send it to openembedded-devel mailing list please. On Mon, May 9, 2022 at 12:21 AM Riyaz <[email protected]> wrote: > > From: Riyaz Ahmed Khan <[email protected]> > > Add patch for CVE issue: CVE-2018-16301 > Link: > https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 > > Signed-off-by: Riyaz Ahmed Khan <[email protected]> > --- > .../tcpdump/tcpdump/CVE-2018-16301.patch | 111 ++++++++++++++++++ > .../recipes-support/tcpdump/tcpdump_4.9.3.bb | 1 + > 2 files changed, 112 insertions(+) > create mode 100644 > meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch > > diff --git > a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch > b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch > new file mode 100644 > index 000000000..5f5c68ccd > --- /dev/null > +++ b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch > @@ -0,0 +1,111 @@ > +From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001 > +From: Guy Harris <[email protected]> > +Date: Wed, 30 Sep 2020 11:37:30 -0700 > +Subject: [PATCH] Handle very large -f files by rejecting them. > + > +_read(), on Windows, has a 32-bit size argument and a 32-bit return > +value, so reject -f files that have more than 2^31-1 characters. > + > +Add some #defines so that, on Windows, we use _fstati64 to get the size > +of that file, to handle large files. > + > +Don't assume that our definition for ssize_t is the same size as size_t; > +by the time we want to print the return value of the read, we know it'll > +fit into an int, so just cast it to int and print it with %d. > + > +(cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77) > + > +CVE: CVE-2022-25308 > +Upstream-Status: Backport > [https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86] > + > +Signed-off-by: Riyaz Ahmed Khan <[email protected]> > + > +--- > + netdissect-stdinc.h | 16 +++++++++++++++- > + tcpdump.c | 15 ++++++++++++--- > + 2 files changed, 27 insertions(+), 4 deletions(-) > + > +diff --git a/netdissect-stdinc.h b/netdissect-stdinc.h > +index 8282c5846..9941c2a16 100644 > +--- a/netdissect-stdinc.h > ++++ b/netdissect-stdinc.h > +@@ -149,10 +149,17 @@ > + #ifdef _MSC_VER > + #define stat _stat > + #define open _open > +-#define fstat _fstat > + #define read _read > + #define close _close > + #define O_RDONLY _O_RDONLY > ++ > ++/* > ++ * We define our_fstat64 as _fstati64, and define our_statb as > ++ * struct _stati64, so we get 64-bit file sizes. > ++ */ > ++#define our_fstat _fstati64 > ++#define our_statb struct _stati64 > ++ > + #endif /* _MSC_VER */ > + > + /* > +@@ -211,6 +218,13 @@ typedef char* caddr_t; > + > + #include <arpa/inet.h> > + > ++/* > ++ * We should have large file support enabled, if it's available, > ++ * so just use fstat as our_fstat and struct stat as our_statb. > ++ */ > ++#define our_fstat fstat > ++#define our_statb struct stat > ++ > + #endif /* _WIN32 */ > + > + #ifndef HAVE___ATTRIBUTE__ > +diff --git a/tcpdump.c b/tcpdump.c > +index 043bda1d7..8f27ba2a4 100644 > +--- a/tcpdump.c > ++++ b/tcpdump.c > +@@ -108,6 +108,7 @@ The Regents of the University of California. All rights > reserved.\n"; > + #endif /* HAVE_CAP_NG_H */ > + #endif /* HAVE_LIBCAP_NG */ > + > ++#include "netdissect-stdinc.h" > + #include "netdissect.h" > + #include "interface.h" > + #include "addrtoname.h" > +@@ -861,15 +862,22 @@ read_infile(char *fname) > + { > + register int i, fd, cc; > + register char *cp; > +- struct stat buf; > ++ our_statb buf; > + > + fd = open(fname, O_RDONLY|O_BINARY); > + if (fd < 0) > + error("can't open %s: %s", fname, pcap_strerror(errno)); > + > +- if (fstat(fd, &buf) < 0) > ++ if (our_fstat(fd, &buf) < 0) > + error("can't stat %s: %s", fname, pcap_strerror(errno)); > + > ++ /* > ++ * Reject files whose size doesn't fit into an int; a filter > ++ * *that* large will probably be too big. > ++ */ > ++ if (buf.st_size > INT_MAX) > ++ error("%s is too large", fname); > ++ > + cp = malloc((u_int)buf.st_size + 1); > + if (cp == NULL) > + error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1, > +@@ -878,7 +886,8 @@ read_infile(char *fname) > + if (cc < 0) > + error("read %s: %s", fname, pcap_strerror(errno)); > + if (cc != buf.st_size) > +- error("short read %s (%d != %d)", fname, cc, > (int)buf.st_size); > ++ error("short read %s (%d != %d)", fname, (int) cc, > ++ (int)buf.st_size); > + > + close(fd); > + /* replace "# comment" with spaces */ > diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb > b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb > index 2ea493863..66bf21775 100644 > --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb > +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb > @@ -18,6 +18,7 @@ SRC_URI = " \ > file://add-ptest.patch \ > file://run-ptest \ > file://0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch \ > + file://CVE-2018-16301.patch \ > " > > SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" > -- > 2.17.1 > > This message contains information that may be privileged or confidential and > is the property of the KPIT Technologies Ltd. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain copy, disseminate, distribute, or > use this message or any part thereof. If you receive this message in error, > please notify the sender immediately and delete all copies of this message. > KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165403): https://lists.openembedded.org/g/openembedded-core/message/165403 Mute This Topic: https://lists.openembedded.org/mt/90994443/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
