Pullup ticket 473 - requested by Matthias Scheler

security fix for ethereal

Revisions pulled up:
- pkgsrc/net/ethereal/Makefile		1.107
- pkgsrc/net/ethereal/distinfo		1.37
- pkgsrc/net/ethereal/patches/patch-aa	1.13

   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Thu Apr 28 16:46:45 UTC 2005

   Modified Files:
   	pkgsrc/net/ethereal: Makefile distinfo
   Added Files:
   	pkgsrc/net/ethereal/patches: patch-aa

   Log Message:
   Avoid endless loop in the rsvp dissector which allowed a remote DoS.
   Bump package revision because of this change.

3 files changed, 139 insertions, 2 deletions

diff --git a/net/ethereal/Makefile b/net/ethereal/Makefile
index a5dd6bae358..1aa57ede49e 100644
--- a/net/ethereal/Makefile
+++ b/net/ethereal/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.105 2005/03/14 15:34:57 tron Exp $
+# $NetBSD: Makefile,v 1.105.2.1 2005/04/30 05:21:59 salo Exp $
 
 DISTNAME=		ethereal-0.10.10
+PKGREVISION=		1
 CATEGORIES=		net
 MASTER_SITES=		http://www.ethereal.com/distribution/ \
 			http://ethereal.planetmirror.com/distribution/ \
@@ -48,6 +49,11 @@ PTHREAD_OPTS=		require
 USE_BUILTIN.libpcap=	no
 .endif
 
+# This work arround should be removed when the packages gets updated
+# to a newer version.
+post-patch:
+	${TOUCH} ${WRKSRC}/epan/dissectors/register.c
+
 .include "../../devel/glib2/buildlink3.mk"
 .include "../../devel/pcre/buildlink3.mk"
 .include "../../devel/pkgconfig/buildlink3.mk"
diff --git a/net/ethereal/distinfo b/net/ethereal/distinfo
index f45a54e171d..fd8257a5e04 100644
--- a/net/ethereal/distinfo
+++ b/net/ethereal/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.36 2005/03/14 15:09:28 salo Exp $
+$NetBSD: distinfo,v 1.36.2.1 2005/04/30 05:21:59 salo Exp $
 
 SHA1 (ethereal-0.10.10.tar.bz2) = 611259edaf36a34a49331ed6fbc194c2407bd528
 RMD160 (ethereal-0.10.10.tar.bz2) = 1867f061c704482ea15c78077d3289ac67984001
 Size (ethereal-0.10.10.tar.bz2) = 5799231 bytes
+SHA1 (patch-aa) = bbf886b22d1ad79951fe971fe1603d93903e842f
diff --git a/net/ethereal/patches/patch-aa b/net/ethereal/patches/patch-aa
new file mode 100644
index 00000000000..4a1f7e57f74
--- /dev/null
+++ b/net/ethereal/patches/patch-aa
@@ -0,0 +1,130 @@
+$NetBSD: patch-aa,v 1.12.2.1 2005/04/30 05:21:59 salo Exp $
+
+--- epan/dissectors/packet-rsvp.c.orig	2005-03-10 15:53:40.000000000 +0000
++++ epan/dissectors/packet-rsvp.c	2005-04-28 16:56:00.000000000 +0100
+@@ -1346,9 +1346,9 @@
+ 		       tvbuff_t *tvb, int offset, int obj_length, 
+ 		       int subtree_type)
+ {
+-    guint16   tlv_off;
++    guint     tlv_off;
+     guint16   tlv_type;
+-    guint16   tlv_len;
++    guint     tlv_len;
+     char     *ifindex_name;
+     proto_tree *rsvp_ifid_subtree, *ti2;
+     int       offset2 = offset + 4;
+@@ -1356,6 +1356,12 @@
+     for (tlv_off = 0; tlv_off < obj_length - 12; ) {
+ 	tlv_type = tvb_get_ntohs(tvb, offset+tlv_off);
+ 	tlv_len = tvb_get_ntohs(tvb, offset+tlv_off+2);
++
++	if (tlv_len == 0) {
++	    proto_tree_add_text(rsvp_object_tree, tvb, offset+tlv_off+2, 2,
++		"Invalid length (0)");
++	    return;
++	}
+ 	switch(tlv_type) {
+ 	case 1:
+ 	    ti2 = proto_tree_add_text(rsvp_object_tree, tvb,
+@@ -3330,6 +3336,11 @@
+ 
+ 	}
+ 
++	if (tvb_get_guint8(tvb, offset+l+1) < 1) {
++	    proto_tree_add_text(rsvp_ro_subtree, tvb, offset+l+1, 1,
++		"Invalid length: %u", tvb_get_guint8(tvb, offset+l+1));
++	    return;
++	}
+ 	l += tvb_get_guint8(tvb, offset+l+1);
+ 	if (l < obj_length - 4) {
+ 	    if (i < 4)
+@@ -4020,6 +4031,11 @@
+ 	    }
+ 
+ 	    l += tvb_get_guint8(tvb, offset2+l+1);
++	    if (l < 1) {
++		proto_tree_add_text(rsvp_gen_uni_subtree, tvb, offset2+l+1, 1,
++		    "Invalid length: %u", tvb_get_guint8(tvb, offset2+l+1));
++		return;
++	    }
+ 	    if (l < mylen) {
+ 		if (i < 4)
+ 		    proto_item_append_text(ti, ", ");
+@@ -4070,7 +4086,7 @@
+     proto_tree_add_text(rsvp_object_tree, tvb, offset+2, 1,
+ 			"Class number: %u - %s",
+ 			class, type_str);
+-    proto_item_set_text(ti, "CALL-ID");
++    proto_item_set_text(ti, "CALL-ID: ");
+     type = tvb_get_guint8 (tvb, offset2);
+     switch(c_type) {
+     case 1:
+@@ -4084,6 +4100,8 @@
+ 			      val_to_str(type, address_type_vals, "Unknown (%u)"));
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset2+1, 3, "Reserved: %u",
+ 			      tvb_get_ntoh24(tvb, offset2+1));
++	  proto_item_append_text(ti, "Operator-Specific. Addr Type: %s. ", 
++				 val_to_str(type, address_type_vals, "Unknown (%u)"));
+ 	}
+ 	else {
+ 	  offset3 = offset2 + 16;
+@@ -4095,10 +4113,13 @@
+ 	  str = tvb_get_string (tvb, offset2 + 1, 3);  
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset2 + 1, 3,
+ 			      "International Segment: %s", str); 
++	  proto_item_append_text(ti, "Globally-Unique. Addr Type: %s. Intl Segment: %s. ", 
++				 val_to_str(type, address_type_vals, "Unknown (%u)"), str);
+ 	  g_free (str);
+ 	  str = tvb_get_string (tvb, offset2 + 4, 12);  
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset2 + 4, 12,
+ 			      "National Segment: %s", str); 
++	  proto_item_append_text(ti, "Natl Segment: %s. ", str);
+ 	  g_free (str);
+ 	}
+ 
+@@ -4107,30 +4128,36 @@
+ 	  offset4 = offset3 + 4;
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset3, 4, "Source Transport Network addr: %s",
+ 			      ip_to_str(tvb_get_ptr(tvb, offset3, 4)));
++	  proto_item_append_text(ti, "Src TNA: %s. ", ip_to_str(tvb_get_ptr(tvb, offset3, 4)));
+ 	  break;
+ 	  
+ 	case 2:
+ 	  offset4 = offset3 + 16;
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset3, 16, "Source Transport Network addr: %s",
+ 			      ip6_to_str((const struct e_in6_addr *) tvb_get_ptr(tvb, offset3, 16)));
++	  proto_item_append_text(ti, "Src TNA: %s. ", 
++				 ip6_to_str((const struct e_in6_addr *) tvb_get_ptr(tvb, offset3, 16)));
+ 	  break;
+ 	  
+ 	case 3:
+ 	  offset4 = offset3 + 20;
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset3, 20, "Source Transport Network addr: %s",
+ 			      tvb_bytes_to_str(tvb, offset3, 20));
++	  proto_item_append_text(ti, "Src TNA: %s. ", tvb_bytes_to_str(tvb, offset3, 20));
+ 	  break;
+ 	  
+ 	case 4:
+ 	  offset4 = offset3 + 6;
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset3, 6, "Source Transport Network addr: %s",
+ 			      tvb_bytes_to_str(tvb, offset3, 6));
++	  proto_item_append_text(ti, "Src TNA: %s. ", tvb_bytes_to_str(tvb, offset3, 6));
+ 	  break;
+ 	  
+ 	case 0x7F:
+ 	  offset4 = offset3 + len;
+ 	  proto_tree_add_text(rsvp_object_tree, tvb, offset3, len, "Source Transport Network addr: %s",
+ 			      tvb_bytes_to_str(tvb, offset3, len));
++	  proto_item_append_text(ti, "Src TNA: %s. ", tvb_bytes_to_str(tvb, offset3, len));
+ 	  break;
+ 
+ 	default:
+@@ -4141,6 +4168,7 @@
+ 
+ 	proto_tree_add_text(rsvp_object_tree, tvb, offset4, 8, "Local Identifier: %s",
+ 			    tvb_bytes_to_str(tvb, offset4, 8));
++	proto_item_append_text(ti, "Local ID: %s. ", tvb_bytes_to_str(tvb, offset4, 8));
+ 	break;
+ 
+     default: