From: Adarsh Jagadish Kamini <[email protected]> Upstream fix: https://github.com/the-tcpdump-group/libpcap/commit/0d8bd2f67c16637c4d25d81fb24cdcebc35afce6
Signed-off-by: Adarsh Jagadish Kamini <[email protected]> --- ...ssages-about-32-bit-integer-overflow.patch | 158 ++++++++++++++++++ .../libpcap/libpcap_1.10.6.bb | 4 +- 2 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch diff --git a/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch b/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch new file mode 100644 index 0000000000..4f2af53762 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch @@ -0,0 +1,158 @@ +From 217c3a07c7db694324b5c61eaaa07774735e2d7d Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko <[email protected]> +Date: Thu, 9 Oct 2025 20:51:45 +0100 +Subject: [PATCH] Fix error messages about 32-bit integer overflow. + +Since commit a5cac25 stoulen() takes a pointer to a string and a +length of the string and uses the length to report a problem about the +string. However, by that time it has already modified the length, so +the error message does not match the input: + +$ filtertest RAW '123456789012345' +filtertest: number 1234 overflows 32 bits +$ filtertest RAW '12345678901234567890' +filtertest: number 123456789 overflows 32 bits +$ filtertest RAW '123456789012345678901234567890' +filtertest: number 1234567890123456789 overflows 32 bits +$ filtertest RAW '0123456701234' +filtertest: number overflows 32 bits +$ filtertest RAW '0x100000000' +filtertest: number overflows 32 bits + +Consequently, if more than one number in the filter expression is out of +range, it can be not immediately obvious which one it is: + +$ filtertest RAW '4294967296 != 4294967297' +filtertest: number overflows 32 bits + +To fix this, in stoulen() keep a copy of the original string length and +use it for the error reporting. Ibid., factor the format string out and +show the base in the message. Simplify the forward declaration. Add +two comments to outline the clash space between certain MAC-48 addresses +and certain octal integers. Document this syntax peculiarity in the man +page and add a few basic reject tests. + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/0d8bd2f67c16637c4d25d81fb24cdcebc35afce6] +Signed-off-by: Adarsh Jagadish Kamini <[email protected]> +--- + pcap-filter.manmisc.in | 9 ++++++++- + scanner.l | 33 ++++++++++++++++++++++++--------- + 2 files changed, 32 insertions(+), 10 deletions(-) + +diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in +index bfb692ff..929d668d 100644 +--- a/pcap-filter.manmisc.in ++++ b/pcap-filter.manmisc.in +@@ -18,7 +18,7 @@ + .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + .\" +-.TH PCAP-FILTER @MAN_MISC_INFO@ "13 June 2023" ++.TH PCAP-FILTER @MAN_MISC_INFO@ "9 October 2025" + .SH NAME + pcap-filter \- packet filter syntax + .br +@@ -886,6 +886,13 @@ integer constants (expressed in standard C syntax), the normal binary operators + a length operator, and special packet data + accessors. Note that all comparisons are unsigned, so that, for example, + 0x80000000 and 0xffffffff are > 0. ++.LP ++Note that 32-bit octal integer constants in the [010000000000 .. 037777777777] ++interval, which includes 75% of all 32-bit integers, are interpreted as MAC-48 ++addresses when prepended with a single zero (e.g., 012345670123 means ++01:23:45:67:01:23). To disambiguate the expression, prepend such an octal ++number with more zeroes (0012345670123) or represent the same value using a ++decimal (1402433619) or hexadecimal (0x53977053) number. + .IP + The + .B % +diff --git a/scanner.l b/scanner.l +index 57779497..49aaeab2 100644 +--- a/scanner.l ++++ b/scanner.l +@@ -48,8 +48,8 @@ typedef enum { + STOULEN_ERROR + } stoulen_ret; + +-stoulen_ret stoulen(const char *string, size_t stringlen, bpf_u_int32 *val, +- compiler_state_t *cstate); ++stoulen_ret stoulen(const char *, const size_t, bpf_u_int32 *, ++ compiler_state_t *); + } + + /* +@@ -244,6 +244,12 @@ V6004 ::{N}\.{N}\.{N}\.{N} + + V6 ({V680}|{V670}|{V671}|{V672}|{V673}|{V674}|{V675}|{V676}|{V677}|{V660}|{V661}|{V662}|{V663}|{V664}|{V665}|{V666}|{V650}|{V651}|{V652}|{V653}|{V654}|{V655}|{V640}|{V641}|{V642}|{V643}|{V644}|{V630}|{V631}|{V632}|{V633}|{V620}|{V621}|{V622}|{V610}|{V611}|{V600}|{V6604}|{V6504}|{V6514}|{V6524}|{V6534}|{V6544}|{V6554}|{V6404}|{V6414}|{V6424}|{V6434}|{V6444}|{V6304}|{V6314}|{V6324}|{V6334}|{V6204}|{V6214}|{V6224}|{V6104}|{V6114}|{V6004}) + ++ /* ++ * In the regexp below the "{B2}{3}" form matches all octal numbers in ++ * the [010000000000 .. 077777777777] interval that use a single leading ++ * zero. The interval includes both integer values that fit into 32 ++ * bits and values that don't. ++ */ + MAC ({B}:{B}:{B}:{B}:{B}:{B}|{B}\-{B}\-{B}\-{B}\-{B}\-{B}|{B}\.{B}\.{B}\.{B}\.{B}\.{B}|{B2}\.{B2}\.{B2}|{B2}{3}) + + +@@ -486,13 +492,16 @@ tcp-cwr { yylval->h = 0x80; return NUM; } + */ + DIAG_ON_FLEX + ++#define FORMAT_OVERFLOWS_32_BITS "%s number %.*s overflows 32 bits" ++ + stoulen_ret +-stoulen(const char *string, size_t string_len, bpf_u_int32 *val, ++stoulen(const char *string, const size_t orig_string_len, bpf_u_int32 *val, + compiler_state_t *cstate) + { + bpf_u_int32 n = 0; + unsigned int digit; + const char *s = string; ++ size_t string_len = orig_string_len; + + /* + * string is guaranteed either to be a string of decimal digits +@@ -538,8 +547,8 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val, + * in 32 bits. + */ + bpf_set_error(cstate, +- "number %.*s overflows 32 bits", +- (int)string_len, string); ++ FORMAT_OVERFLOWS_32_BITS, ++ "hexadecimal", (int)orig_string_len, string); + return STOULEN_ERROR; + } + n = (n << 4) + digit; +@@ -573,10 +582,16 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val, + * number, and are about to add + * 3 more; that won't fit in + * 32 bits. ++ * ++ * This code path depends on using more ++ * than one leading zero for all values ++ * in the [040000000000 .. 077777777777] ++ * interval, otherwise the MAC regexp ++ * above consumes the string first. + */ + bpf_set_error(cstate, +- "number %.*s overflows 32 bits", +- (int)string_len, string); ++ FORMAT_OVERFLOWS_32_BITS, ++ "octal", (int)orig_string_len, string); + return STOULEN_ERROR; + } + n = (n << 3) + digit; +@@ -609,8 +624,8 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val, + * number that won't fit in 32 bits. + */ + bpf_set_error(cstate, +- "number %.*s overflows 32 bits", +- (int)string_len, string); ++ FORMAT_OVERFLOWS_32_BITS, ++ "decimal", (int)orig_string_len, string); + return STOULEN_ERROR; + } + n = (n * 10) + digit; +-- +2.34.1 + diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb index 1b10001035..1c7f40d6fd 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb @@ -10,7 +10,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz"; +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz \ + file://0001-Fix-error-messages-about-32-bit-integer-overflow.patch \ + " SRC_URI[sha256sum] = "ec97d1206bdd19cb6bdd043eaa9f0037aa732262ec68e070fd7c7b5f834d5dfc" inherit autotools binconfig-disabled pkgconfig -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237711): https://lists.openembedded.org/g/openembedded-core/message/237711 Mute This Topic: https://lists.openembedded.org/mt/119530387/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
