packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-28030

Browse Source
This commit is contained in:
wangxiao65 2020-12-07 17:23:17 +08:00
parent 60580306ed
commit 4faaa5952b
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2020-28030.patch Normal file
View File

@ -0,0 +1,55 @@
From b287e7165e8aa89cde6ae37e7c257c5d87d16b9b Mon Sep 17 00:00:00 2001
From: Richard Smith <pcy190@126.com>
Date: Sat, 10 Oct 2020 18:25:57 +0800
Subject: [PATCH] GQUIC: make sure our tag offset advances.
Make sure gquic tag offset advances so that we don't infinitely loop.
---
epan/dissectors/packet-gquic.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-gquic.c b/epan/dissectors/packet-gquic.c
index fc13912848..f6728d2524 100644
--- a/epan/dissectors/packet-gquic.c
+++ b/epan/dissectors/packet-gquic.c
@@ -185,6 +185,7 @@ static expert_field ei_gquic_tag_undecod
static expert_field ei_gquic_tag_length = EI_INIT;
static expert_field ei_gquic_tag_unknown = EI_INIT;
static expert_field ei_gquic_version_invalid = EI_INIT;
+static expert_field ei_gquic_length_invalid = EI_INIT;
typedef struct gquic_info_data {
guint8 version;
@@ -1608,7 +1609,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_
"Dissector for (Google) QUIC Tag"
" %s (%s) code not implemented, Contact"
" Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
- tag_offset += tag_len;
+ goto end;
break;
}
if(tag_offset != offset_end){
@@ -1619,6 +1620,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_
tag_number--;
}
+
+ end:
+ if (offset + total_tag_len <= offset) {
+ expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid,
+ "Invalid total tag length: %u", total_tag_len);
+ return offset + tvb_reported_length_remaining(tvb, offset);
+ }
return offset + total_tag_len;
}
@@ -2880,7 +2888,8 @@ proto_register_gquic(void)
{ &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
{ &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
{ &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
- { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}
+ { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }},
+ { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}
};
expert_module_t *expert_gquic;

7
wireshark.spec
View File

@ -1,6 +1,6 @@
Name: wireshark
Version: 2.6.2
Release: 13
Release: 14
Epoch: 1
Summary: Network traffic analyzer
License: GPL+
@ -44,6 +44,7 @@ Patch6029: CVE-2018-16056.patch
Patch6030: CVE-2020-25862.patch
Patch6031: CVE-2020-25863.patch
Patch6032: wireshark-initialize-point-in-end_string.patch
Patch6033: CVE-2020-28030.patch
Requires(pre): shadow-utils
Requires(post): systemd-udev
@ -150,6 +151,10 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/*
%changelog
* Mon Nov 07 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-14
- fix CVE-2020-28030
malformed packet on wire could make GQUIC protocol dissector loop
* Mon Nov 02 2020 lingsheng <lingsheng@huawei.com> - 2.6.2-13
- Fix use-of-uninitialized-value in end_string