diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch new file mode 100644 index 0000000000..622664f182 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch @@ -0,0 +1,68 @@ +From 8c186dbb381cf51064fa8dbff7953468d5ae394c Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sat, 26 Apr 2025 10:01:19 +0000 +Subject: [PATCH] column: Do not allow fence to go beyond column size when + prepending + +When moving the fence location forward when prepending, ensure +that it does not go past the end of the buffer. + +Also get rid of unnecessary branching and strlen calls. + +Fix #20509 + +(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0) + +Co-authored-by: John Thacker + +origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c + +CVE: CVE-2025-5601 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/8c186dbb381cf51064fa8dbff7953468d5ae394c] +Signed-off-by: Hitendra Prajapati +--- + epan/column-utils.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/epan/column-utils.c b/epan/column-utils.c +index ad34cff..15e15fc 100644 +--- a/epan/column-utils.c ++++ b/epan/column-utils.c +@@ -577,8 +577,13 @@ col_prepend_fstr(column_info *cinfo, const gint el, const gchar *format, ...) + /* + * Move the fence, unless it's at the beginning of the string. + */ +- if (col_item->col_fence > 0) ++ if (col_item->col_fence > 0) { ++ /* pos >= strlen if truncation occurred; this saves on a strlen ++ * call and prevents adding a single byte character later if a ++ * a multibyte character was truncated (good). */ + col_item->col_fence += (int) strlen(col_item->col_buf); ++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence); ++ } + + g_strlcat(col_item->col_buf, orig, max_len); + col_item->col_data = col_item->col_buf; +@@ -621,11 +626,14 @@ col_prepend_fence_fstr(column_info *cinfo, const gint el, const gchar *format, . + * Move the fence if it exists, else create a new fence at the + * end of the prepended data. + */ +- if (col_item->col_fence > 0) { +- col_item->col_fence += (int) strlen(col_item->col_buf); +- } else { +- col_item->col_fence = (int) strlen(col_item->col_buf); +- } ++ /* pos >= strlen if truncation occurred; this saves on a strlen ++ * call and prevents adding a single byte character later if a ++ * a multibyte character was truncated (good). */ ++ col_item->col_fence += (int) strlen(col_item->col_buf); ++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence); ++ /* ++ * Append the original data. ++ */ + g_strlcat(col_item->col_buf, orig, max_len); + col_item->col_data = col_item->col_buf; + } +-- +2.50.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb index 7502234d47..1e6d764d2a 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb @@ -35,6 +35,7 @@ SRC_URI += " \ file://CVE-2024-8645.patch \ file://CVE-2026-0960.patch \ file://CVE-2025-13945.patch \ + file://CVE-2025-5601.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"