diff --git a/meta-networking/recipes-support/wireshark/files/0001-column-Do-not-allow-fence-to-go-beyond-column-size-w.patch b/meta-networking/recipes-support/wireshark/files/0001-column-Do-not-allow-fence-to-go-beyond-column-size-w.patch new file mode 100644 index 0000000000..0dbb0c2aa6 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/0001-column-Do-not-allow-fence-to-go-beyond-column-size-w.patch @@ -0,0 +1,61 @@ +From ab395bb857bef8f06ed60eb6a4e091785c38dced Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sat, 26 Apr 2025 10:01:19 +0000 +Subject: [PATCH] column: Do not allow fence to go beyond column size when + prepending + +When moving the fence location forward when prepending, ensure +that it does not go past the end of the buffer. + +Also get rid of unnecessary branching and strlen calls. + +Fix #20509 + +(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0) + +CVE: CVE-2025-5601 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/merge_requests/19684/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c] + +Co-authored-by: John Thacker +Signed-off-by: Gyorgy Sarvari +--- + epan/column-utils.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/epan/column-utils.c b/epan/column-utils.c +index 5e5b298..4ebd2b1 100644 +--- a/epan/column-utils.c ++++ b/epan/column-utils.c +@@ -646,8 +646,13 @@ col_prepend_fstr(column_info *cinfo, const gint el, const gchar *format, ...) + /* + * Move the fence, unless it's at the beginning of the string. + */ +- if (col_item->col_fence > 0) +- col_item->col_fence += (int) strlen(col_item->col_buf); ++ if (col_item->col_fence > 0) { ++ /* pos >= strlen if truncation occurred; this saves on a strlen ++ * call and prevents adding a single byte character later if a ++ * a multibyte character was truncated (good). */ ++ col_item->col_fence += (int) pos; ++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence); ++ } + + /* + * Append the original data. +@@ -699,11 +704,11 @@ col_prepend_fence_fstr(column_info *cinfo, const gint el, const gchar *format, . + * Move the fence if it exists, else create a new fence at the + * end of the prepended data. + */ +- if (col_item->col_fence > 0) { +- col_item->col_fence += (int) strlen(col_item->col_buf); +- } else { +- col_item->col_fence = (int) strlen(col_item->col_buf); +- } ++ /* pos >= strlen if truncation occurred; this saves on a strlen ++ * call and prevents adding a single byte character later if a ++ * a multibyte character was truncated (good). */ ++ col_item->col_fence += (int) pos; ++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence); + /* + * Append the original data. + */ diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.11.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.11.bb index 62aec8f732..d0bc92ff05 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.11.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.11.bb @@ -13,6 +13,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://0002-flex-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ + file://0001-column-Do-not-allow-fence-to-go-beyond-column-size-w.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"