packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2019-16319

Browse Source
This commit is contained in:
zhanghua1831 2021-01-14 18:28:10 +08:00
parent 7dba72c622
commit 57ce50a346
2 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2019-16319.patch Normal file
View File

@ -0,0 +1,33 @@
From 627917faff4889f763bf8e6570f62d66656047bd Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Wed, 28 Aug 2019 22:27:58 -0400
Subject: [PATCH] Gryphon: Prevent endless loop
Bug: 16020
Change-Id: I59c24d3bdb3f3a85f6e498683594ee12db9642a8
Reviewed-on: https://code.wireshark.org/review/34392
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
plugins/epan/gryphon/packet-gryphon.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/plugins/epan/gryphon/packet-gryphon.c b/plugins/epan/gryphon/packet-gryphon.c
index 82d14eaca4..334c47611a 100644
--- a/plugins/epan/gryphon/packet-gryphon.c
+++ b/plugins/epan/gryphon/packet-gryphon.c
@@ -1193,7 +1193,11 @@ dissect_gryphon_message_with_offset(tvbuff_t *tvb, int offset, packet_info *pinf
* Unknown message type.
*/
proto_tree_add_item(gryphon_tree, hf_gryphon_data, tvb, offset, msglen, ENC_NA);
- offset += msglen;
+ if (msglen != 0) {
+ offset += msglen;
+ } else {
+ offset = tvb_reported_length_remaining(tvb, offset);
+ }
return offset;
}

8
wireshark.spec
View File

@ -1,9 +1,9 @@
Name: wireshark Name: wireshark
Version: 2.6.2 Version: 2.6.2
Release: 15 Release: 16
Epoch: 1 Epoch: 1
Summary: Network traffic analyzer Summary: Network traffic analyzer
License: GPL+ License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD
URL: http://www.wireshark.org/ URL: http://www.wireshark.org/
Source0: https://wireshark.org/download/src/all-versions/%{name}-%{version}.tar.xz Source0: https://wireshark.org/download/src/all-versions/%{name}-%{version}.tar.xz
Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt
@ -47,6 +47,7 @@ Patch6032: wireshark-initialize-point-in-end_string.patch
Patch6033: CVE-2020-28030.patch Patch6033: CVE-2020-28030.patch
Patch6034: CVE-2020-9430-1.patch Patch6034: CVE-2020-9430-1.patch
Patch6035: CVE-2020-9430-2.patch Patch6035: CVE-2020-9430-2.patch
Patch6036: CVE-2019-16319.patch
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires(post): systemd-udev Requires(post): systemd-udev
@ -153,6 +154,9 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/* %{_mandir}/man?/*
%changelog %changelog
* Thu Jan 14 2021 zhanghua <zhanghua40@huawei.com> - 2.6.2-16
- fix CVE-2019-16319
* Wed Dec 16 2020 zhanghua <zhanghua40@huawei.com> - 2.6.2-15 * Wed Dec 16 2020 zhanghua <zhanghua40@huawei.com> - 2.6.2-15
- fix CVE-2020-9430 - fix CVE-2020-9430