From: Jiaying Song <[email protected]> Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
References: https://nvd.nist.gov/vuln/detail/CVE-2023-43279 Upstream patches: https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 Signed-off-by: Jiaying Song <[email protected]> --- .../tcpreplay/tcpreplay/CVE-2023-43279.patch | 39 +++++++++++++++++++ .../tcpreplay/tcpreplay_4.4.4.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch new file mode 100644 index 000000000..45581268c --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch @@ -0,0 +1,39 @@ +From 3164a75f2660a5c3537feff9fd8751346cf5ca57 Mon Sep 17 00:00:00 2001 +From: Gabriel Ganne <[email protected]> +Date: Sun, 21 Jan 2024 09:16:38 +0100 +Subject: [PATCH] add check for empty cidr + +This causes tcprewrite to exit with an error instead of crashing. + +Fixes: #824 + +Upstream-Status: Backport +CVE: CVE-2023-43279 + +Reference to upstream patch: +https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 + +Signed-off-by: Gabriel Ganne <[email protected]> +Signed-off-by: Jiaying Song <[email protected]> +--- + src/common/cidr.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/common/cidr.c b/src/common/cidr.c +index 687fd04..9afbfec 100644 +--- a/src/common/cidr.c ++++ b/src/common/cidr.c +@@ -249,6 +249,10 @@ parse_cidr(tcpr_cidr_t **cidrdata, char *cidrin, char *delim) + char *network; + char *token = NULL; + ++ if (cidrin == NULL) { ++ errx(-1, "%s", "Unable to parse empty CIDR"); ++ } ++ + mask_cidr6(&cidrin, delim); + + /* first iteration of input using strtok */ +-- +2.25.1 + diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb index 16cff2f0e..03a6cfdba 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb @@ -12,6 +12,7 @@ SRC_URI = "https://github.com/appneta/${BPN}/releases/download/v${PV}/${BP}.tar. file://0001-configure.ac-unify-search-dirs-for-pcap-and-add-lib3.patch \ file://0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch \ file://CVE-2023-4256.patch \ + file://CVE-2023-43279.patch \ " SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#113733): https://lists.openembedded.org/g/openembedded-devel/message/113733 Mute This Topic: https://lists.openembedded.org/mt/109421286/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
