Merge branch 'master' into cve

Conflicts:
	wireshark.spec

CVE-2019-5719.patch

@@ -0,0 +1,92 @@
+From b5b02f2a9b8772d8814096f86c60a32889d61f2c Mon Sep 17 00:00:00 2001
+From: Jaap Keuter <jaap.keuter@xs4all.nl>
+Date: Mon, 24 Dec 2018 23:15:26 +0100
+Subject: [PATCH] ISAKMP: Fix a crash when no decryption data block is there
+
+Don't try to (re)set parameters in a struct when its pointer
+points to NULL.
+
+Bug: 15374
+Change-Id: I953e82795990fde5fce2ad6d955781b372a9e405
+Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
+Reviewed-on: https://code.wireshark.org/review/31189
+Tested-by: Petri Dish Buildbot
+Reviewed-by: Michael Mann <mmann78@netscape.net>
+(cherry picked from commit c9cfae7fecd4bc21b8b4f48328d08e104d47dd52)
+Reviewed-on: https://code.wireshark.org/review/31220
+Petri-Dish: Michael Mann <mmann78@netscape.net>
+---
+ epan/dissectors/packet-isakmp.c | 27 ++++++++++++++-------------
+ 1 file changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c
+index 8b9ba85db5..e134ca8632 100644
+--- a/epan/dissectors/packet-isakmp.c
++++ b/epan/dissectors/packet-isakmp.c
+@@ -3741,8 +3741,7 @@ dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_t
+ 
+ /* Returns the number of bytes consumed by this attribute. */
+ static int
+-dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr
+-)
++dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr)
+ {
+   guint headerlen, value_len, attr_type;
+   proto_item *attr_item;
+@@ -3765,22 +3764,22 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
+     case IKE_ATTR_ENCRYPTION_ALGORITHM:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
+       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d"));
+-      decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
++      if (decr) decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
+       break;
+     case IKE_ATTR_HASH_ALGORITHM:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
+       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d"));
+-      decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
++      if (decr) decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
+       break;
+     case IKE_ATTR_AUTHENTICATION_METHOD:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
+       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
+-      decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
++      if (decr) decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
+       break;
+     case IKE_ATTR_GROUP_DESCRIPTION:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
+       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
+-      decr->group = tvb_get_ntohs(tvb, offset);
++      if (decr) decr->group = tvb_get_ntohs(tvb, offset);
+       break;
+     case IKE_ATTR_GROUP_TYPE:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
+@@ -3814,7 +3813,7 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
+     case IKE_ATTR_KEY_LENGTH:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
+       proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
+-      decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
++      if (decr) decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
+       break;
+     case IKE_ATTR_FIELD_SIZE:
+       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA);
+@@ -3950,12 +3949,14 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro
+     offset += 2;
+ 
+     if (protocol_id == 1 && transform_id == 1) {
+-      /* Allow detection of missing IKE transform attributes:
+-       * Make sure their values are not carried over from another transform
+-       * dissected previously. */
+-      decr->ike_encr_alg = 0;
+-      decr->ike_encr_keylen = 0;
+-      decr->ike_hash_alg = 0;
++      if (decr) {
++        /* Allow detection of missing IKE transform attributes:
++         * Make sure their values are not carried over from another transform
++         * dissected previously. */
++        decr->ike_encr_alg = 0;
++        decr->ike_encr_keylen = 0;
++        decr->ike_hash_alg = 0;
++      }
+       while (offset < offset_end) {
+         offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr);
+       }

wireshark.spec

@@ -1,6 +1,6 @@
 Name:           wireshark
 Version:        2.6.2
-Release:        5
+Release:        6
 Epoch:          1
 Summary:        Network traffic analyzer
 License:        GPL+
@@ -35,6 +35,7 @@ Patch6020:      CVE-2019-10903.patch
 Patch6021:      CVE-2019-10895.patch
 Patch6022:      CVE-2019-5716.patch
 Patch6023:      CVE-2019-5717.patch
+Patch6024:      CVE-2019-5719.patch
 
 Requires(pre):  shadow-utils
 Requires(post): systemd-udev
@@ -141,7 +142,13 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_mandir}/man?/*
 
 %changelog
-* Sun Feb 2 2020 gulining<gulining1@huawei.com> - 2.2.2-5
+* Sun Feb 2 2020 lingyang <lingyang2@huawei.com> - 2.6.2-6
+- Type:cves
+- ID: CVE-2019-5719
+- SUG:restart
+- DESC: fix CVE-2019-5719
+
+* Sun Feb 2 2020 gulining<gulining1@huawei.com> - 2.6.2-5
 - Type:cves
 - ID: CVE-2019-5716 CVE-2019-5717
 - SUG:restart