Fix CVE-2023-5371
This commit is contained in:
wk333
parent
6f3894badd
commit
48ab59482a
48
CVE-2023-5371.patch
Normal file
48
CVE-2023-5371.patch
Normal file
@ -0,0 +1,48 @@
|
||||
From 1921740b0bf561941e0906884757831bde989add Mon Sep 17 00:00:00 2001
|
||||
From: John Thacker <johnthacker@gmail.com>
|
||||
Date: Wed, 6 Sep 2023 06:13:23 -0400
|
||||
Subject: [PATCH] RTPS: Check for signed overflow
|
||||
|
||||
Origin: https://gitlab.com/wireshark/wireshark/-/commit/1921740b0bf561941e0906884757831bde989add
|
||||
|
||||
The offset is a signed integer, and we use negative offsets
|
||||
to mean "offset counting from the end of the tvb." That means
|
||||
that we can still have an excessive loop without unsigned overflow
|
||||
or running off the end of the tvb, if the result of adding a large
|
||||
unsigned integer to the offset results in a small negative number.
|
||||
|
||||
Just check if the result of the addition makes the offset move
|
||||
backwards.
|
||||
|
||||
Fix #19322
|
||||
|
||||
(backported from commit 0de07f8fe4f8e06da9084485e64a24c8f85a20f4)
|
||||
---
|
||||
epan/dissectors/packet-rtps.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
|
||||
index 82ac8f9436b..c152d50dfc6 100644
|
||||
--- a/epan/dissectors/packet-rtps.c
|
||||
+++ b/epan/dissectors/packet-rtps.c
|
||||
@@ -2474,13 +2474,14 @@ static const fragment_items rtps_frag_items = {
|
||||
"RTPS fragments"
|
||||
};
|
||||
|
||||
-static guint32 check_offset_addition(guint32 offset, guint32 value, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
|
||||
+static gint check_offset_addition(gint offset, guint32 value, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb)
|
||||
{
|
||||
- if (offset > G_MAXUINT32 - value) {
|
||||
+ gint new_offset = offset + (gint)value;
|
||||
+ if (new_offset < offset) {
|
||||
proto_tree_add_expert_format(tree, pinfo, &ei_rtps_value_too_large, tvb, 0, 0, "Offset value too large: %u", value);
|
||||
THROW(ReportedBoundsError);
|
||||
}
|
||||
- return offset + value;
|
||||
+ return new_offset;
|
||||
}
|
||||
|
||||
static void rtps_util_dissect_parameter_header(tvbuff_t * tvb, gint * offset,
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
Summary: Network traffic analyzer
|
||||
Name: wireshark
|
||||
Version: 3.6.14
|
||||
Release: 3
|
||||
Release: 4
|
||||
Epoch: 1
|
||||
License: GPL+
|
||||
Url: http://www.wireshark.org/
|
||||
@ -27,6 +27,7 @@ Patch10: CVE-2023-2906.patch
|
||||
Patch11: CVE-2023-4513-1.patch
|
||||
Patch12: CVE-2023-4513-2.patch
|
||||
Patch13: CVE-2023-4511.patch
|
||||
Patch14: CVE-2023-5371.patch
|
||||
|
||||
Requires: xdg-utils
|
||||
Requires: hicolor-icon-theme
|
||||
@ -201,6 +202,9 @@ exit 0
|
||||
%{_mandir}/man?/*
|
||||
|
||||
%changelog
|
||||
* Sat Oct 07 2023 wangkai <13474090681@163.com> - 1:3.6.14-4
|
||||
- Fix CVE-2023-5371
|
||||
|
||||
* Wed Sep 06 2023 wangkai <13474090681@163.com> - 1:3.6.14-3
|
||||
- Fix CVE-2023-3649,CVE-2023-2906,CVE-2023-4511,CVE-2023-4513
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user