An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> --- .../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++ .../tcpreplay/tcpreplay_4.4.2.bb | 4 ++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch new file mode 100644 index 000000000..59adff615 --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch @@ -0,0 +1,29 @@ +From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001 +From: Marsman1996 <lqliuyu...@outlook.com> +Date: Wed Mar 1 14:48:48 2023 +0800 +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup + +CVE: CVE-2023-27783 +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8] + +Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> +--- + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c +index e282ef4..98b67e9 100644 +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx) + jnpr_ether_config_t *config; + + config = (jnpr_ether_config_t *)ctx->encoder->config; +- tcpedit_dlt_cleanup(config->subctx); ++ if (config->subctx != NULL) ++ tcpedit_dlt_cleanup(config->subctx); + safe_free(plugin->config); + plugin->config = NULL; + plugin->config_size = 0; +-- +2.40.0 diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb index 165a0e735..ccff19f16 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb @@ -7,7 +7,9 @@ SECTION = "net" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"; +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \ + file://CVE-2023-27783.patch \ + " SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103126): https://lists.openembedded.org/g/openembedded-devel/message/103126 Mute This Topic: https://lists.openembedded.org/mt/99336397/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
