Pullup ticket #3351 - requested by drochner

wireshark security patches Revisions pulled up: - pkgsrc/net/wireshark/Makefile 1.59 - pkgsrc/net/wireshark/distinfo 1.41 - pkgsrc/net/wireshark/patches/patch-af 1.1 - pkgsrc/net/wireshark/patches/patch-ag 1.1 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: drochner Date: Thu Feb 10 11:00:57 UTC 2011 Modified Files: pkgsrc/net/wireshark: Makefile distinfo Added Files: pkgsrc/net/wireshark/patches: patch-af patch-ag Log Message: add two patches from upstream: -fix possible free() of an uninitialized pointer when reading a malformed pcap-ng file (CVE-2011-0538) -add length check in pcap-ng reader bump PKGREV
author: sbd <sbd> 2011-02-11 05:40:44 +0000
committer: sbd <sbd> 2011-02-11 05:40:44 +0000
commit: 99ea7739fdf13cc442ab98984a502dd9db7ec23e (patch)
tree: a1420fc39e3a781437fed144a1d59890268db58d
parent: f9bee4489d08f45efbd154abc3d238e92ea91e66 (diff)
download: pkgsrc-99ea7739fdf13cc442ab98984a502dd9db7ec23e.tar.gz
4 files changed, 62 insertions, 2 deletions
diff --git a/net/wireshark/Makefile b/net/wireshark/Makefile
index a528a76839a..dff4e4f00b9 100644
--- a/net/wireshark/Makefile
+++ b/net/wireshark/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.56.2.1 2011/01/12 07:26:06 sbd Exp $
+# $NetBSD: Makefile,v 1.56.2.2 2011/02/11 05:40:44 sbd Exp $
 
 DISTNAME=		wireshark-1.4.3
+PKGREVISION=		2
 CATEGORIES=		net
 MASTER_SITES=		http://www.wireshark.org/download/src/ \
 			${MASTER_SITE_SOURCEFORGE:=wireshark/}
diff --git a/net/wireshark/distinfo b/net/wireshark/distinfo
index b6e6cf6142b..68e1e4f1f00 100644
--- a/net/wireshark/distinfo
+++ b/net/wireshark/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38.2.1 2011/01/12 07:26:06 sbd Exp $
+$NetBSD: distinfo,v 1.38.2.2 2011/02/11 05:40:44 sbd Exp $
 
 SHA1 (wireshark-1.4.3.tar.bz2) = 776c757e6a6a085232ac843ec28b026bf4ca9c8d
 RMD160 (wireshark-1.4.3.tar.bz2) = 6a63023f165b2e875296340f6a57595427a13fe7
@@ -7,6 +7,8 @@ SHA1 (patch-aa) = d0744f069ac2d3a8a43b810e1f958360d99200a9
 SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c
 SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840
 SHA1 (patch-ad) = a09b5ac9e836ef01fbd6ba103de00d08c0af2800
+SHA1 (patch-af) = 908f2050cbf0db6156f8802e93e3f193a87ef916
+SHA1 (patch-ag) = 28c2c23355090f5737f01d2c7740c430ca2b607b
 SHA1 (patch-ba) = 49825d82605a665f54a5cdb6ccb364e55c0e0ffa
 SHA1 (patch-bb) = 1e16337d1894f196f61b233423d729246dea33b5
 SHA1 (patch-bc) = 052ede4ba58502117fe7b355e22a906ff65b773e
diff --git a/net/wireshark/patches/patch-af b/net/wireshark/patches/patch-af
new file mode 100644
index 00000000000..d3c484faf85
--- /dev/null
+++ b/net/wireshark/patches/patch-af
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $
+
+--- tshark.c.orig	2011-01-11 19:24:25.000000000 +0000
++++ tshark.c
+@@ -2523,7 +2523,7 @@ load_cap_file(capture_file *cf, char *sa
+   int          snapshot_length;
+   wtap_dumper *pdh;
+   int          err;
+-  gchar        *err_info;
++  gchar        *err_info = NULL;
+   gint64       data_offset;
+   char         *save_file_string = NULL;
+   gboolean     filtering_tap_listeners;
diff --git a/net/wireshark/patches/patch-ag b/net/wireshark/patches/patch-ag
new file mode 100644
index 00000000000..c9a03efe593
--- /dev/null
+++ b/net/wireshark/patches/patch-ag
@@ -0,0 +1,44 @@
+$NetBSD: patch-ag,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $
+
+--- wiretap/pcapng.c.orig	2011-01-11 19:24:22.000000000 +0000
++++ wiretap/pcapng.c
+@@ -806,18 +806,26 @@ pcapng_read_packet_block(FILE_T fh, pcap
+ 		pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than packet_len %u.",
+ 		              wblock->data.packet.cap_len, wblock->data.packet.packet_len);
+ 		*err = WTAP_ERR_BAD_RECORD;
++		*err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than packet_len");
+ 		return 0;
+ 	}
+ 	if (wblock->data.packet.cap_len > WTAP_MAX_PACKET_SIZE) {
+ 		pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than WTAP_MAX_PACKET_SIZE %u.",
+ 		              wblock->data.packet.cap_len, WTAP_MAX_PACKET_SIZE);
+ 		*err = WTAP_ERR_BAD_RECORD;
++		*err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than WTAP_MAX_PACKET_SIZE");
+ 		return 0;
+ 	}
+ 	pcapng_debug3("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u",
+ 	              wblock->data.packet.packet_len,
+ 	              wblock->data.packet.cap_len,
+ 	              wblock->data.packet.interface_id);
++	if (wblock->data.packet.packet_len > WTAP_MAX_PACKET_SIZE) {
++		*err = WTAP_ERR_BAD_RECORD;
++		*err_info = g_strdup_printf("pcapng_read_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
++			wblock->data.packet.packet_len, WTAP_MAX_PACKET_SIZE);
++		return 0;
++	}
+ 
+ 	wtap_encap = pcapng_get_encap(wblock->data.packet.interface_id, pn);
+ 	pcapng_debug3("pcapng_read_packet_block: encapsulation = %d (%s), pseudo header size = %d.",
+@@ -980,6 +988,12 @@ pcapng_read_simple_packet_block(FILE_T f
+ 	}
+ 	pcapng_debug1("pcapng_read_simple_packet_block: packet data: packet_len %u",
+ 	               wblock->data.simple_packet.packet_len);
++	if (wblock->data.simple_packet.packet_len > WTAP_MAX_PACKET_SIZE) {
++		*err = WTAP_ERR_BAD_RECORD;
++		*err_info = g_strdup_printf("pcapng_read_simple_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
++			wblock->data.simple_packet.packet_len, WTAP_MAX_PACKET_SIZE);
++		return 0;
++	}
+ 
+ 	encap = pcapng_get_encap(0, pn);
+ 	pcapng_debug1("pcapng_read_simple_packet_block: Need to read pseudo header of size %d",
author	sbd <sbd>	2011-02-11 05:40:44 +0000
committer	sbd <sbd>	2011-02-11 05:40:44 +0000
commit	99ea7739fdf13cc442ab98984a502dd9db7ec23e (patch)
tree	a1420fc39e3a781437fed144a1d59890268db58d
parent	f9bee4489d08f45efbd154abc3d238e92ea91e66 (diff)
download	pkgsrc-99ea7739fdf13cc442ab98984a502dd9db7ec23e.tar.gz