Message ID | 20240105090606.16197-1-asharma@mvista.com |
---|---|
State | New |
Headers | show |
Series | [meta-networking,dunfell] wireshark: Backport fix for CVE-2023-1992 RPCoRDMA: Frame end cleanup for global write offsets | expand |
On 1/5/24 4:06 AM, Ashish Sharma via lists.openembedded.org wrote: > Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] > > Signed-off-by: Ashish Sharma <asharma@mvista.com> Please rebase against current Dunfell. BR, Armin > --- > .../wireshark/files/CVE-2023-1992.patch | 62 +++++++++++++++++++ > .../wireshark/wireshark_3.2.18.bb | 1 + > 2 files changed, 63 insertions(+) > create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch > > diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch > new file mode 100644 > index 0000000000..2fbef6bae0 > --- /dev/null > +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch > @@ -0,0 +1,62 @@ > +From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001 > +From: John Thacker <johnthacker@gmail.com> > +Date: Sun, 19 Mar 2023 15:16:39 -0400 > +Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets > + > +Add a frame end routine for a global which is assigned to packet > +scoped memory. It really should be made proto data, but is used > +in a function in the header (that doesn't take the packet info > +struct as an argument) and this fix needs to be made in stable > +branches. > + > +Fix #18852 > +--- > +Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] > +CVE: CVE-2023-1992 > +Signed-off-by: Ashish Sharma <asharma@mvista.com> > + > + epan/dissectors/packet-rpcrdma.c | 14 ++++++++++++++ > + 1 file changed, 14 insertions(+) > + > +diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c > +index 680187b2653..3f250f0ea1c 100644 > +--- a/epan/dissectors/packet-rpcrdma.c > ++++ b/epan/dissectors/packet-rpcrdma.c > +@@ -24,6 +24,7 @@ > + #include <epan/addr_resolv.h> > + > + #include "packet-rpcrdma.h" > ++#include "packet-frame.h" > + #include "packet-infiniband.h" > + #include "packet-iwarp-ddp-rdmap.h" > + > +@@ -285,6 +286,18 @@ void rpcrdma_insert_offset(gint offset) > + wmem_array_append_one(gp_rdma_write_offsets, offset); > + } > + > ++/* > ++ * Reset the array of write offsets at the end of the frame. These > ++ * are packet scoped, so they don't need to be freed, but we want > ++ * to ensure that the global doesn't point to no longer allocated > ++ * memory in a later packet. > ++ */ > ++static void > ++reset_write_offsets(void) > ++{ > ++ gp_rdma_write_offsets = NULL; > ++} > ++ > + /* Get conversation state, it is created if it does not exist */ > + static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo) > + { > +@@ -1600,6 +1613,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data > + if (write_size > 0 && !pinfo->fd->visited) { > + /* Initialize array of write chunk offsets */ > + gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint)); > ++ register_frame_end_routine(pinfo, reset_write_offsets); > + TRY { > + /* > + * Call the upper layer dissector to get a list of offsets > +-- > +GitLab > + > diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb > index 64e436df38..eb43574f9f 100644 > --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb > +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb > @@ -18,6 +18,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz > file://CVE-2023-0667.patch \ > file://CVE-2023-0668.patch \ > file://CVE-2023-2906.patch \ > + file://CVE-2023-1992.patch \ > " > UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#108044): https://lists.openembedded.org/g/openembedded-devel/message/108044 > Mute This Topic: https://lists.openembedded.org/mt/103539863/3616698 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch new file mode 100644 index 0000000000..2fbef6bae0 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch @@ -0,0 +1,62 @@ +From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Sun, 19 Mar 2023 15:16:39 -0400 +Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets + +Add a frame end routine for a global which is assigned to packet +scoped memory. It really should be made proto data, but is used +in a function in the header (that doesn't take the packet info +struct as an argument) and this fix needs to be made in stable +branches. + +Fix #18852 +--- +Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] +CVE: CVE-2023-1992 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + epan/dissectors/packet-rpcrdma.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c +index 680187b2653..3f250f0ea1c 100644 +--- a/epan/dissectors/packet-rpcrdma.c ++++ b/epan/dissectors/packet-rpcrdma.c +@@ -24,6 +24,7 @@ + #include <epan/addr_resolv.h> + + #include "packet-rpcrdma.h" ++#include "packet-frame.h" + #include "packet-infiniband.h" + #include "packet-iwarp-ddp-rdmap.h" + +@@ -285,6 +286,18 @@ void rpcrdma_insert_offset(gint offset) + wmem_array_append_one(gp_rdma_write_offsets, offset); + } + ++/* ++ * Reset the array of write offsets at the end of the frame. These ++ * are packet scoped, so they don't need to be freed, but we want ++ * to ensure that the global doesn't point to no longer allocated ++ * memory in a later packet. ++ */ ++static void ++reset_write_offsets(void) ++{ ++ gp_rdma_write_offsets = NULL; ++} ++ + /* Get conversation state, it is created if it does not exist */ + static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo) + { +@@ -1600,6 +1613,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data + if (write_size > 0 && !pinfo->fd->visited) { + /* Initialize array of write chunk offsets */ + gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint)); ++ register_frame_end_routine(pinfo, reset_write_offsets); + TRY { + /* + * Call the upper layer dissector to get a list of offsets +-- +GitLab + diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb index 64e436df38..eb43574f9f 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb @@ -18,6 +18,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://CVE-2023-0667.patch \ file://CVE-2023-0668.patch \ file://CVE-2023-2906.patch \ + file://CVE-2023-1992.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
Upstream-Status: Backport from [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff57413] Signed-off-by: Ashish Sharma <asharma@mvista.com> --- .../wireshark/files/CVE-2023-1992.patch | 62 +++++++++++++++++++ .../wireshark/wireshark_3.2.18.bb | 1 + 2 files changed, 63 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch