diff options
| author | sbd <sbd> | 2011-01-05 21:34:34 +0000 |
|---|---|---|
| committer | sbd <sbd> | 2011-01-05 21:34:34 +0000 |
| commit | 91a3ede6da3a21a053079bf452fc65a3f2956704 (patch) | |
| tree | aabbac08b50ab0040611b1d58f75af97fe6d575f /net/wireshark/patches/patch-SA42767 | |
| parent | bd4fabe4fb24cffb197a36c9e71d818d7e2ca7f3 (diff) | |
| download | pkgsrc-91a3ede6da3a21a053079bf452fc65a3f2956704.tar.gz | |
Pullup ticket #3316 - requested by tron
Security patch for wireshark
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.58
- pkgsrc/net/wireshark/distinfo 1.38
- pkgsrc/net/wireshark/patches/patch-SA42767 1.1
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Jan 4 15:39:34 UTC 2011
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Added Files:
pkgsrc/net/wireshark/patches: patch-SA42767
Log Message:
Add patch from the Wireshark SVN repository to fix the security
vulnerability reported in SA42767 which affects the ENTTEC dissector.
Diffstat (limited to 'net/wireshark/patches/patch-SA42767')
| -rw-r--r-- | net/wireshark/patches/patch-SA42767 | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/net/wireshark/patches/patch-SA42767 b/net/wireshark/patches/patch-SA42767 new file mode 100644 index 00000000000..cf9fa8ce50a --- /dev/null +++ b/net/wireshark/patches/patch-SA42767 @@ -0,0 +1,43 @@ +$NetBSD: patch-SA42767,v 1.1.2.2 2011/01/05 21:34:34 sbd Exp $ + +Patch for security vulnerability reported in SA42767. + +The patch was taken from the Wireshark SVN repository: + +http://anonsvn.wireshark.org/viewvc?view=rev&revision=35318 + +--- epan/dissectors/packet-enttec.c.orig 2010-11-18 21:30:35.000000000 +0000 ++++ epan/dissectors/packet-enttec.c 2011-01-04 14:30:58.000000000 +0000 +@@ -193,8 +193,8 @@ + "%3u: %s" + }; + +- static guint8 dmx_data[512]; +- static guint16 dmx_data_offset[513]; /* 1 extra for last offset */ ++ guint8 *dmx_data = ep_alloc(512 * sizeof(guint8)); ++ guint16 *dmx_data_offset = ep_alloc(513 * sizeof(guint16)); /* 1 extra for last offset */ + emem_strbuf_t *dmx_epstr; + + proto_tree *hi,*si; +@@ -225,10 +225,10 @@ + length = 512; + + if (type == ENTTEC_DATA_TYPE_RLE) { +- /* uncompres the DMX data */ ++ /* uncompress the DMX data */ + ui = 0; + ci = 0; +- while (ci < length) { ++ while (ci < length && ui < 512) { + v = tvb_get_guint8(tvb, offset+ci); + if (v == 0xFE) { + ci++; +@@ -236,7 +236,7 @@ + ci++; + v = tvb_get_guint8(tvb, offset+ci); + ci++; +- for (i=0;i < count;i++) { ++ for (i=0;i < count && ui < 512;i++) { + dmx_data[ui] = v; + dmx_data_offset[ui] = ci-3; + ui++; |