Fix CVE-2023-0666
(cherry picked from commit 95c92004661f92d42fc98ca4bfcc635d10207df6)
This commit is contained in:
starlet-dx
openeuler-sync-bot
parent
7a4926f465
commit
f072a5bd6d
116
CVE-2023-0666.patch
Normal file
116
CVE-2023-0666.patch
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
From 28fdce547c417b868c521f87fb58f71ca6b1e3f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gerald Combs <gerald@wireshark.org>
|
||||||
|
Date: Thu, 18 May 2023 13:52:48 -0700
|
||||||
|
Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
|
||||||
|
|
||||||
|
Use the proper dest_size in various g_strlcpy calls.
|
||||||
|
|
||||||
|
Fixes #19085
|
||||||
|
---
|
||||||
|
epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
|
||||||
|
1 file changed, 11 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
|
||||||
|
index c152d50..f4da449 100644
|
||||||
|
--- a/epan/dissectors/packet-rtps.c
|
||||||
|
+++ b/epan/dissectors/packet-rtps.c
|
||||||
|
@@ -4487,7 +4487,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
||||||
|
++tk_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
- (void) g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
|
||||||
|
+ (void) g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
|
||||||
|
|
||||||
|
/* Structure of the typecode data:
|
||||||
|
*
|
||||||
|
@@ -4658,7 +4658,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
||||||
|
member_name, -1, NULL, ndds_40_hack);
|
||||||
|
}
|
||||||
|
/* Finally prints the name of the struct (if provided) */
|
||||||
|
- (void) g_strlcpy(type_name, "}", 40);
|
||||||
|
+ (void) g_strlcpy(type_name, "}", sizeof(type_name));
|
||||||
|
break;
|
||||||
|
|
||||||
|
} /* end of case UNION */
|
||||||
|
@@ -4829,7 +4829,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Finally prints the name of the struct (if provided) */
|
||||||
|
- (void) g_strlcpy(type_name, "}", 40);
|
||||||
|
+ (void) g_strlcpy(type_name, "}", sizeof(type_name));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -4921,7 +4921,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
||||||
|
offset += 4;
|
||||||
|
alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
|
||||||
|
offset = check_offset_addition(offset, alias_name_length, tree, NULL, tvb);
|
||||||
|
- (void) g_strlcpy(type_name, alias_name, 40);
|
||||||
|
+ (void) g_strlcpy(type_name, alias_name, sizeof(type_name));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -4956,7 +4956,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
|
||||||
|
if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
|
||||||
|
type_id_name = "valueparam";
|
||||||
|
}
|
||||||
|
- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
|
||||||
|
+ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} /* switch(tk_id) */
|
||||||
|
@@ -5120,7 +5120,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
|
||||||
|
long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
|
||||||
|
name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
|
||||||
|
if (info)
|
||||||
|
- (void) g_strlcpy(info->member_name, name, long_number);
|
||||||
|
+ (void) g_strlcpy(info->member_name, name, sizeof(info->member_name));
|
||||||
|
|
||||||
|
proto_item_append_text(tree, " %s", name);
|
||||||
|
offset = check_offset_addition(offset, member_length, tree, NULL, tvb);
|
||||||
|
@@ -5296,13 +5296,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
|
||||||
|
proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
|
||||||
|
if (member_object) {
|
||||||
|
member_object->member_id = member_id;
|
||||||
|
- (void) g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
|
||||||
|
+ (void) g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
|
||||||
|
member_object->type_id = member_type_id;
|
||||||
|
}
|
||||||
|
if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
|
||||||
|
mutable_member_mapping * mutable_mapping = NULL;
|
||||||
|
mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
|
||||||
|
- (void) g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
|
||||||
|
+ (void) g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
|
||||||
|
mutable_mapping->struct_type_id = info->type_id;
|
||||||
|
mutable_mapping->member_type_id = member_type_id;
|
||||||
|
mutable_mapping->member_id = member_id;
|
||||||
|
@@ -5357,7 +5357,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
|
||||||
|
union_member_mapping * mapping = NULL;
|
||||||
|
|
||||||
|
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
|
||||||
|
- (void) g_strlcpy(mapping->member_name, object.member_name, 256);
|
||||||
|
+ (void) g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
|
||||||
|
mapping->member_type_id = object.type_id;
|
||||||
|
mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
|
||||||
|
mapping->union_type_id = union_type_id + mapping->discriminator;
|
||||||
|
@@ -5370,7 +5370,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
|
||||||
|
union_member_mapping * mapping = NULL;
|
||||||
|
|
||||||
|
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
|
||||||
|
- (void) g_strlcpy(mapping->member_name, object.member_name, 256);
|
||||||
|
+ (void) g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
|
||||||
|
mapping->member_type_id = object.type_id;
|
||||||
|
mapping->discriminator = -1;
|
||||||
|
mapping->union_type_id = union_type_id + mapping->discriminator;
|
||||||
|
@@ -5390,7 +5390,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
|
||||||
|
ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
|
||||||
|
offset_tmp += 4;
|
||||||
|
|
||||||
|
- (void) g_strlcpy(mapping->member_name, object.member_name, 256);
|
||||||
|
+ (void) g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
|
||||||
|
mapping->member_type_id = object.type_id;
|
||||||
|
mapping->discriminator = discriminator_case;
|
||||||
|
mapping->union_type_id = union_type_id + discriminator_case;
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -5,7 +5,7 @@
|
|||||||
Summary: Network traffic analyzer
|
Summary: Network traffic analyzer
|
||||||
Name: wireshark
|
Name: wireshark
|
||||||
Version: 3.6.14
|
Version: 3.6.14
|
||||||
Release: 7
|
Release: 8
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
License: GPL+
|
License: GPL+
|
||||||
Url: http://www.wireshark.org/
|
Url: http://www.wireshark.org/
|
||||||
@ -33,6 +33,8 @@ Patch15: CVE-2023-6175.patch
|
|||||||
Patch16: Fix-libvirt-build-fail.patch
|
Patch16: Fix-libvirt-build-fail.patch
|
||||||
Patch17: CVE-2024-0208.patch
|
Patch17: CVE-2024-0208.patch
|
||||||
Patch18: CVE-2024-0209.patch
|
Patch18: CVE-2024-0209.patch
|
||||||
|
# https://gitlab.com/wireshark/wireshark/-/commit/28fdce547c417b868c521f87fb58f71ca6b1e3f7
|
||||||
|
Patch19: CVE-2023-0666.patch
|
||||||
|
|
||||||
Requires: xdg-utils
|
Requires: xdg-utils
|
||||||
Requires: hicolor-icon-theme
|
Requires: hicolor-icon-theme
|
||||||
@ -207,6 +209,9 @@ exit 0
|
|||||||
%{_mandir}/man?/*
|
%{_mandir}/man?/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 25 2024 yaoxin <yao_xin001@hoperun.com> - 1:3.6.14-8
|
||||||
|
- Fix CVE-2023-0666
|
||||||
|
|
||||||
* Thu Jan 04 2024 wangkai <13474090681@163.com> - 1:3.6.14-7
|
* Thu Jan 04 2024 wangkai <13474090681@163.com> - 1:3.6.14-7
|
||||||
- Fix CVE-2024-0208,CVE-2024-0209
|
- Fix CVE-2024-0208,CVE-2024-0209
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user