
if(!name) name = object_identifier_id;
- if(doing_dn) { /* append it to the RDN */
+ if(last_rdn) { /* append it to the RDN */
g_strlcat(last_rdn, name, MAX_RDN_STR_LEN);
g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN);
@@ -735,6 +751,7 @@
if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) {
/* we have a format */
last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0';
+ register_frame_end_routine (x509if_frame_end);
g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s", name, fmt);
@@ -752,7 +769,7 @@
static int
dissect_x509if_T_atadv_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 225 "x509if.cnf"
+#line 226 "../../asn1/x509if/x509if.cnf"
int old_offset = offset;
tvbuff_t *out_tvb;
char *value = NULL;
@@ -776,7 +793,7 @@
/* it was a string - format it */
value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb));
- if(doing_dn) {
+ if(last_rdn) {
g_strlcat(last_rdn, value, MAX_RDN_STR_LEN);
/* append it to the tree*/
@@ -786,11 +803,15 @@
if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) {
/* we have a format */
- if(!(name = oid_resolved_from_string(object_identifier_id)))
- name = object_identifier_id;
- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value);
+ if (!last_ava) {
+ last_ava = ep_alloc(MAX_AVA_STR_LEN);
+ }
+
+ if(!(name = oid_resolved_from_string(object_identifier_id)))
+ name = object_identifier_id;
+ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value);
- proto_item_append_text(tree, " %s", last_ava);
+ proto_item_append_text(tree, " %s", last_ava);
}
}
@@ -804,7 +825,7 @@
static int
dissect_x509if_T_distingAttrValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 325 "x509if.cnf"
+#line 330 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -861,13 +882,13 @@
static int
dissect_x509if_RelativeDistinguishedName_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 356 "x509if.cnf"
+#line 360 "../../asn1/x509if/x509if.cnf"
if(!rdn_one_value) {
top_of_rdn = tree;
} else {
- if(doing_dn)
+ if(last_rdn)
/* this is an additional value - delimit */
g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN);
}
@@ -889,13 +910,13 @@
int
dissect_x509if_RelativeDistinguishedName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 328 "x509if.cnf"
+#line 333 "../../asn1/x509if/x509if.cnf"
char *temp_dn;
rdn_one_value = FALSE;
top_of_rdn = tree;
last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0';
- doing_dn = TRUE;
+ register_frame_end_routine (x509if_frame_end);
offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
RelativeDistinguishedName_set_of, hf_index, ett_x509if_RelativeDistinguishedName);
@@ -916,7 +937,6 @@
}
}
- doing_dn = FALSE;
last_rdn = NULL; /* it will get freed when the next packet is dissected */
@@ -928,7 +948,7 @@
static int
dissect_x509if_RDNSequence_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 391 "x509if.cnf"
+#line 397 "../../asn1/x509if/x509if.cnf"
if(!dn_one_rdn) {
/* this is the first element - record the top */
@@ -952,12 +972,14 @@
int
dissect_x509if_RDNSequence(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 371 "x509if.cnf"
+#line 375 "../../asn1/x509if/x509if.cnf"
const char *fmt;
dn_one_rdn = FALSE; /* reset */
last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0';
top_of_dn = NULL;
+ register_frame_end_routine (x509if_frame_end);
+
offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
RDNSequence_sequence_of, hf_index, ett_x509if_RDNSequence);
@@ -1362,7 +1384,7 @@
static int
dissect_x509if_T_ra_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 271 "x509if.cnf"
+#line 276 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -1396,7 +1418,7 @@
static int
dissect_x509if_T_ra_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 277 "x509if.cnf"
+#line 282 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -1458,7 +1480,7 @@
static int
dissect_x509if_T_contextValue_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 316 "x509if.cnf"
+#line 321 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -1559,7 +1581,7 @@
static int
dissect_x509if_T_restrictionValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 322 "x509if.cnf"
+#line 327 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -1680,7 +1702,7 @@
static int
dissect_x509if_T_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 286 "x509if.cnf"
+#line 291 "../../asn1/x509if/x509if.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -2080,7 +2102,7 @@
/*--- End of included file: packet-x509if-fn.c ---*/
-#line 76 "packet-x509if-template.c"
+#line 92 "../../asn1/x509if/packet-x509if-template.c"
const char * x509if_get_last_dn(void)
{
@@ -2127,7 +2149,7 @@
/*--- Included file: packet-x509if-hfarr.c ---*/
-#line 1 "packet-x509if-hfarr.c"
+#line 1 "../../asn1/x509if/packet-x509if-hfarr.c"
{ &hf_x509if_DistinguishedName_PDU,
{ "DistinguishedName", "x509if.DistinguishedName",
FT_UINT32, BASE_DEC, NULL, 0,
@@ -2746,14 +2768,14 @@
NULL, HFILL }},
/*--- End of included file: packet-x509if-hfarr.c ---*/
-#line 121 "packet-x509if-template.c"
+#line 137 "../../asn1/x509if/packet-x509if-template.c"
};
/* List of subtrees */
static gint *ett[] = {
/*--- Included file: packet-x509if-ettarr.c ---*/
-#line 1 "packet-x509if-ettarr.c"
+#line 1 "../../asn1/x509if/packet-x509if-ettarr.c"
&ett_x509if_Attribute,
&ett_x509if_T_values,
&ett_x509if_T_valuesWithContext,
@@ -2829,7 +2851,7 @@
&ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString,
/*--- End of included file: packet-x509if-ettarr.c ---*/
-#line 126 "packet-x509if-template.c"
+#line 142 "../../asn1/x509if/packet-x509if-template.c"
};
/* Register protocol */
@@ -2850,7 +2872,7 @@
void proto_reg_handoff_x509if(void) {
/*--- Included file: packet-x509if-dis-tab.c ---*/
-#line 1 "packet-x509if-dis-tab.c"
+#line 1 "../../asn1/x509if/packet-x509if-dis-tab.c"
register_ber_oid_dissector("2.5.4.1", dissect_DistinguishedName_PDU, proto_x509if, "id-at-aliasedEntryName");
register_ber_oid_dissector("2.5.4.31", dissect_DistinguishedName_PDU, proto_x509if, "id-at-member");
register_ber_oid_dissector("2.5.4.32", dissect_DistinguishedName_PDU, proto_x509if, "id-at-owner");
@@ -2885,6 +2907,6 @@
/*--- End of included file: packet-x509if-dis-tab.c ---*/
-#line 145 "packet-x509if-template.c"
+#line 161 "../../asn1/x509if/packet-x509if-template.c"
}
--- epan/dissectors/packet-x509if.h 2011/04/12 20:29:42 36607
+++ epan/dissectors/packet-x509if.h 2011/04/12 20:39:48 36608
@@ -5,7 +5,7 @@
/* Input file: packet-x509if-template.h */
-#line 1 "packet-x509if-template.h"
+#line 1 "../../asn1/x509if/packet-x509if-template.h"
/* packet-x509if.h
* Routines for X.509 Information Framework packet dissection
* Ronnie Sahlberg 2004
@@ -36,7 +36,7 @@
/*--- Included file: packet-x509if-exp.h ---*/
-#line 1 "packet-x509if-exp.h"
+#line 1 "../../asn1/x509if/packet-x509if-exp.h"
extern const value_string x509if_Name_vals[];
extern const value_string x509if_Refinement_vals[];
extern const value_string x509if_AttributeUsage_vals[];
@@ -83,7 +83,7 @@
int dissect_x509if_MRSubstitution(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
/*--- End of included file: packet-x509if-exp.h ---*/
-#line 30 "packet-x509if-template.h"
+#line 30 "../../asn1/x509if/packet-x509if-template.h"
extern const char * x509if_get_last_dn(void);

18
wireshark-1.4.4-CVE-2011-1591.patch Normal file
View File

@ -0,0 +1,18 @@
--- trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 16:17:09 36643
+++ trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 17:17:08 36644
@@ -1882,10 +1882,13 @@
pkt_afield.RCRC=(((guint16)pkt_ptr[6])<<8)|pkt_ptr[7];
/* fill B-Field */
- if(pkt_len>DECT_PACKET_INFO_LEN+2)
+ if(pkt_len>DECT_PACKET_INFO_LEN+2) {
+ if (pkt_len > 128+5+8)
+ pkt_len = 128+5+8; /* make these values into logical #defines */
memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8), pkt_len-5-8);
- else
+ } else {
memset((char*)(&(pkt_bfield.Data)), 0, 128);
+ }
pkt_bfield.Length=pkt_len-DECT_PACKET_INFO_LEN-8;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DECT");

92
wireshark-1.4.4-CVE-2011-1592.patch Normal file
View File

@ -0,0 +1,92 @@
Index: wireshark-1.4.4/epan/dissectors/packet-nfs.c
===================================================================
--- wireshark-1.4.4.orig/epan/dissectors/packet-nfs.c
+++ wireshark-1.4.4/epan/dissectors/packet-nfs.c
@@ -7798,7 +7798,7 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i
{
char *universal_ip_address = NULL;
char *protocol = NULL;
- guint8 b1, b2, b3, b4, b5, b6, b7, b8, b9, b10;
+ guint b1, b2, b3, b4, b5, b6, b7, b8, b9, b10;
guint16 port;
int addr_offset;
@@ -7807,23 +7807,22 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i
offset = dissect_rpc_string(tvb, tree, hf_nfs_r_addr, offset, &universal_ip_address);
if(strlen(protocol) == 3 && strncmp(protocol,"tcp",3) == 0) {
- if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu.%hhu.%hhu.%hhu.%hhu",
+ if (universal_ip_address && sscanf(universal_ip_address, "%u.%u.%u.%u.%u.%u",
&b1, &b2, &b3, &b4, &b5, &b6) == 6) {
/* IPv4: h1.h2.h3.h4.p1.p2 */
port = (b5<<8) | b6;
- proto_tree_add_text(tree, tvb, addr_offset, offset,
+ proto_tree_add_text(tree, tvb, addr_offset, offset,
"[callback IPv4 address %u.%u.%u.%u, protocol=%s, port=%u]",
b1, b2, b3, b4, protocol, port);
- } else if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu",
+ } else if (universal_ip_address && sscanf(universal_ip_address,"%u.%u",
&b1, &b2) == 2) {
/* Some clients (linux) sometimes send only the port. */
port = (b1<<8) | b2;
- proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]",
- protocol,
- port);
- } else if (universal_ip_address && sscanf(universal_ip_address, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx.%hhu.%hhu",
- &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) {
-
+ proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset,
+ "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", protocol, port);
+ } else if (universal_ip_address && sscanf(universal_ip_address,
+ "%2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x.%u.%u",
+ &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) {
port = (b9<<8) | b10;
proto_tree_add_text(tree, tvb, addr_offset, offset,
"[callback IPv6 address %2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x, protocol=%s, port=%u]",
Index: wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c
===================================================================
--- wireshark-1.4.4.orig/epan/dissectors/packet-ssl-utils.c
+++ wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c
@@ -3145,7 +3145,13 @@ ssl_parse_key_list(const gchar * keys_li
ip[2] = 0;
ip[3] = 0;
} else {
- sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]);
+ guint tmp0, tmp1, tmp2, tmp3;
+
+ sscanf(addr, "%u.%u.%u.%u", &tmp0, &tmp1, &tmp2, &tmp3);
+ ip[0] = (guchar)tmp0;
+ ip[1] = (guchar)tmp1;
+ ip[2] = (guchar)tmp2;
+ ip[3] = (guchar)tmp3;
}
if(!strcmp("start_tls", port)) {
@@ -3153,7 +3159,7 @@ ssl_parse_key_list(const gchar * keys_li
} else {
service->port = atoi(port);
}
- ssl_debug_printf("ssl_init addr '%hhu.%hhu.%hhu.%hhu' port '%d' filename '%s' password(only for p12 file) '%s'\n",
+ ssl_debug_printf("ssl_init addr '%u.%u.%u.%u' port '%d' filename '%s' password(only for p12 file) '%s'\n",
ip[0], ip[1], ip[2], ip[3], service->port, filename, cert_passwd ? cert_passwd : "(null)");
/* try to load pen or p12 file*/
Index: wireshark-1.4.4/tools/checkAPIs.pl
===================================================================
--- wireshark-1.4.4.orig/tools/checkAPIs.pl
+++ wireshark-1.4.4/tools/checkAPIs.pl
@@ -1001,6 +1001,14 @@ while ($_ = $ARGV[0])
print STDERR "Error: Found %ll in " .$filename."\n";
$errorCount++;
}
+ if ($fileContents =~ m{ %hh }xo)
+ {
+ # %hh is C99 and Windows doesn't like it:
+ # http://connect.microsoft.com/VisualStudio/feedback/details/416843/sscanf-cannot-not-handle-hhd-format
+ # Need to use temporary variables instead.
+ print STDERR "Error: Found %hh in " .$filename."\n";
+ $errorCount++;
+ }
if (! ($fileContents =~ m{ \$Id .* \$ }xo))
{

8
wireshark.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Apr 26 09:11:54 UTC 2011 - cyliu@novell.com
- security fixes [#bnc 688109]
* CVE-2011-1590: Use of un-initialised variables
* CVE-2011-1592: Crash in NFS dissector on Windows
* CVE-2011-1591: Buffer overflow in DECT dissector
-------------------------------------------------------------------
Tue Mar 8 10:59:35 CST 2011 - cyliu@novell.com

9
wireshark.spec
View File

@ -38,6 +38,9 @@ Patch3: %{name}-corosync-packet-dissector.patch
Patch4: %{name}-1.2.4-enable_lua.patch
# PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options
Patch5: %{name}-nfsv4-opts.patch
Patch6: %{name}-%{version}-CVE-2011-1592.patch
Patch7: %{name}-%{version}-CVE-2011-1590.patch
Patch8: %{name}-%{version}-CVE-2011-1591.patch
BuildRequires: bison
BuildRequires: cairo-devel
BuildRequires: flex
@ -100,6 +103,10 @@ view the reconstructed stream of a TCP session.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7
%patch8 -p1
sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
# run as root on 11.3 and older - bnc#349782
%if ! %{use_caps}
@ -108,7 +115,7 @@ sed -i 's!^Exec=wireshark!Exec=/usr/bin/xdg-su -c /usr/bin/wireshark!' wireshark
%endif
%build
%configure
%configure --without-zlib
make %{?_smp_mflags}
%install