packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-26575

Browse Source
This commit is contained in:
wang_yue111 2021-02-08 10:57:43 +08:00
parent 1eef3ede64
commit 51371eb3cb
2 changed files with 69 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2020-26575.patch Normal file
View File

@ -0,0 +1,63 @@
From 3ff940652962c099b73ae3233322b8697b0d10ab Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Fri, 2 Oct 2020 12:42:03 -0700
Subject: [PATCH] FBZERO: Make sure our offset advances.
Make sure our offset advances so that we don't infinitely loop.
Fixes #16887.
---
epan/dissectors/packet-fbzero.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-fbzero.c b/epan/dissectors/packet-fbzero.c
index 16ffb63cf1..132079cfaa 100644
--- a/epan/dissectors/packet-fbzero.c
+++ b/epan/dissectors/packet-fbzero.c
@@ -66,6 +66,7 @@ static gint ett_fb_zero_tag_value = -1;
static expert_field ei_fb_zero_tag_undecoded = EI_INIT;
static expert_field ei_fb_zero_tag_length = EI_INIT;
static expert_field ei_fb_zero_tag_unknown = EI_INIT;
+static expert_field ei_fb_zero_length_invalid = EI_INIT;
#define FBZERO_MIN_LENGTH 3
@@ -261,18 +262,26 @@ dissect_fb_zero_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *fb_zero_tree,
"Dissector for FB Zero Tag"
" %s (%s) code not implemented, Contact"
" Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
- tag_offset += tag_len;
+ goto end;
break;
}
if(tag_offset != offset_end){
/* Wrong Tag len... */
proto_tree_add_expert(tag_tree, pinfo, &ei_fb_zero_tag_unknown, tvb, tag_offset_start + tag_offset, offset_end - tag_offset);
- tag_offset = offset_end;
+ // XXX Return instead?
+ goto end;
}
tag_number--;
}
+
+ end:
+ if (offset + total_tag_len <= offset) {
+ expert_add_info_format(pinfo, fb_zero_tree, &ei_fb_zero_length_invalid,
+ "Invalid total tag length: %u", total_tag_len);
+ return offset + tvb_reported_length_remaining(tvb, offset);
+ }
return offset + total_tag_len;
}
@@ -562,6 +571,7 @@ proto_register_fb_zero(void)
{ &ei_fb_zero_tag_undecoded, { "fb_zero.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for FB Zero Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
{ &ei_fb_zero_tag_length, { "fb_zero.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
{ &ei_fb_zero_tag_unknown, { "fb_zero.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
+ { &ei_fb_zero_length_invalid, { "fb_zero.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid length", EXPFILL }},
};
expert_module_t *expert_fb_zero;
--
GitLab

8
wireshark.spec
View File

@ -1,9 +1,9 @@
Name: wireshark
Version: 2.6.2
Release: 16
Release: 17
Epoch: 1
Summary: Network traffic analyzer
License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD
License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD and ISC
URL: http://www.wireshark.org/
Source0: https://wireshark.org/download/src/all-versions/%{name}-%{version}.tar.xz
Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt
@ -48,6 +48,7 @@ Patch6033: CVE-2020-28030.patch
Patch6034: CVE-2020-9430-1.patch
Patch6035: CVE-2020-9430-2.patch
Patch6036: CVE-2019-16319.patch
Patch6037: CVE-2020-26575.patch
Requires(pre): shadow-utils
Requires(post): systemd-udev
@ -154,6 +155,9 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/*
%changelog
* Mon Feb 08 2021 wangyue <wangyue92@huawei.com> - 2.6.2-17
- fix CVE-2020-26575
* Thu Jan 14 2021 zhanghua <zhanghua40@huawei.com> - 2.6.2-16
- fix CVE-2019-16319