packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!19 fix CVE-2018-16056

Browse Source 
From: @wangxiao65
Reviewed-by: @yanzh_h
Signed-off-by: @yanzh_h
This commit is contained in:
openeuler-ci-bot 2020-09-17 11:38:58 +08:00 committed by Gitee
commit ea48230712
2 changed files with 111 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
CVE-2018-16056.patch Normal file
View File

@ -0,0 +1,103 @@
From 10db757c350b5427eb668ad8a20607a9ea28c099 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Sun, 22 Jul 2018 10:18:19 -0700
Subject: [PATCH] Don't assume a given btgatt.uuid0xXXXX dissector exists.
They're not guaranteed to have been registered.
Bug: 14994
Change-Id: I11c2b2d4d8a7dd020a0ef3d700b29b0859bc68ca
Reviewed-on: https://code.wireshark.org/review/28805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit f98fbce64cb230e94a2cafc410a3cedad657b485)
Reviewed-on: https://code.wireshark.org/review/28806
---
epan/dissectors/packet-btatt.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/epan/dissectors/packet-btatt.c b/epan/dissectors/packet-btatt.c
index 803ed14f92..10375c0046 100644
--- a/epan/dissectors/packet-btatt.c
+++ b/epan/dissectors/packet-btatt.c
@@ -4205,6 +4205,19 @@ dissect_handle(proto_tree *tree, packet_info *pinfo, gint hf,
static gint
btatt_dissect_attribute_handle(guint16 handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, btatt_data_t *att_data);
+static int
+btatt_call_dissector_by_dissector_name_with_data(const char *dissector_name,
+ tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
+{
+ dissector_handle_t handle;
+
+ handle = find_dissector(dissector_name);
+ if (handle != NULL)
+ return call_dissector_with_data(handle, tvb, pinfo, tree, data);
+ else
+ return call_data_dissector(tvb, pinfo, tree);
+}
+
static gint
dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *pinfo, tvbuff_t *old_tvb,
gint old_offset, gint length, guint16 handle, bluetooth_uuid_t uuid, btatt_data_t *att_data)
@@ -4728,7 +4741,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
proto_tree_add_item(tree, hf_btatt_value_trigger_setting_analog, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
} else if (value == 4) {
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a56"), tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a56", tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
offset += 1;
} else if (value == 5 || value == 6) {
proto_tree_add_item(tree, hf_btatt_value_trigger_setting_analog_one, tvb, offset, 2, ENC_LITTLE_ENDIAN);
@@ -6443,10 +6456,10 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
if (bluetooth_gatt_has_no_parameter(att_data->opcode))
break;
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a56"), tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a56", tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
offset += 1;
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a58"), tvb_new_subset_length_caplen(tvb, offset, 2, 2), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a58", tvb_new_subset_length_caplen(tvb, offset, 2, 2), pinfo, tree, att_data);
offset += 2;
break;
@@ -6543,7 +6556,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
sub_item = proto_tree_add_item(tree, hf_btatt_plx_spot_check_measurement_timestamp, tvb, offset, 7, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_btatt_value);
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
offset += 7;
}
@@ -9116,7 +9129,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
sub_item = proto_tree_add_item(tree, hf_btatt_ots_object_first_created, tvb, offset, 7, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_btatt_value);
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
offset += 7;
break;
@@ -9135,7 +9148,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
sub_item = proto_tree_add_item(tree, hf_btatt_ots_object_last_modified, tvb, offset, 7, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_btatt_value);
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
offset += 7;
break;
@@ -9342,10 +9355,10 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
break;
case 0x06: /* Created Between */
case 0x07: /* Modified Between */
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
offset += 7;
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
offset += 7;
break;

9
wireshark.spec
View File

@ -1,6 +1,6 @@
Name: wireshark Name: wireshark
Version: 2.6.2 Version: 2.6.2
Release: 10 Release: 11
Epoch: 1 Epoch: 1
Summary: Network traffic analyzer Summary: Network traffic analyzer
License: GPL+ License: GPL+
@ -40,6 +40,7 @@ Patch6025: CVE-2020-11647.patch
Patch6026: fix-hash-table-key-memory-corruption.patch Patch6026: fix-hash-table-key-memory-corruption.patch
Patch6027: CVE-2020-13164.patch Patch6027: CVE-2020-13164.patch
Patch6028: CVE-2020-15466.patch Patch6028: CVE-2020-15466.patch
Patch6029: CVE-2018-16056.patch
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires(post): systemd-udev Requires(post): systemd-udev
@ -146,6 +147,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/* %{_mandir}/man?/*
%changelog %changelog
* Wed Sep 15 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-11
- Type:cves
- ID: CVE-2018-16056
- SUG:restart
- DESC: fix CVE-2018-16056
* Thu Sep 10 2020 baizhonggui <baizhonggui@huawei.com> - 2.6.2-10 * Thu Sep 10 2020 baizhonggui <baizhonggui@huawei.com> - 2.6.2-10
- Modify source0 - Modify source0