Backport patch from the upstream: https://code.wireshark.org/review/gitweb?p=wireshark.git; a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 https://nvd.nist.gov/vuln/detail/CVE-2017-17935
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. Signed-off-by: Zhixiong Chi <zhixiong....@windriver.com> --- .../wireshark/wireshark/CVE-2017-17935.patch | 37 ++++++++++++++++++++++ .../recipes-support/wireshark/wireshark_2.2.10.bb | 4 ++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch diff --git a/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch new file mode 100644 index 000000000..46ad83ea0 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch @@ -0,0 +1,37 @@ +From 137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 Mon Sep 17 00:00:00 2001 +From: Martin Mathieson <martin.r.mathie...@googlemail.com> +Date: Tue, 26 Dec 2017 11:48:04 +0000 +Subject: [PATCH 1/1] potential buffer underflow in File_read_line function in + epan/wslua/wslua_file.c + +Putting up for review, though I am not completely convinced that +file_gets() can return an empty line. + +Bug: 14295 +Change-Id: If36761ea511b66c01a9f167809a218a7eadbfcc5 +Reviewed-on: https://code.wireshark.org/review/24997 +Petri-Dish: Martin Mathieson <martin.r.mathie...@googlemail.com> +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman <a.broma...@gmail.com> + +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi <zhixiong....@windriver.com> +--- + epan/wslua/wslua_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/wslua/wslua_file.c b/epan/wslua/wslua_file.c +index 79bf4f7..73bacc6 100644 +--- a/epan/wslua/wslua_file.c ++++ b/epan/wslua/wslua_file.c +@@ -192,7 +192,7 @@ static int File_read_line(lua_State *L, FILE_T ft) { + length = (gint)(file_tell(ft) - pos_before); + + /* ...but don't want to include newline in line length */ +- if (linebuff[length-1] == '\n') { ++ if (length > 0 && linebuff[length-1] == '\n') { + length--; + /* Nor do we want '\r' (as will be written when log is created on windows) */ + if (length > 0 && linebuff[length - 1] == '\r') { +-- +2.7.4 diff --git a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb index 5358ba07f..e3915d203 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e271234ba1a13c6e512e76b94ac2f77" DEPENDS = "pcre expat glib-2.0 glib-2.0-native" -SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2"; +SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2 \ + file://CVE-2017-17935.patch \ +" PE = "1" -- 2.11.0 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
