helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch
Hitendra Prajapati 2fd8d7e485 wireshark: fix CVE-2025-5601 
Pick patch from [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-5601
[2] https://gitlab.com/wireshark/wireshark/-/issues/20509

More details :
https://nvd.nist.gov/vuln/detail/CVE-2025-5601

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-03-25 08:41:41 +01:00

69 lines
2.7 KiB
Diff
Raw Blame History

From 8c186dbb381cf51064fa8dbff7953468d5ae394c Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sat, 26 Apr 2025 10:01:19 +0000
Subject: [PATCH] column: Do not allow fence to go beyond column size when
prepending
When moving the fence location forward when prepending, ensure
that it does not go past the end of the buffer.
Also get rid of unnecessary branching and strlen calls.
Fix #20509
(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0)
Co-authored-by: John Thacker <johnthacker@gmail.com>
origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c
CVE: CVE-2025-5601
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/8c186dbb381cf51064fa8dbff7953468d5ae394c]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
epan/column-utils.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/epan/column-utils.c b/epan/column-utils.c
index ad34cff..15e15fc 100644
--- a/epan/column-utils.c
+++ b/epan/column-utils.c
@@ -577,8 +577,13 @@ col_prepend_fstr(column_info *cinfo, const gint el, const gchar *format, ...)
/*
* Move the fence, unless it's at the beginning of the string.
*/
- if (col_item->col_fence > 0)
+ if (col_item->col_fence > 0) {
+ /* pos >= strlen if truncation occurred; this saves on a strlen
+ * call and prevents adding a single byte character later if a
+ * a multibyte character was truncated (good). */
col_item->col_fence += (int) strlen(col_item->col_buf);
+ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
+ }
g_strlcat(col_item->col_buf, orig, max_len);
col_item->col_data = col_item->col_buf;
@@ -621,11 +626,14 @@ col_prepend_fence_fstr(column_info *cinfo, const gint el, const gchar *format, .
* Move the fence if it exists, else create a new fence at the
* end of the prepended data.
*/
- if (col_item->col_fence > 0) {
- col_item->col_fence += (int) strlen(col_item->col_buf);
- } else {
- col_item->col_fence = (int) strlen(col_item->col_buf);
- }
+ /* pos >= strlen if truncation occurred; this saves on a strlen
+ * call and prevents adding a single byte character later if a
+ * a multibyte character was truncated (good). */
+ col_item->col_fence += (int) strlen(col_item->col_buf);
+ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
+ /*
+ * Append the original data.
+ */
g_strlcat(col_item->col_buf, orig, max_len);
col_item->col_data = col_item->col_buf;
}
--
2.50.1
Reference in New Issue View Git Blame Copy Permalink