diff options
author | Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> | 2022-05-25 11:24:56 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2022-05-25 19:34:39 -0700 |
commit | deee226017877d51188e0a46f9e6b93c10ffbb34 (patch) | |
tree | 1f6db1aa3d7ea2af7167dcb7d9eb58af42252862 | |
parent | 9f361cff9c73fdb532d3dde229633cc687424805 (diff) | |
download | meta-openembedded-contrib-deee226017877d51188e0a46f9e6b93c10ffbb34.tar.gz |
tcpdump: Add fix for CVE-2018-16301
Add patch for CVE issue: CVE-2018-16301
Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86
Upstream-Status: Pending
Issue: MGUBSYS-5370
Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch | 111 | ||||
-rw-r--r-- | meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb | 1 |
2 files changed, 112 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch new file mode 100644 index 0000000000..5f5c68ccd6 --- /dev/null +++ b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2018-16301.patch @@ -0,0 +1,111 @@ +From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Wed, 30 Sep 2020 11:37:30 -0700 +Subject: [PATCH] Handle very large -f files by rejecting them. + +_read(), on Windows, has a 32-bit size argument and a 32-bit return +value, so reject -f files that have more than 2^31-1 characters. + +Add some #defines so that, on Windows, we use _fstati64 to get the size +of that file, to handle large files. + +Don't assume that our definition for ssize_t is the same size as size_t; +by the time we want to print the return value of the read, we know it'll +fit into an int, so just cast it to int and print it with %d. + +(cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77) + +CVE: CVE-2022-25308 +Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86] + +Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> + +--- + netdissect-stdinc.h | 16 +++++++++++++++- + tcpdump.c | 15 ++++++++++++--- + 2 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/netdissect-stdinc.h b/netdissect-stdinc.h +index 8282c5846..9941c2a16 100644 +--- a/netdissect-stdinc.h ++++ b/netdissect-stdinc.h +@@ -149,10 +149,17 @@ + #ifdef _MSC_VER + #define stat _stat + #define open _open +-#define fstat _fstat + #define read _read + #define close _close + #define O_RDONLY _O_RDONLY ++ ++/* ++ * We define our_fstat64 as _fstati64, and define our_statb as ++ * struct _stati64, so we get 64-bit file sizes. ++ */ ++#define our_fstat _fstati64 ++#define our_statb struct _stati64 ++ + #endif /* _MSC_VER */ + + /* +@@ -211,6 +218,13 @@ typedef char* caddr_t; + + #include <arpa/inet.h> + ++/* ++ * We should have large file support enabled, if it's available, ++ * so just use fstat as our_fstat and struct stat as our_statb. ++ */ ++#define our_fstat fstat ++#define our_statb struct stat ++ + #endif /* _WIN32 */ + + #ifndef HAVE___ATTRIBUTE__ +diff --git a/tcpdump.c b/tcpdump.c +index 043bda1d7..8f27ba2a4 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -108,6 +108,7 @@ The Regents of the University of California. All rights reserved.\n"; + #endif /* HAVE_CAP_NG_H */ + #endif /* HAVE_LIBCAP_NG */ + ++#include "netdissect-stdinc.h" + #include "netdissect.h" + #include "interface.h" + #include "addrtoname.h" +@@ -861,15 +862,22 @@ read_infile(char *fname) + { + register int i, fd, cc; + register char *cp; +- struct stat buf; ++ our_statb buf; + + fd = open(fname, O_RDONLY|O_BINARY); + if (fd < 0) + error("can't open %s: %s", fname, pcap_strerror(errno)); + +- if (fstat(fd, &buf) < 0) ++ if (our_fstat(fd, &buf) < 0) + error("can't stat %s: %s", fname, pcap_strerror(errno)); + ++ /* ++ * Reject files whose size doesn't fit into an int; a filter ++ * *that* large will probably be too big. ++ */ ++ if (buf.st_size > INT_MAX) ++ error("%s is too large", fname); ++ + cp = malloc((u_int)buf.st_size + 1); + if (cp == NULL) + error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1, +@@ -878,7 +886,8 @@ read_infile(char *fname) + if (cc < 0) + error("read %s: %s", fname, pcap_strerror(errno)); + if (cc != buf.st_size) +- error("short read %s (%d != %d)", fname, cc, (int)buf.st_size); ++ error("short read %s (%d != %d)", fname, (int) cc, ++ (int)buf.st_size); + + close(fd); + /* replace "# comment" with spaces */ diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb index 2ea493863a..66bf217751 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb @@ -18,6 +18,7 @@ SRC_URI = " \ file://add-ptest.patch \ file://run-ptest \ file://0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch \ + file://CVE-2018-16301.patch \ " SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" |