There is a NULL Pointer Dereference in ports2PORT when the user passes ill-formatted portmap string to tcprewrite with option -r or --portmap
Upstream Repository: https://github.com/appneta/tcpreplay.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9384 CVE: CVE-2025-9384 Signed-off-by: Jackson <[email protected]> --- .../tcpreplay/tcpreplay/CVE-2025-9384.patch | 38 +++++++++++++++++++ .../tcpreplay/tcpreplay_4.4.4.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch new file mode 100644 index 0000000000..c7333bb723 --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch @@ -0,0 +1,38 @@ +From 570c908c496b420562ed7142b898811cc8c70d3a Mon Sep 17 00:00:00 2001 +From: Jackson <[email protected]> +Date: Mon, 12 Jan 2026 08:39:56 +0530 +Subject: [PATCH] CVE-2025-9384: Bug #894 stop on --portmap syntax error + +src/tcprewrite -r 1:2 -i ping.pcap -c ping.cache -o out.pcap +src/tcprewrite -r 1-:2 -i ping.pcap -c ping.cache -o out.pcap + +Fatal Error in ../../src/tcprewrite.c:main() line 86: +Unable to parse args: From ../../../src/tcpedit/parse_args.c:tcpedit_post_args() line 189: +Unable to parse --portmap=1-:2 + +CVE: CVE-2025-9384 + +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/pull/946/commits/f6e6ee460ad9fe01e24a1579166b3f7a8c2158a7] +Comment: Patch refreshed + +Signed-off-by: Jackson <[email protected]> +--- + src/tcpedit/portmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tcpedit/portmap.c b/src/tcpedit/portmap.c +index 5fe1779..1e54728 100644 +--- a/src/tcpedit/portmap.c ++++ b/src/tcpedit/portmap.c +@@ -104,7 +104,7 @@ ports2PORT(char *ports) + from_begin = strtok_r(from_s, "-", &token2); + from_end = strtok_r(NULL, "-", &token2); + long from_b = strtol(from_begin, &badchar, 10); +- if (strlen(badchar) != 0) { ++ if (!from_begin || !from_end || strlen(badchar) != 0) { + free(portmap); + return NULL; + } +-- +2.34.1 + diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb index 866661b4d1..d389e26922 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb @@ -16,6 +16,7 @@ SRC_URI = "https://github.com/appneta/${BPN}/releases/download/v${PV}/${BP}.tar. file://CVE-2024-22654-0001.patch \ file://CVE-2024-22654-0002.patch \ file://CVE-2025-9157.patch \ + file://CVE-2025-9384.patch \ " SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123543): https://lists.openembedded.org/g/openembedded-devel/message/123543 Mute This Topic: https://lists.openembedded.org/mt/117311121/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
