diff --git a/wireshark-1.4.4-CVE-2011-1590.patch b/wireshark-1.4.4-CVE-2011-1590.patch new file mode 100644 index 0000000..29cf23a --- /dev/null +++ b/wireshark-1.4.4-CVE-2011-1590.patch @@ -0,0 +1,598 @@ +--- asn1/x509if/packet-x509if-template.c 2011/04/12 20:29:42 36607 ++++ asn1/x509if/packet-x509if-template.c 2011/04/12 20:39:48 36608 +@@ -37,6 +37,7 @@ + #include "packet-x509if.h" + #include "packet-x509sat.h" + #include ++#include + + #define PNAME "X.509 Information Framework" + #define PSNAME "X509IF" +@@ -51,13 +52,12 @@ + /* Initialize the subtree pointers */ + #include "packet-x509if-ett.c" + +-static const char *object_identifier_id; ++static const char *object_identifier_id = NULL; + static proto_tree *top_of_dn = NULL; + static proto_tree *top_of_rdn = NULL; + + static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */ + static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */ +-static gboolean doing_dn = TRUE; + static gboolean doing_attr = FALSE; + + #define MAX_RDN_STR_LEN 64 +@@ -72,6 +72,22 @@ + #define MAX_AVA_STR_LEN 64 + static char *last_ava = NULL; + ++static void ++x509if_frame_end(void) ++{ ++ object_identifier_id = NULL; ++ top_of_dn = NULL; ++ top_of_rdn = NULL; ++ ++ rdn_one_value = FALSE; ++ dn_one_rdn = FALSE; ++ doing_attr = FALSE; ++ ++ last_dn = NULL; ++ last_rdn = NULL; ++ last_ava = NULL; ++} ++ + #include "packet-x509if-fn.c" + + const char * x509if_get_last_dn(void) +--- asn1/x509if/x509if.cnf 2011/04/12 20:29:42 36607 ++++ asn1/x509if/x509if.cnf 2011/04/12 20:39:48 36608 +@@ -197,7 +197,7 @@ + name = oid_resolved_from_string(object_identifier_id); + if(!name) name = object_identifier_id; + +- if(doing_dn) { /* append it to the RDN */ ++ if(last_rdn) { /* append it to the RDN */ + g_strlcat(last_rdn, name, MAX_RDN_STR_LEN); + g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN); + +@@ -213,6 +213,7 @@ + if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt); + +@@ -245,7 +246,7 @@ + /* it was a string - format it */ + value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb)); + +- if(doing_dn) { ++ if(last_rdn) { + g_strlcat(last_rdn, value, MAX_RDN_STR_LEN); + + /* append it to the tree*/ +@@ -255,11 +256,15 @@ + if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + +- if(!(name = oid_resolved_from_string(object_identifier_id))) +- name = object_identifier_id; +- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); ++ if (!last_ava) { ++ last_ava = ep_alloc(MAX_AVA_STR_LEN); ++ } ++ ++ if(!(name = oid_resolved_from_string(object_identifier_id))) ++ name = object_identifier_id; ++ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); + +- proto_item_append_text(tree, " %%s", last_ava); ++ proto_item_append_text(tree, " %%s", last_ava); + + } + } +@@ -330,7 +335,7 @@ + rdn_one_value = FALSE; + top_of_rdn = tree; + last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0'; +- doing_dn = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + %(DEFAULT_BODY)s + +@@ -349,7 +354,6 @@ + } + } + +- doing_dn = FALSE; + last_rdn = NULL; /* it will get freed when the next packet is dissected */ + + #.FN_BODY RelativeDistinguishedName/_item +@@ -358,7 +362,7 @@ + top_of_rdn = tree; + } else { + +- if(doing_dn) ++ if(last_rdn) + /* this is an additional value - delimit */ + g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN); + } +@@ -373,6 +377,8 @@ + dn_one_rdn = FALSE; /* reset */ + last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0'; + top_of_dn = NULL; ++ register_frame_end_routine (x509if_frame_end); ++ + + %(DEFAULT_BODY)s + +@@ -402,6 +408,7 @@ + + ava_hf_index = hf_index; + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + %(DEFAULT_BODY)s + +@@ -409,10 +416,9 @@ + + #.FN_BODY Attribute + doing_attr = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + %(DEFAULT_BODY)s +- +- doing_attr = FALSE; + #.END + + +--- epan/dissectors/packet-x509if.c 2011/04/12 20:29:42 36607 ++++ epan/dissectors/packet-x509if.c 2011/04/12 20:39:48 36608 +@@ -5,7 +5,7 @@ + + /* Input file: packet-x509if-template.c */ + +-#line 1 "packet-x509if-template.c" ++#line 1 "../../asn1/x509if/packet-x509if-template.c" + /* packet-x509if.c + * Routines for X.509 Information Framework packet dissection + * Ronnie Sahlberg 2004 +@@ -45,6 +45,7 @@ + #include "packet-x509if.h" + #include "packet-x509sat.h" + #include ++#include + + #define PNAME "X.509 Information Framework" + #define PSNAME "X509IF" +@@ -56,7 +57,7 @@ + static int hf_x509if_any_string = -1; + + /*--- Included file: packet-x509if-hf.c ---*/ +-#line 1 "packet-x509if-hf.c" ++#line 1 "../../asn1/x509if/packet-x509if-hf.c" + static int hf_x509if_DistinguishedName_PDU = -1; /* DistinguishedName */ + static int hf_x509if_SubtreeSpecification_PDU = -1; /* SubtreeSpecification */ + static int hf_x509if_HierarchyLevel_PDU = -1; /* HierarchyLevel */ +@@ -214,12 +215,12 @@ + static int hf_x509if_AllowedSubset_wholeSubtree = -1; + + /*--- End of included file: packet-x509if-hf.c ---*/ +-#line 50 "packet-x509if-template.c" ++#line 51 "../../asn1/x509if/packet-x509if-template.c" + + /* Initialize the subtree pointers */ + + /*--- Included file: packet-x509if-ett.c ---*/ +-#line 1 "packet-x509if-ett.c" ++#line 1 "../../asn1/x509if/packet-x509if-ett.c" + static gint ett_x509if_Attribute = -1; + static gint ett_x509if_T_values = -1; + static gint ett_x509if_T_valuesWithContext = -1; +@@ -295,15 +296,14 @@ + static gint ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString = -1; + + /*--- End of included file: packet-x509if-ett.c ---*/ +-#line 53 "packet-x509if-template.c" ++#line 54 "../../asn1/x509if/packet-x509if-template.c" + +-static const char *object_identifier_id; ++static const char *object_identifier_id = NULL; + static proto_tree *top_of_dn = NULL; + static proto_tree *top_of_rdn = NULL; + + static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */ + static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */ +-static gboolean doing_dn = TRUE; + static gboolean doing_attr = FALSE; + + #define MAX_RDN_STR_LEN 64 +@@ -318,9 +318,25 @@ + #define MAX_AVA_STR_LEN 64 + static char *last_ava = NULL; + ++static void ++x509if_frame_end(void) ++{ ++ object_identifier_id = NULL; ++ top_of_dn = NULL; ++ top_of_rdn = NULL; ++ ++ rdn_one_value = FALSE; ++ dn_one_rdn = FALSE; ++ doing_attr = FALSE; ++ ++ last_dn = NULL; ++ last_rdn = NULL; ++ last_ava = NULL; ++} ++ + + /*--- Included file: packet-x509if-fn.c ---*/ +-#line 1 "packet-x509if-fn.c" ++#line 1 "../../asn1/x509if/packet-x509if-fn.c" + /*--- Cyclic dependencies ---*/ + + /* Refinement -> Refinement/and -> Refinement */ +@@ -349,7 +365,7 @@ + + static int + dissect_x509if_T_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 310 "x509if.cnf" ++#line 315 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -374,7 +390,7 @@ + + static int + dissect_x509if_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 280 "x509if.cnf" ++#line 285 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree); + + +@@ -395,7 +411,7 @@ + + static int + dissect_x509if_T_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 292 "x509if.cnf" ++#line 297 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -492,15 +508,14 @@ + + int + dissect_x509if_Attribute(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 411 "x509if.cnf" ++#line 418 "../../asn1/x509if/x509if.cnf" + doing_attr = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + Attribute_sequence, hf_index, ett_x509if_Attribute); + + +- doing_attr = FALSE; +- + + return offset; + } +@@ -518,7 +533,7 @@ + + int + dissect_x509if_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 298 "x509if.cnf" ++#line 303 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -539,7 +554,7 @@ + + static int + dissect_x509if_T_assertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 304 "x509if.cnf" ++#line 309 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -569,7 +584,7 @@ + + static int + dissect_x509if_T_ca_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 184 "x509if.cnf" ++#line 184 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -650,10 +665,11 @@ + + int + dissect_x509if_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 402 "x509if.cnf" ++#line 408 "../../asn1/x509if/x509if.cnf" + + ava_hf_index = hf_index; + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + AttributeValueAssertion_sequence, hf_index, ett_x509if_AttributeValueAssertion); +@@ -707,7 +723,7 @@ + + static int + dissect_x509if_T_type_02(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 190 "x509if.cnf" ++#line 190 "../../asn1/x509if/x509if.cnf" + const char *fmt; + const char *name; + +@@ -719,7 +735,7 @@ + name = oid_resolved_from_string(object_identifier_id); + if(!name) name = object_identifier_id; + +- if(doing_dn) { /* append it to the RDN */ ++ if(last_rdn) { /* append it to the RDN */ + g_strlcat(last_rdn, name, MAX_RDN_STR_LEN); + g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN); + +@@ -735,6 +751,7 @@ + if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s", name, fmt); + +@@ -752,7 +769,7 @@ + + static int + dissect_x509if_T_atadv_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 225 "x509if.cnf" ++#line 226 "../../asn1/x509if/x509if.cnf" + int old_offset = offset; + tvbuff_t *out_tvb; + char *value = NULL; +@@ -776,7 +793,7 @@ + /* it was a string - format it */ + value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb)); + +- if(doing_dn) { ++ if(last_rdn) { + g_strlcat(last_rdn, value, MAX_RDN_STR_LEN); + + /* append it to the tree*/ +@@ -786,11 +803,15 @@ + if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + +- if(!(name = oid_resolved_from_string(object_identifier_id))) +- name = object_identifier_id; +- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value); ++ if (!last_ava) { ++ last_ava = ep_alloc(MAX_AVA_STR_LEN); ++ } ++ ++ if(!(name = oid_resolved_from_string(object_identifier_id))) ++ name = object_identifier_id; ++ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value); + +- proto_item_append_text(tree, " %s", last_ava); ++ proto_item_append_text(tree, " %s", last_ava); + + } + } +@@ -804,7 +825,7 @@ + + static int + dissect_x509if_T_distingAttrValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 325 "x509if.cnf" ++#line 330 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -861,13 +882,13 @@ + + static int + dissect_x509if_RelativeDistinguishedName_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 356 "x509if.cnf" ++#line 360 "../../asn1/x509if/x509if.cnf" + + if(!rdn_one_value) { + top_of_rdn = tree; + } else { + +- if(doing_dn) ++ if(last_rdn) + /* this is an additional value - delimit */ + g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN); + } +@@ -889,13 +910,13 @@ + + int + dissect_x509if_RelativeDistinguishedName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 328 "x509if.cnf" ++#line 333 "../../asn1/x509if/x509if.cnf" + char *temp_dn; + + rdn_one_value = FALSE; + top_of_rdn = tree; + last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0'; +- doing_dn = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, + RelativeDistinguishedName_set_of, hf_index, ett_x509if_RelativeDistinguishedName); +@@ -916,7 +937,6 @@ + } + } + +- doing_dn = FALSE; + last_rdn = NULL; /* it will get freed when the next packet is dissected */ + + +@@ -928,7 +948,7 @@ + + static int + dissect_x509if_RDNSequence_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 391 "x509if.cnf" ++#line 397 "../../asn1/x509if/x509if.cnf" + + if(!dn_one_rdn) { + /* this is the first element - record the top */ +@@ -952,12 +972,14 @@ + + int + dissect_x509if_RDNSequence(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 371 "x509if.cnf" ++#line 375 "../../asn1/x509if/x509if.cnf" + const char *fmt; + + dn_one_rdn = FALSE; /* reset */ + last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0'; + top_of_dn = NULL; ++ register_frame_end_routine (x509if_frame_end); ++ + + offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, + RDNSequence_sequence_of, hf_index, ett_x509if_RDNSequence); +@@ -1362,7 +1384,7 @@ + + static int + dissect_x509if_T_ra_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 271 "x509if.cnf" ++#line 276 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1396,7 +1418,7 @@ + + static int + dissect_x509if_T_ra_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 277 "x509if.cnf" ++#line 282 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1458,7 +1480,7 @@ + + static int + dissect_x509if_T_contextValue_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 316 "x509if.cnf" ++#line 321 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1559,7 +1581,7 @@ + + static int + dissect_x509if_T_restrictionValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 322 "x509if.cnf" ++#line 327 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1680,7 +1702,7 @@ + + static int + dissect_x509if_T_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 286 "x509if.cnf" ++#line 291 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -2080,7 +2102,7 @@ + + + /*--- End of included file: packet-x509if-fn.c ---*/ +-#line 76 "packet-x509if-template.c" ++#line 92 "../../asn1/x509if/packet-x509if-template.c" + + const char * x509if_get_last_dn(void) + { +@@ -2127,7 +2149,7 @@ + + + /*--- Included file: packet-x509if-hfarr.c ---*/ +-#line 1 "packet-x509if-hfarr.c" ++#line 1 "../../asn1/x509if/packet-x509if-hfarr.c" + { &hf_x509if_DistinguishedName_PDU, + { "DistinguishedName", "x509if.DistinguishedName", + FT_UINT32, BASE_DEC, NULL, 0, +@@ -2746,14 +2768,14 @@ + NULL, HFILL }}, + + /*--- End of included file: packet-x509if-hfarr.c ---*/ +-#line 121 "packet-x509if-template.c" ++#line 137 "../../asn1/x509if/packet-x509if-template.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + + /*--- Included file: packet-x509if-ettarr.c ---*/ +-#line 1 "packet-x509if-ettarr.c" ++#line 1 "../../asn1/x509if/packet-x509if-ettarr.c" + &ett_x509if_Attribute, + &ett_x509if_T_values, + &ett_x509if_T_valuesWithContext, +@@ -2829,7 +2851,7 @@ + &ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString, + + /*--- End of included file: packet-x509if-ettarr.c ---*/ +-#line 126 "packet-x509if-template.c" ++#line 142 "../../asn1/x509if/packet-x509if-template.c" + }; + + /* Register protocol */ +@@ -2850,7 +2872,7 @@ + void proto_reg_handoff_x509if(void) { + + /*--- Included file: packet-x509if-dis-tab.c ---*/ +-#line 1 "packet-x509if-dis-tab.c" ++#line 1 "../../asn1/x509if/packet-x509if-dis-tab.c" + register_ber_oid_dissector("2.5.4.1", dissect_DistinguishedName_PDU, proto_x509if, "id-at-aliasedEntryName"); + register_ber_oid_dissector("2.5.4.31", dissect_DistinguishedName_PDU, proto_x509if, "id-at-member"); + register_ber_oid_dissector("2.5.4.32", dissect_DistinguishedName_PDU, proto_x509if, "id-at-owner"); +@@ -2885,6 +2907,6 @@ + + + /*--- End of included file: packet-x509if-dis-tab.c ---*/ +-#line 145 "packet-x509if-template.c" ++#line 161 "../../asn1/x509if/packet-x509if-template.c" + } + +--- epan/dissectors/packet-x509if.h 2011/04/12 20:29:42 36607 ++++ epan/dissectors/packet-x509if.h 2011/04/12 20:39:48 36608 +@@ -5,7 +5,7 @@ + + /* Input file: packet-x509if-template.h */ + +-#line 1 "packet-x509if-template.h" ++#line 1 "../../asn1/x509if/packet-x509if-template.h" + /* packet-x509if.h + * Routines for X.509 Information Framework packet dissection + * Ronnie Sahlberg 2004 +@@ -36,7 +36,7 @@ + + + /*--- Included file: packet-x509if-exp.h ---*/ +-#line 1 "packet-x509if-exp.h" ++#line 1 "../../asn1/x509if/packet-x509if-exp.h" + extern const value_string x509if_Name_vals[]; + extern const value_string x509if_Refinement_vals[]; + extern const value_string x509if_AttributeUsage_vals[]; +@@ -83,7 +83,7 @@ + int dissect_x509if_MRSubstitution(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); + + /*--- End of included file: packet-x509if-exp.h ---*/ +-#line 30 "packet-x509if-template.h" ++#line 30 "../../asn1/x509if/packet-x509if-template.h" + + extern const char * x509if_get_last_dn(void); + + diff --git a/wireshark-1.4.4-CVE-2011-1591.patch b/wireshark-1.4.4-CVE-2011-1591.patch new file mode 100644 index 0000000..6523bd3 --- /dev/null +++ b/wireshark-1.4.4-CVE-2011-1591.patch @@ -0,0 +1,18 @@ +--- trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 16:17:09 36643 ++++ trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 17:17:08 36644 +@@ -1882,10 +1882,13 @@ + pkt_afield.RCRC=(((guint16)pkt_ptr[6])<<8)|pkt_ptr[7]; + + /* fill B-Field */ +- if(pkt_len>DECT_PACKET_INFO_LEN+2) ++ if(pkt_len>DECT_PACKET_INFO_LEN+2) { ++ if (pkt_len > 128+5+8) ++ pkt_len = 128+5+8; /* make these values into logical #defines */ + memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8), pkt_len-5-8); +- else ++ } else { + memset((char*)(&(pkt_bfield.Data)), 0, 128); ++ } + pkt_bfield.Length=pkt_len-DECT_PACKET_INFO_LEN-8; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DECT"); diff --git a/wireshark-1.4.4-CVE-2011-1592.patch b/wireshark-1.4.4-CVE-2011-1592.patch new file mode 100644 index 0000000..918e632 --- /dev/null +++ b/wireshark-1.4.4-CVE-2011-1592.patch @@ -0,0 +1,92 @@ +Index: wireshark-1.4.4/epan/dissectors/packet-nfs.c +=================================================================== +--- wireshark-1.4.4.orig/epan/dissectors/packet-nfs.c ++++ wireshark-1.4.4/epan/dissectors/packet-nfs.c +@@ -7798,7 +7798,7 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i + { + char *universal_ip_address = NULL; + char *protocol = NULL; +- guint8 b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; ++ guint b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; + guint16 port; + int addr_offset; + +@@ -7807,23 +7807,22 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i + offset = dissect_rpc_string(tvb, tree, hf_nfs_r_addr, offset, &universal_ip_address); + + if(strlen(protocol) == 3 && strncmp(protocol,"tcp",3) == 0) { +- if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu.%hhu.%hhu.%hhu.%hhu", ++ if (universal_ip_address && sscanf(universal_ip_address, "%u.%u.%u.%u.%u.%u", + &b1, &b2, &b3, &b4, &b5, &b6) == 6) { + /* IPv4: h1.h2.h3.h4.p1.p2 */ + port = (b5<<8) | b6; +- proto_tree_add_text(tree, tvb, addr_offset, offset, ++ proto_tree_add_text(tree, tvb, addr_offset, offset, + "[callback IPv4 address %u.%u.%u.%u, protocol=%s, port=%u]", + b1, b2, b3, b4, protocol, port); +- } else if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu", ++ } else if (universal_ip_address && sscanf(universal_ip_address,"%u.%u", + &b1, &b2) == 2) { + /* Some clients (linux) sometimes send only the port. */ + port = (b1<<8) | b2; +- proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", +- protocol, +- port); +- } else if (universal_ip_address && sscanf(universal_ip_address, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx.%hhu.%hhu", +- &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { +- ++ proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, ++ "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", protocol, port); ++ } else if (universal_ip_address && sscanf(universal_ip_address, ++ "%2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x.%u.%u", ++ &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { + port = (b9<<8) | b10; + proto_tree_add_text(tree, tvb, addr_offset, offset, + "[callback IPv6 address %2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x, protocol=%s, port=%u]", +Index: wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c +=================================================================== +--- wireshark-1.4.4.orig/epan/dissectors/packet-ssl-utils.c ++++ wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c +@@ -3145,7 +3145,13 @@ ssl_parse_key_list(const gchar * keys_li + ip[2] = 0; + ip[3] = 0; + } else { +- sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]); ++ guint tmp0, tmp1, tmp2, tmp3; ++ ++ sscanf(addr, "%u.%u.%u.%u", &tmp0, &tmp1, &tmp2, &tmp3); ++ ip[0] = (guchar)tmp0; ++ ip[1] = (guchar)tmp1; ++ ip[2] = (guchar)tmp2; ++ ip[3] = (guchar)tmp3; + } + + if(!strcmp("start_tls", port)) { +@@ -3153,7 +3159,7 @@ ssl_parse_key_list(const gchar * keys_li + } else { + service->port = atoi(port); + } +- ssl_debug_printf("ssl_init addr '%hhu.%hhu.%hhu.%hhu' port '%d' filename '%s' password(only for p12 file) '%s'\n", ++ ssl_debug_printf("ssl_init addr '%u.%u.%u.%u' port '%d' filename '%s' password(only for p12 file) '%s'\n", + ip[0], ip[1], ip[2], ip[3], service->port, filename, cert_passwd ? cert_passwd : "(null)"); + + /* try to load pen or p12 file*/ +Index: wireshark-1.4.4/tools/checkAPIs.pl +=================================================================== +--- wireshark-1.4.4.orig/tools/checkAPIs.pl ++++ wireshark-1.4.4/tools/checkAPIs.pl +@@ -1001,6 +1001,14 @@ while ($_ = $ARGV[0]) + print STDERR "Error: Found %ll in " .$filename."\n"; + $errorCount++; + } ++ if ($fileContents =~ m{ %hh }xo) ++ { ++ # %hh is C99 and Windows doesn't like it: ++ # http://connect.microsoft.com/VisualStudio/feedback/details/416843/sscanf-cannot-not-handle-hhd-format ++ # Need to use temporary variables instead. ++ print STDERR "Error: Found %hh in " .$filename."\n"; ++ $errorCount++; ++ } + + if (! ($fileContents =~ m{ \$Id .* \$ }xo)) + { diff --git a/wireshark.changes b/wireshark.changes index 63b6b48..c062b8b 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Apr 26 09:11:54 UTC 2011 - cyliu@novell.com + +- security fixes [#bnc 688109] + * CVE-2011-1590: Use of un-initialised variables + * CVE-2011-1592: Crash in NFS dissector on Windows + * CVE-2011-1591: Buffer overflow in DECT dissector + ------------------------------------------------------------------- Tue Mar 8 10:59:35 CST 2011 - cyliu@novell.com diff --git a/wireshark.spec b/wireshark.spec index d732b51..0680f57 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -38,6 +38,9 @@ Patch3: %{name}-corosync-packet-dissector.patch Patch4: %{name}-1.2.4-enable_lua.patch # PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options Patch5: %{name}-nfsv4-opts.patch +Patch6: %{name}-%{version}-CVE-2011-1592.patch +Patch7: %{name}-%{version}-CVE-2011-1590.patch +Patch8: %{name}-%{version}-CVE-2011-1591.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex @@ -100,6 +103,10 @@ view the reconstructed stream of a TCP session. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 +%patch8 -p1 + sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782 %if ! %{use_caps} @@ -108,7 +115,7 @@ sed -i 's!^Exec=wireshark!Exec=/usr/bin/xdg-su -c /usr/bin/wireshark!' wireshark %endif %build -%configure +%configure --without-zlib make %{?_smp_mflags} %install