On 01/03/2018 12:34 AM, Zhixiong Chi wrote: > Backport patch from the upstream: > https://code.wireshark.org/review/gitweb?p=wireshark.git; > a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 > https://nvd.nist.gov/vuln/detail/CVE-2017-17935 > > The File_read_line function in epan/wslua/wslua_file.c in Wireshark > through 2.2.11 does not properly strip '\n' characters, which allows > remote attackers to cause a denial of service (buffer underflow and > application crash) via a crafted packet that triggers the attempted > processing of an empty line. Thank you for the security patch.
In master-next is an update to wireshark to version 2.2.11. I think this wont be necessary once the update hits master. - armin > > Signed-off-by: Zhixiong Chi <[email protected]> > --- > .../wireshark/wireshark/CVE-2017-17935.patch | 37 > ++++++++++++++++++++++ > .../recipes-support/wireshark/wireshark_2.2.10.bb | 4 ++- > 2 files changed, 40 insertions(+), 1 deletion(-) > create mode 100644 > meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch > > diff --git > a/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch > b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch > new file mode 100644 > index 000000000..46ad83ea0 > --- /dev/null > +++ b/meta-networking/recipes-support/wireshark/wireshark/CVE-2017-17935.patch > @@ -0,0 +1,37 @@ > +From 137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 Mon Sep 17 00:00:00 2001 > +From: Martin Mathieson <[email protected]> > +Date: Tue, 26 Dec 2017 11:48:04 +0000 > +Subject: [PATCH 1/1] potential buffer underflow in File_read_line function in > + epan/wslua/wslua_file.c > + > +Putting up for review, though I am not completely convinced that > +file_gets() can return an empty line. > + > +Bug: 14295 > +Change-Id: If36761ea511b66c01a9f167809a218a7eadbfcc5 > +Reviewed-on: https://code.wireshark.org/review/24997 > +Petri-Dish: Martin Mathieson <[email protected]> > +Tested-by: Petri Dish Buildbot > +Reviewed-by: Anders Broman <[email protected]> > + > +Upstream-Status: Backport > +Signed-off-by: Zhixiong Chi <[email protected]> > +--- > + epan/wslua/wslua_file.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/epan/wslua/wslua_file.c b/epan/wslua/wslua_file.c > +index 79bf4f7..73bacc6 100644 > +--- a/epan/wslua/wslua_file.c > ++++ b/epan/wslua/wslua_file.c > +@@ -192,7 +192,7 @@ static int File_read_line(lua_State *L, FILE_T ft) { > + length = (gint)(file_tell(ft) - pos_before); > + > + /* ...but don't want to include newline in line length */ > +- if (linebuff[length-1] == '\n') { > ++ if (length > 0 && linebuff[length-1] == '\n') { > + length--; > + /* Nor do we want '\r' (as will be written when log is created on > windows) */ > + if (length > 0 && linebuff[length - 1] == '\r') { > +-- > +2.7.4 > diff --git a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb > b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb > index 5358ba07f..e3915d203 100644 > --- a/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb > +++ b/meta-networking/recipes-support/wireshark/wireshark_2.2.10.bb > @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = > "file://COPYING;md5=6e271234ba1a13c6e512e76b94ac2f77" > > DEPENDS = "pcre expat glib-2.0 glib-2.0-native" > > -SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2"; > +SRC_URI = "https://2.na.dl.wireshark.org/src/all-versions/${BP}.tar.bz2 \ > + file://CVE-2017-17935.patch \ > +" > > PE = "1" > -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
