Tue Sep 4 23:08:38 2012 UTC ()
Add fir for the remote DoS vulnerability reported in CVE-2012-3548 taken
from the Wireshark SVN repository.
(tron)
diff -r1.83 -r1.84 pkgsrc/net/wireshark/Makefile
diff -r1.58 -r1.59 pkgsrc/net/wireshark/distinfo
diff -r0 -r1.1 pkgsrc/net/wireshark/patches/patch-CVE-2012-3548
--- pkgsrc/net/wireshark/Makefile 2012/08/20 12:21:53 1.83
+++ pkgsrc/net/wireshark/Makefile 2012/09/04 23:08:38 1.84
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.83 2012/08/20 12:21:53 tron Exp $
+# $NetBSD: Makefile,v 1.84 2012/09/04 23:08:38 tron Exp $
DISTNAME= wireshark-1.8.2
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= http://www.wireshark.org/download/src/ \
${MASTER_SITE_SOURCEFORGE:=wireshark/}
--- pkgsrc/net/wireshark/distinfo 2012/08/20 08:34:44 1.58
+++ pkgsrc/net/wireshark/distinfo 2012/09/04 23:08:38 1.59
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.58 2012/08/20 08:34:44 christos Exp $
+$NetBSD: distinfo,v 1.59 2012/09/04 23:08:38 tron Exp $
SHA1 (wireshark-1.8.2.tar.bz2) = 4737d9745dbf002444ea42615243abf3bb80b943
RMD160 (wireshark-1.8.2.tar.bz2) = 5fece857d5187b146a690fda111a0611e108c2a9
Size (wireshark-1.8.2.tar.bz2) = 24121798 bytes
+SHA1 (patch-CVE-2012-3548) = 0d72d0e485ed09e1c28bd85bf1f06aa390be4981
SHA1 (patch-aa) = 78b9c01d7ecc272f1188a3fb8cfb806c8a040f6d
SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c
SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840
$NetBSD: patch-CVE-2012-3548,v 1.1 2012/09/04 23:08:38 tron Exp $
Fix for the remote DoS security vulnerability reported in CVE-2012-3548.
The patch was taken from the Wireshark SVN repository:
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44749
--- epan/dissectors/packet-drda.c.orig 2012-06-05 17:33:38.000000000 +0100
+++ epan/dissectors/packet-drda.c 2012-09-04 21:38:12.000000000 +0100
@@ -55,6 +55,7 @@
#include <epan/packet.h>
#include <epan/conversation.h>
#include <epan/prefs.h>
+#include <epan/expert.h>
#include "packet-tcp.h"
static int proto_drda = -1;
@@ -696,6 +697,10 @@
{
iCommand = tvb_get_ntohs(tvb, offset + 8);
iLength = tvb_get_ntohs(tvb, offset + 0);
+ if (iLength < 10) {
+ expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR, "Invalid length detected (%u): should be at least 10 bytes long", iLength);
+ break;
+ }
/* iCommandEnd is the length of the packet up to the end of the current command */
iCommandEnd += iLength;