Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/4b48ee36f1829d6d3d009bf9871af523ce8e3ace
Signed-off-by: Hitendra Prajapati <[email protected]> --- .../wireshark/files/CVE-2026-0959.patch | 65 +++++++++++++++++++ .../wireshark/wireshark_4.2.14.bb | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2026-0959.patch diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2026-0959.patch b/meta-networking/recipes-support/wireshark/files/CVE-2026-0959.patch new file mode 100644 index 0000000000..a7aeb80610 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2026-0959.patch @@ -0,0 +1,65 @@ +From 4b48ee36f1829d6d3d009bf9871af523ce8e3ace Mon Sep 17 00:00:00 2001 +From: John Thacker <[email protected]> +Date: Sat, 10 Jan 2026 08:33:35 -0500 +Subject: [PATCH] ieee80211: Avoid using a fixed array for multi-link per-STA + subelements + +Since this processes to the end of the TVB, there might be more than 16. +Simplify the logic and only test for a set link_id in one place. This +also gets rid of a possible use of an uninitialized value on error. + +Fix #20939, OSS-Fuzz 474458885 + +CVE: CVE-2026-0959 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/4b48ee36f1829d6d3d009bf9871af523ce8e3ace] +Signed-off-by: Hitendra Prajapati <[email protected]> +--- + epan/dissectors/packet-ieee80211.c | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c +index 0371e21..15e89f7 100644 +--- a/epan/dissectors/packet-ieee80211.c ++++ b/epan/dissectors/packet-ieee80211.c +@@ -27911,7 +27911,7 @@ dissect_multi_link(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, + guint8 multi_link_type = multi_link_control & 0x0007; + guint16 present = multi_link_control >> 4; + int elt = 0, hf_index; +- int local_link_ids[16]; ++ wmem_strbuf_t *link_id_list = wmem_strbuf_create(pinfo->pool); + + control = proto_tree_add_item(tree, hf_ieee80211_eht_multi_link_control, tvb, + offset, 2, ENC_LITTLE_ENDIAN); +@@ -28194,9 +28194,6 @@ dissect_multi_link(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, + multi_link_type, &link_id); + + offset += overhead; /* Account for the overhead in the subelt */ +- if (link_id != -1) { +- local_link_ids[elt] = link_id; +- } + break; + case 221: + /* Add an expert info saying there are none so far? */ +@@ -28207,18 +28204,13 @@ dissect_multi_link(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, + break; + } + if (link_id != -1) { ++ wmem_strbuf_append_printf(link_id_list, (elt == 0) ? "%d" : "_%d", link_id); + elt++; + } + } + proto_tree_add_uint(tree, hf_index, tvb, 0, 0, elt); + + if (elt) { +- wmem_strbuf_t *link_id_list = wmem_strbuf_new_sized(pinfo->pool, elt * 2); +- for (int i = 0; i < elt; i++) { +- if (local_link_ids[i] != -1) { +- wmem_strbuf_append_printf(link_id_list, (i == 0) ? "%d" : "_%d", local_link_ids[i]); +- } +- } + proto_tree_add_string(tree, hf_ieee80211_eht_multi_link_link_id_list, tvb, + 0, 0, link_id_list->str); + } +-- +2.50.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb index c313075ea4..d03b86775e 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb @@ -15,6 +15,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ file://CVE-2025-9817.patch \ file://CVE-2025-13499.patch \ + file://CVE-2026-0959.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"; -- 2.50.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123896): https://lists.openembedded.org/g/openembedded-devel/message/123896 Mute This Topic: https://lists.openembedded.org/mt/117484118/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
