packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!229 Fix CVE-2024-8645

Browse Source 
From: @starlet-dx 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-10-09 07:13:09 +00:00 committed by Gitee
commit 0452b133a6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
CVE-2024-8645.patch Normal file
View File

@ -0,0 +1,87 @@
From cc67f836c01b6f55f2ff70aa4df44a1b934d7404 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Wed, 29 May 2024 14:23:04 +0000
Subject: [PATCH] SPRT: Fix crash
SDP can setup a RTP conversation with a setup frame before the current
frame, which changes the dissection on the second pass. If in the period
in the middle there is a SPRT packet, it can be dissected differently on
the second pass, and the SPRT conversation data won't be found on the
second pass.
Fix #19559 (at least prevent the crash. There's some more cleanup that
should happen.)
(cherry picked from commit 05f6364cbd766e8758f98c5ee2070aef27c1ffef)
Co-authored-by: John Thacker <johnthacker@gmail.com>
---
epan/dissectors/packet-rtp.c | 3 +++
epan/dissectors/packet-sprt.c | 29 +++++++++++++++++------------
2 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/epan/dissectors/packet-rtp.c b/epan/dissectors/packet-rtp.c
index 9731e03..6ec8f6f 100644
--- a/epan/dissectors/packet-rtp.c
+++ b/epan/dissectors/packet-rtp.c
@@ -1097,6 +1097,9 @@ srtp_add_address(packet_info *pinfo, const port_type ptype, address *addr, int p
* If not, create a new conversation.
*/
if (!p_conv || p_conv->setup_frame != setup_frame_number) {
+ /* XXX - If setup_frame_number < pinfo->num, creating this conversation
+ * can mean that the dissection is different on later passes.
+ */
p_conv = conversation_new(setup_frame_number, addr, &null_addr, conversation_pt_to_endpoint_type(ptype),
(guint32)port, (guint32)other_port,
NO_ADDR2 | (!other_port ? NO_PORT2 : 0));
diff --git a/epan/dissectors/packet-sprt.c b/epan/dissectors/packet-sprt.c
index 87e543c..568d242 100644
--- a/epan/dissectors/packet-sprt.c
+++ b/epan/dissectors/packet-sprt.c
@@ -1341,6 +1341,23 @@ dissect_sprt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
/*guint16 tcn;*/
/*guint16 sqn;*/
+ /* Get conversation data, or create it if not found */
+ p_conv_data = find_sprt_conversation_data(pinfo);
+ if (!p_conv_data)
+ {
+ sprt_add_address(pinfo,
+ &pinfo->src, pinfo->srcport,
+ 0,
+ "SPRT stream",
+ pinfo->num);
+ p_conv_data = find_sprt_conversation_data(pinfo);
+ if (!p_conv_data) {
+ // This shouldn't happen; likely a new RTP conversation was set up
+ // after this frame but with a setup frame before this one.
+ return 0;
+ }
+ }
+
/* Make entries in Protocol column and Info column on summary display */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SPRT");
col_clear(pinfo->cinfo, COL_INFO);
@@ -1395,18 +1412,6 @@ dissect_sprt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_
noa = (tvb_get_ntohs(tvb, offset + 4) & 0xC000) >> 14;
- /* Get conversation data, or create it if not found */
- p_conv_data = find_sprt_conversation_data(pinfo);
- if (!p_conv_data)
- {
- sprt_add_address(pinfo,
- &pinfo->src, pinfo->srcport,
- 0,
- "SPRT stream",
- pinfo->num);
- p_conv_data = find_sprt_conversation_data(pinfo);
- }
-
proto_tree_add_item(sprt_tree, hf_sprt_header_extension_bit, tvb, offset, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(sprt_tree, hf_sprt_subsession_id, tvb, offset, 1, ENC_BIG_ENDIAN);
offset++;
--
2.46.2

6
wireshark.spec
View File

@ -5,7 +5,7 @@
Summary: Network traffic analyzer
Name: wireshark
Version: 3.6.14
Release: 11
Release: 12
Epoch: 1
License: GPL+
Url: http://www.wireshark.org/
@ -40,6 +40,7 @@ Patch21: CVE-2024-4854.patch
Patch22: CVE-2024-4855.patch
Patch23: CVE-2024-8250.patch
Patch24: CVE-2024-24476.patch
Patch25: CVE-2024-8645.patch
Requires: xdg-utils
Requires: hicolor-icon-theme
@ -214,6 +215,9 @@ exit 0
%{_mandir}/man?/*
%changelog
* Wed Oct 09 2024 yaoxin <yao_xin001@hoperun.com> - 1:3.6.14-12
- Fix CVE-2024-8645
* Mon Oct 07 2024 liningjie <liningjie@xfusion.com> - 1:3.6.14-11
- Fix CVE-2024-24476