!7 fix CVE-2019-5716 CVE-2019-5717
Merge pull request !7 from gu-gu-gu/gu
This commit is contained in:
openeuler-ci-bot
Gitee
commit
d68bf7cd56
45
CVE-2019-5716.patch
Normal file
45
CVE-2019-5716.patch
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
From 2b2eea1793dbff813896e1ae9dff1bedb39ee010 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
||||||
|
Date: Wed, 2 Jan 2019 16:45:05 -0500
|
||||||
|
Subject: [PATCH] 6lowpan: don't try to use (new) TVB that wasn't created.
|
||||||
|
|
||||||
|
If the IPHC TVB wasn't created then bail out of dissection before trying
|
||||||
|
to use it.
|
||||||
|
|
||||||
|
Bug: 15217
|
||||||
|
Change-Id: I6e297590cdf86e13b0185f75f1d409888f2498d8
|
||||||
|
Reviewed-on: https://code.wireshark.org/review/31308
|
||||||
|
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
||||||
|
Tested-by: Petri Dish Buildbot
|
||||||
|
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
||||||
|
(cherry picked from commit 62e81562e4e3a33dad705b1b66a3407afbde3242)
|
||||||
|
Reviewed-on: https://code.wireshark.org/review/31311
|
||||||
|
Petri-Dish: Michael Mann <mmann78@netscape.net>
|
||||||
|
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
||||||
|
---
|
||||||
|
epan/dissectors/packet-6lowpan.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/epan/dissectors/packet-6lowpan.c b/epan/dissectors/packet-6lowpan.c
|
||||||
|
index 6ac3a63..7daa8e8 100644
|
||||||
|
--- a/epan/dissectors/packet-6lowpan.c
|
||||||
|
+++ b/epan/dissectors/packet-6lowpan.c
|
||||||
|
@@ -1218,6 +1218,7 @@ dissect_6lowpan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
|
||||||
|
next = dissect_6lowpan_6loRH(next, offset, lowpan_tree);
|
||||||
|
if (tvb_get_bits8(next, 0, LOWPAN_PATTERN_IPHC_BITS) == LOWPAN_PATTERN_IPHC) {
|
||||||
|
next = dissect_6lowpan_iphc(next, pinfo, lowpan_tree, -1, src_iid, dst_iid);
|
||||||
|
+ if (!next) return tvb_captured_length(tvb);
|
||||||
|
}
|
||||||
|
if (tvb_get_bits8(next, 0, LOWPAN_PATTERN_HC1_BITS) == LOWPAN_PATTERN_HC1) {
|
||||||
|
next = dissect_6lowpan_hc1(next, pinfo, lowpan_tree, -1, src_iid, dst_iid);
|
||||||
|
@@ -1816,7 +1817,7 @@ dissect_6lowpan_hc1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint dg
|
||||||
|
* siid ; Source Interface ID.
|
||||||
|
* diid ; Destination Interface ID.
|
||||||
|
* RETURNS
|
||||||
|
- * tvbuff_t * ; The remaining payload to be parsed.
|
||||||
|
+ * tvbuff_t * ; The remaining payload to be parsed or NULL on error.
|
||||||
|
*---------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
static tvbuff_t *
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
70
CVE-2019-5717.patch
Normal file
70
CVE-2019-5717.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From bf9272a92f3df1e4ccfaad434e123222ae5313f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?utf8?q?Stig=20Bj=C3=B8rlykke?= <stig@bjorlykke.org>
|
||||||
|
Date: Sun, 9 Dec 2018 21:54:18 +0100
|
||||||
|
Subject: [PATCH] p_mul: Detect Data PDU sequence number 0
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=utf8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Data PDU sequence number 0 is illegal, add an expert info for this.
|
||||||
|
Don't include this packet in SEQ/ACK analysis.
|
||||||
|
|
||||||
|
Bug: 15337
|
||||||
|
Change-Id: I476088531e8a3605393ee1dedf1e8b159dac342b
|
||||||
|
Reviewed-on: https://code.wireshark.org/review/30980
|
||||||
|
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
|
||||||
|
Tested-by: Petri Dish Buildbot
|
||||||
|
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
||||||
|
(cherry picked from commit 3cccd4ec5b922e79afd134db4f0c9acb10bf7202)
|
||||||
|
Reviewed-on: https://code.wireshark.org/review/30987
|
||||||
|
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
||||||
|
---
|
||||||
|
epan/dissectors/packet-p_mul.c | 12 +++++++++++-
|
||||||
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/epan/dissectors/packet-p_mul.c b/epan/dissectors/packet-p_mul.c
|
||||||
|
index 35edde7..2dd6f15 100644
|
||||||
|
--- a/epan/dissectors/packet-p_mul.c
|
||||||
|
+++ b/epan/dissectors/packet-p_mul.c
|
||||||
|
@@ -163,6 +163,7 @@ static gint ett_msg_fragments = -1;
|
||||||
|
|
||||||
|
static expert_field ei_more_data = EI_INIT;
|
||||||
|
static expert_field ei_checksum_bad = EI_INIT;
|
||||||
|
+static expert_field ei_illegal_seq_no = EI_INIT;
|
||||||
|
static expert_field ei_tot_miss_seq_no = EI_INIT;
|
||||||
|
static expert_field ei_miss_seq_no = EI_INIT;
|
||||||
|
static expert_field ei_analysis_ack_missing = EI_INIT;
|
||||||
|
@@ -368,6 +369,11 @@ static p_mul_seq_val *register_p_mul_id (packet_info *pinfo, address *addr, guin
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (pdu_type == Data_PDU && seq_no == 0) {
|
||||||
|
+ /* Illegal sequence number for Data PDU */
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
nstime_set_zero(&addr_time);
|
||||||
|
nstime_set_zero(&prev_time);
|
||||||
|
|
||||||
|
@@ -877,7 +883,10 @@ static int dissect_p_mul (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, v
|
||||||
|
case Data_PDU:
|
||||||
|
/* Sequence Number of PDUs */
|
||||||
|
seq_no = tvb_get_ntohs (tvb, offset);
|
||||||
|
- proto_tree_add_item (p_mul_tree, hf_seq_no, tvb, offset, 2, ENC_BIG_ENDIAN);
|
||||||
|
+ en = proto_tree_add_item (p_mul_tree, hf_seq_no, tvb, offset, 2, ENC_BIG_ENDIAN);
|
||||||
|
+ if (seq_no == 0) {
|
||||||
|
+ expert_add_info(pinfo, en, &ei_illegal_seq_no);
|
||||||
|
+ }
|
||||||
|
proto_item_append_text (ti, ", Seq no: %u", seq_no);
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -1548,6 +1557,7 @@ void proto_register_p_mul (void)
|
||||||
|
{ &ei_miss_seq_range, { "p_mul.missing_seq_range.invalid", PI_UNDECODED, PI_WARN, "Invalid missing sequence range", EXPFILL }},
|
||||||
|
{ &ei_miss_seq_no, { "p_mul.missing_seq_no.invalid", PI_UNDECODED, PI_WARN, "Invalid missing seq number", EXPFILL }},
|
||||||
|
{ &ei_tot_miss_seq_no, { "p_mul.no_missing_seq_no.expert", PI_RESPONSE_CODE, PI_NOTE, "Missing seq numbers", EXPFILL }},
|
||||||
|
+ { &ei_illegal_seq_no, { "p_mul.seq_no.illegal", PI_PROTOCOL, PI_WARN, "Illegal seq number", EXPFILL }},
|
||||||
|
{ &ei_length, { "p_mul.length.invalid", PI_MALFORMED, PI_WARN, "Incorrect length field", EXPFILL }},
|
||||||
|
{ &ei_more_data, { "p_mul.more_data", PI_MALFORMED, PI_WARN, "More data in packet", EXPFILL }},
|
||||||
|
};
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: wireshark
|
Name: wireshark
|
||||||
Version: 2.6.2
|
Version: 2.6.2
|
||||||
Release: 4
|
Release: 5
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: Network traffic analyzer
|
Summary: Network traffic analyzer
|
||||||
License: GPL+
|
License: GPL+
|
||||||
@ -33,6 +33,8 @@ Patch6018: CVE-2019-10899.patch
|
|||||||
Patch6019: CVE-2019-10901.patch
|
Patch6019: CVE-2019-10901.patch
|
||||||
Patch6020: CVE-2019-10903.patch
|
Patch6020: CVE-2019-10903.patch
|
||||||
Patch6021: CVE-2019-10895.patch
|
Patch6021: CVE-2019-10895.patch
|
||||||
|
Patch6022: CVE-2019-5716.patch
|
||||||
|
Patch6023: CVE-2019-5717.patch
|
||||||
|
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires(post): systemd-udev
|
Requires(post): systemd-udev
|
||||||
@ -139,6 +141,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon
|
|||||||
%{_mandir}/man?/*
|
%{_mandir}/man?/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Feb 2 2020 gulining<gulining1@huawei.com> - 2.2.2-5
|
||||||
|
- Type:cves
|
||||||
|
- ID: CVE-2019-5716 CVE-2019-5717
|
||||||
|
- SUG:restart
|
||||||
|
- DESC: fix CVE-2019-5716 CVE-2019-5717
|
||||||
|
|
||||||
* Wed Dec 25 2019 gulining <gulining1@huawei.com> - 2.6.2-4
|
* Wed Dec 25 2019 gulining <gulining1@huawei.com> - 2.6.2-4
|
||||||
- Type:cves
|
- Type:cves
|
||||||
- ID: CVE-2019-10894 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-10895
|
- ID: CVE-2019-10894 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-10895
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user