packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wireshark/CVE-2019-5717.patch
gu-gu-gu dfcfd1447c fix CVE-2019-5716 CVE-2019-5717
2020-02-02 22:49:56 +08:00

71 lines
3.0 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From bf9272a92f3df1e4ccfaad434e123222ae5313f7 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Stig=20Bj=C3=B8rlykke?= <stig@bjorlykke.org>
Date: Sun, 9 Dec 2018 21:54:18 +0100
Subject: [PATCH] p_mul: Detect Data PDU sequence number 0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Data PDU sequence number 0 is illegal, add an expert info for this.
Don't include this packet in SEQ/ACK analysis.
Bug: 15337
Change-Id: I476088531e8a3605393ee1dedf1e8b159dac342b
Reviewed-on: https://code.wireshark.org/review/30980
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 3cccd4ec5b922e79afd134db4f0c9acb10bf7202)
Reviewed-on: https://code.wireshark.org/review/30987
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
---
epan/dissectors/packet-p_mul.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-p_mul.c b/epan/dissectors/packet-p_mul.c
index 35edde7..2dd6f15 100644
--- a/epan/dissectors/packet-p_mul.c
+++ b/epan/dissectors/packet-p_mul.c
@@ -163,6 +163,7 @@ static gint ett_msg_fragments = -1;
static expert_field ei_more_data = EI_INIT;
static expert_field ei_checksum_bad = EI_INIT;
+static expert_field ei_illegal_seq_no = EI_INIT;
static expert_field ei_tot_miss_seq_no = EI_INIT;
static expert_field ei_miss_seq_no = EI_INIT;
static expert_field ei_analysis_ack_missing = EI_INIT;
@@ -368,6 +369,11 @@ static p_mul_seq_val *register_p_mul_id (packet_info *pinfo, address *addr, guin
return NULL;
}
+ if (pdu_type == Data_PDU && seq_no == 0) {
+ /* Illegal sequence number for Data PDU */
+ return NULL;
+ }
+
nstime_set_zero(&addr_time);
nstime_set_zero(&prev_time);
@@ -877,7 +883,10 @@ static int dissect_p_mul (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, v
case Data_PDU:
/* Sequence Number of PDUs */
seq_no = tvb_get_ntohs (tvb, offset);
- proto_tree_add_item (p_mul_tree, hf_seq_no, tvb, offset, 2, ENC_BIG_ENDIAN);
+ en = proto_tree_add_item (p_mul_tree, hf_seq_no, tvb, offset, 2, ENC_BIG_ENDIAN);
+ if (seq_no == 0) {
+ expert_add_info(pinfo, en, &ei_illegal_seq_no);
+ }
proto_item_append_text (ti, ", Seq no: %u", seq_no);
break;
@@ -1548,6 +1557,7 @@ void proto_register_p_mul (void)
{ &ei_miss_seq_range, { "p_mul.missing_seq_range.invalid", PI_UNDECODED, PI_WARN, "Invalid missing sequence range", EXPFILL }},
{ &ei_miss_seq_no, { "p_mul.missing_seq_no.invalid", PI_UNDECODED, PI_WARN, "Invalid missing seq number", EXPFILL }},
{ &ei_tot_miss_seq_no, { "p_mul.no_missing_seq_no.expert", PI_RESPONSE_CODE, PI_NOTE, "Missing seq numbers", EXPFILL }},
+ { &ei_illegal_seq_no, { "p_mul.seq_no.illegal", PI_PROTOCOL, PI_WARN, "Illegal seq number", EXPFILL }},
{ &ei_length, { "p_mul.length.invalid", PI_MALFORMED, PI_WARN, "Incorrect length field", EXPFILL }},
{ &ei_more_data, { "p_mul.more_data", PI_MALFORMED, PI_WARN, "More data in packet", EXPFILL }},
};
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink