helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2025-12-31 13:38:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

wireshark: Backport fix for CVE-2024-2955

Browse Source 
Upstream-Status: Backport [6fd3af5e99]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Ashish Sharma 2024-03-28 16:05:02 +05:30 committed by Armin Kuster
parent 850da18f9c
commit 6e702707c3
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
meta-networking/recipes-support/wireshark/files/CVE-2024-2955.patch Normal file
View File

@ -0,0 +1,52 @@
From 6fd3af5e999c71df67c2cdcefb96d0dc4afa5341 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Wed, 6 Mar 2024 20:40:42 -0500
Subject: [PATCH] t38: Allocate forced defragmented memory in correct scope
Fragment data can't be allocated in pinfo->pool scope, as it
outlives the frame. Set it to be freed when the associated tvb
is freed, as done in the main reassemble.c code.
Fix #19695
CVE: CVE-2024-2955
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
epan/dissectors/asn1/t38/packet-t38-template.c | 3 ++-
epan/dissectors/packet-t38.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/asn1/t38/packet-t38-template.c b/epan/dissectors/asn1/t38/packet-t38-template.c
index 7b856626865..526b313d054 100644
--- a/epan/dissectors/asn1/t38/packet-t38-template.c
+++ b/epan/dissectors/asn1/t38/packet-t38-template.c
@@ -325,8 +325,9 @@ force_reassemble_seq(reassembly_table *table, packet_info *pinfo, guint32 id)
last_fd=fd_i;
}
- data = (guint8 *) wmem_alloc(pinfo->pool, size);
+ data = (guint8 *) g_malloc(size);
fd_head->tvb_data = tvb_new_real_data(data, size, size);
+ tvb_set_free_cb(fd_head->tvb_data, g_free);
fd_head->len = size; /* record size for caller */
/* add all data fragments */
diff --git a/epan/dissectors/packet-t38.c b/epan/dissectors/packet-t38.c
index ca95ae8b64e..5083c936c5a 100644
--- a/epan/dissectors/packet-t38.c
+++ b/epan/dissectors/packet-t38.c
@@ -355,8 +355,9 @@ force_reassemble_seq(reassembly_table *table, packet_info *pinfo, guint32 id)
last_fd=fd_i;
}
- data = (guint8 *) wmem_alloc(pinfo->pool, size);
+ data = (guint8 *) g_malloc(size);
fd_head->tvb_data = tvb_new_real_data(data, size, size);
+ tvb_set_free_cb(fd_head->tvb_data, g_free);
fd_head->len = size; /* record size for caller */
/* add all data fragments */
--
GitLab

1
meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb
View File

@ -24,6 +24,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
file://CVE-2024-0208.patch \
file://CVE-2023-1992.patch \
file://CVE-2023-4511.patch \
file://CVE-2024-2955.patch \
"
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"