packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2019-12295

Browse Source
This commit is contained in:
wang_yue111 2021-07-27 18:23:17 +08:00
parent 98b8c52ea6
commit 9da19e7dfc
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2019-12295.patch Normal file
View File

@ -0,0 +1,54 @@
From be9bdfda02a2498c6f65122d80e3a8b4235dc7f5 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 21 May 2019 10:41:41 -0700
Subject: [PATCH] Add dissection recursion checks.
Enforce a maximum layer limit in call_dissector_work and
dissector_try_heuristic.
Bug: 15778
Change-Id: I691868e980384b76a64f88de4db5bb7340a7c4aa
Reviewed-on: https://code.wireshark.org/review/33301
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/packet.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/epan/packet.c b/epan/packet.c
index 62b102da33e..f44809a27e8 100644
--- a/epan/packet.c
+++ b/epan/packet.c
@@ -729,6 +729,13 @@ static int
call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
packet_info *pinfo_arg, proto_tree *tree, void *);
+/*
+ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
+ * 100 elsewhere in the code. We should arguably use the same value here,
+ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
+ */
+#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
+
static int
call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
proto_tree *tree, gboolean add_proto_name, void *data)
@@ -751,6 +758,7 @@ call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo
saved_proto = pinfo->current_proto;
saved_can_desegment = pinfo->can_desegment;
saved_layers_len = wmem_list_count(pinfo->layers);
+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
/*
* can_desegment is set to 2 by anyone which offers the
@@ -2724,6 +2732,8 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
saved_layers_len = wmem_list_count(pinfo->layers);
*heur_dtbl_entry = NULL;
+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
+
for (entry = sub_dissectors->dissectors; entry != NULL;
entry = g_slist_next(entry)) {
/* XXX - why set this now and above? */

6
wireshark.spec
View File

@ -1,6 +1,6 @@
Name: wireshark
Version: 2.6.2
Release: 19
Release: 20
Epoch: 1
Summary: Network traffic analyzer
License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD and ISC
@ -59,6 +59,7 @@ Patch6039: CVE-2019-19553.patch
Patch6040: CVE-2020-9428-pre.patch
Patch6041: CVE-2020-9428.patch
Patch6042: CVE-2020-9431.patch
Patch6043: CVE-2019-12295.patch
Requires(pre): shadow-utils
Requires(post): systemd-udev
@ -165,6 +166,9 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/*
%changelog
* Tue Jul 27 2021 wangyue <wangyue92@huawei.com> - 2.6.2-20
- fix CVE-2019-12295
* Tue Jul 27 2021 lingsheng <lingsheng@huawei.com> - 2.6.2-19
- Move headers outside extern C to fix build fail