Fri Feb 11 05:40:45 2011 UTC ()
Pullup ticket #3351 - requested by drochner
wireshark security patches
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.59
- pkgsrc/net/wireshark/distinfo 1.41
- pkgsrc/net/wireshark/patches/patch-af 1.1
- pkgsrc/net/wireshark/patches/patch-ag 1.1
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Thu Feb 10 11:00:57 UTC 2011
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Added Files:
pkgsrc/net/wireshark/patches: patch-af patch-ag
Log Message:
add two patches from upstream:
-fix possible free() of an uninitialized pointer when reading a
malformed pcap-ng file (CVE-2011-0538)
-add length check in pcap-ng reader
bump PKGREV
(sbd)
diff -r1.56.2.1 -r1.56.2.2 pkgsrc/net/wireshark/Makefile
diff -r1.38.2.1 -r1.38.2.2 pkgsrc/net/wireshark/distinfo
diff -r0 -r1.1.2.2 pkgsrc/net/wireshark/patches/patch-af
diff -r0 -r1.1.2.2 pkgsrc/net/wireshark/patches/patch-ag
--- pkgsrc/net/wireshark/Makefile 2011/01/12 07:26:06 1.56.2.1
+++ pkgsrc/net/wireshark/Makefile 2011/02/11 05:40:44 1.56.2.2
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.56.2.1 2011/01/12 07:26:06 sbd Exp $ | | 1 | # $NetBSD: Makefile,v 1.56.2.2 2011/02/11 05:40:44 sbd Exp $ |
2 | | | 2 | |
3 | DISTNAME= wireshark-1.4.3 | | 3 | DISTNAME= wireshark-1.4.3 |
| | | 4 | PKGREVISION= 2 |
4 | CATEGORIES= net | | 5 | CATEGORIES= net |
5 | MASTER_SITES= http://www.wireshark.org/download/src/ \ | | 6 | MASTER_SITES= http://www.wireshark.org/download/src/ \ |
6 | ${MASTER_SITE_SOURCEFORGE:=wireshark/} | | 7 | ${MASTER_SITE_SOURCEFORGE:=wireshark/} |
7 | EXTRACT_SUFX= .tar.bz2 | | 8 | EXTRACT_SUFX= .tar.bz2 |
8 | | | 9 | |
9 | OWNER= tron@NetBSD.org | | 10 | OWNER= tron@NetBSD.org |
10 | HOMEPAGE= http://www.wireshark.org/ | | 11 | HOMEPAGE= http://www.wireshark.org/ |
11 | COMMENT= Network protocol analyzer | | 12 | COMMENT= Network protocol analyzer |
12 | LICENSE= gnu-gpl-v2 | | 13 | LICENSE= gnu-gpl-v2 |
13 | | | 14 | |
14 | PKG_DESTDIR_SUPPORT= user-destdir | | 15 | PKG_DESTDIR_SUPPORT= user-destdir |
15 | | | 16 | |
16 | CONFLICTS+= ethereal-[0-9]* | | 17 | CONFLICTS+= ethereal-[0-9]* |
--- pkgsrc/net/wireshark/distinfo 2011/01/12 07:26:06 1.38.2.1
+++ pkgsrc/net/wireshark/distinfo 2011/02/11 05:40:44 1.38.2.2
| @@ -1,12 +1,14 @@ | | | @@ -1,12 +1,14 @@ |
1 | $NetBSD: distinfo,v 1.38.2.1 2011/01/12 07:26:06 sbd Exp $ | | 1 | $NetBSD: distinfo,v 1.38.2.2 2011/02/11 05:40:44 sbd Exp $ |
2 | | | 2 | |
3 | SHA1 (wireshark-1.4.3.tar.bz2) = 776c757e6a6a085232ac843ec28b026bf4ca9c8d | | 3 | SHA1 (wireshark-1.4.3.tar.bz2) = 776c757e6a6a085232ac843ec28b026bf4ca9c8d |
4 | RMD160 (wireshark-1.4.3.tar.bz2) = 6a63023f165b2e875296340f6a57595427a13fe7 | | 4 | RMD160 (wireshark-1.4.3.tar.bz2) = 6a63023f165b2e875296340f6a57595427a13fe7 |
5 | Size (wireshark-1.4.3.tar.bz2) = 20469021 bytes | | 5 | Size (wireshark-1.4.3.tar.bz2) = 20469021 bytes |
6 | SHA1 (patch-aa) = d0744f069ac2d3a8a43b810e1f958360d99200a9 | | 6 | SHA1 (patch-aa) = d0744f069ac2d3a8a43b810e1f958360d99200a9 |
7 | SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c | | 7 | SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c |
8 | SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840 | | 8 | SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840 |
9 | SHA1 (patch-ad) = a09b5ac9e836ef01fbd6ba103de00d08c0af2800 | | 9 | SHA1 (patch-ad) = a09b5ac9e836ef01fbd6ba103de00d08c0af2800 |
| | | 10 | SHA1 (patch-af) = 908f2050cbf0db6156f8802e93e3f193a87ef916 |
| | | 11 | SHA1 (patch-ag) = 28c2c23355090f5737f01d2c7740c430ca2b607b |
10 | SHA1 (patch-ba) = 49825d82605a665f54a5cdb6ccb364e55c0e0ffa | | 12 | SHA1 (patch-ba) = 49825d82605a665f54a5cdb6ccb364e55c0e0ffa |
11 | SHA1 (patch-bb) = 1e16337d1894f196f61b233423d729246dea33b5 | | 13 | SHA1 (patch-bb) = 1e16337d1894f196f61b233423d729246dea33b5 |
12 | SHA1 (patch-bc) = 052ede4ba58502117fe7b355e22a906ff65b773e | | 14 | SHA1 (patch-bc) = 052ede4ba58502117fe7b355e22a906ff65b773e |
$NetBSD: patch-af,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $
--- tshark.c.orig 2011-01-11 19:24:25.000000000 +0000
+++ tshark.c
@@ -2523,7 +2523,7 @@ load_cap_file(capture_file *cf, char *sa
int snapshot_length;
wtap_dumper *pdh;
int err;
- gchar *err_info;
+ gchar *err_info = NULL;
gint64 data_offset;
char *save_file_string = NULL;
gboolean filtering_tap_listeners;
$NetBSD: patch-ag,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $
--- wiretap/pcapng.c.orig 2011-01-11 19:24:22.000000000 +0000
+++ wiretap/pcapng.c
@@ -806,18 +806,26 @@ pcapng_read_packet_block(FILE_T fh, pcap
pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than packet_len %u.",
wblock->data.packet.cap_len, wblock->data.packet.packet_len);
*err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than packet_len");
return 0;
}
if (wblock->data.packet.cap_len > WTAP_MAX_PACKET_SIZE) {
pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than WTAP_MAX_PACKET_SIZE %u.",
wblock->data.packet.cap_len, WTAP_MAX_PACKET_SIZE);
*err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than WTAP_MAX_PACKET_SIZE");
return 0;
}
pcapng_debug3("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u",
wblock->data.packet.packet_len,
wblock->data.packet.cap_len,
wblock->data.packet.interface_id);
+ if (wblock->data.packet.packet_len > WTAP_MAX_PACKET_SIZE) {
+ *err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup_printf("pcapng_read_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
+ wblock->data.packet.packet_len, WTAP_MAX_PACKET_SIZE);
+ return 0;
+ }
wtap_encap = pcapng_get_encap(wblock->data.packet.interface_id, pn);
pcapng_debug3("pcapng_read_packet_block: encapsulation = %d (%s), pseudo header size = %d.",
@@ -980,6 +988,12 @@ pcapng_read_simple_packet_block(FILE_T f
}
pcapng_debug1("pcapng_read_simple_packet_block: packet data: packet_len %u",
wblock->data.simple_packet.packet_len);
+ if (wblock->data.simple_packet.packet_len > WTAP_MAX_PACKET_SIZE) {
+ *err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup_printf("pcapng_read_simple_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
+ wblock->data.simple_packet.packet_len, WTAP_MAX_PACKET_SIZE);
+ return 0;
+ }
encap = pcapng_get_encap(0, pn);
pcapng_debug1("pcapng_read_simple_packet_block: Need to read pseudo header of size %d",