Mageia Bugzilla – Attachment 4346 Details for
Bug 11214
wireshark new security issues fixed in 1.8.10 and 1.10.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
[patch]
Upstream patch for CVE-2013-5719 for 1.8.9 that needs rediffed for 1.6.16
wireshark-wpna-sec-2013-56.patch (text/plain), 4.58 KB, created by
David Walser
on 2013-09-11 18:45:03 CEST
(
hide
)
Description:
Upstream patch for CVE-2013-5719 for 1.8.9 that needs rediffed for 1.6.16
Filename:
MIME Type:
Creator:
David Walser
Created:
2013-09-11 18:45:03 CEST
Size:
4.58 KB
patch
obsolete
>diff -uNrp wireshark-1.8.9/epan/dissectors/packet-assa_r3.c wireshark-1.8.10/epan/dissectors/packet-assa_r3.c >--- wireshark-1.8.9/epan/dissectors/packet-assa_r3.c 2013-06-03 22:47:07.000000000 -0400 >+++ wireshark-1.8.10/epan/dissectors/packet-assa_r3.c 2013-08-08 22:59:34.000000000 -0400 >@@ -2,7 +2,7 @@ > * Routines for R3 packet dissection > * Copyright (c) 2009 Assa Abloy USA <jcwren@assaabloyusa.com> > * >- * $Id: packet-assa_r3.c 49747 2013-06-04 02:40:14Z morriss $ >+ * $Id: packet-assa_r3.c 51232 2013-08-09 02:26:21Z morriss $ > * > * Wireshark - Network traffic analyzer > * By Gerald Combs <gerald@wireshark.org> >@@ -5191,6 +5191,7 @@ static void dissect_r3_upstreammfgfield_ > guint items = 0; > guint octets; > guint i; >+ guint8 step; > > i = start_offset; > while (i < l) >@@ -5209,7 +5210,8 @@ static void dissect_r3_upstreammfgfield_ > cf_item = proto_tree_add_text (tree, tvb, start_offset, l, "Capabilities (%u items)", items); > cf_tree = proto_item_add_subtree (cf_item, ett_r3capabilities); > >- for (i = start_offset; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) >+ i = 0; >+ while (i<l && (step=tvb_get_guint8(tvb, i))>0) > { > proto_item *tmp_item = proto_tree_add_item (cf_tree, hf_r3_capabilities, tvb, start_offset + i, tvb_get_guint8 (tvb, start_offset + i), ENC_NA); > proto_tree *tmp_tree = proto_item_add_subtree (tmp_item, ett_r3capabilities); >@@ -5221,6 +5223,8 @@ static void dissect_r3_upstreammfgfield_ > proto_tree_add_item (tmp_tree, hf_r3_capabilities_length, tvb, start_offset + i + 0, 1, ENC_LITTLE_ENDIAN); > proto_tree_add_item (tmp_tree, hf_r3_capabilities_type, tvb, start_offset + i + 1, 1, ENC_LITTLE_ENDIAN); > proto_tree_add_item (tmp_tree, hf_r3_capabilities_value, tvb, start_offset + i + 2, 2, ENC_LITTLE_ENDIAN); >+ >+ i += step; > } > } > >@@ -5328,18 +5332,24 @@ static void dissect_r3_upstreammfgfield_ > guint32 l = tvb_length_remaining (tvb, start_offset); > guint32 error = FALSE; > guint32 i; >+ guint8 step; > > if (l % 3 != 0) > expert_add_info_format (pinfo, tree, PI_UNDECODED, PI_WARN, "Checksum results data length not modulo 3 == 0"); > else > { >- for (i = start_offset; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) >+ i = 0; >+ while (i<l && (step=tvb_get_guint8(tvb, i))>0) >+ { > error |= tvb_get_guint8 (tvb, start_offset + i + 2); >+ i += step; >+ } > > cksum_item = proto_tree_add_text (tree, tvb, start_offset, l, "Checksum Results (%s)", error ? "Error" : "No Errors"); > cksum_tree = proto_item_add_subtree (cksum_item, ett_r3checksumresults); > >- for (i = 0; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) >+ i = 0; >+ while (i<l && (step=tvb_get_guint8(tvb, i))>0) > { > proto_item *res_item = proto_tree_add_item (cksum_tree, hf_r3_checksumresults, tvb, start_offset + i, tvb_get_guint8 (tvb, start_offset + i), ENC_NA); > proto_tree *res_tree = proto_item_add_subtree (res_item, ett_r3checksumresultsfield); >@@ -5352,6 +5362,8 @@ static void dissect_r3_upstreammfgfield_ > proto_tree_add_item (res_tree, hf_r3_checksumresults_length, tvb, start_offset + i + 0, 1, ENC_LITTLE_ENDIAN); > proto_tree_add_item (res_tree, hf_r3_checksumresults_field, tvb, start_offset + i + 1, 1, ENC_LITTLE_ENDIAN); > proto_tree_add_item (res_tree, hf_r3_checksumresults_state, tvb, start_offset + i + 2, 1, ENC_LITTLE_ENDIAN); >+ >+ i += step; > } > } > } >@@ -6267,6 +6279,7 @@ static void dissect_r3_cmdmfg_forceoptio > { > guint i = 0; > guint l = 0; >+ guint8 step; > > proto_tree_add_item (tree, hf_r3_commandmfglength, tvb, start_offset + 0, 1, ENC_LITTLE_ENDIAN); > proto_tree_add_item (tree, hf_r3_commandmfg, tvb, start_offset + 1, 1, ENC_LITTLE_ENDIAN); >@@ -6274,7 +6287,8 @@ static void dissect_r3_cmdmfg_forceoptio > start_offset += 2; > l = tvb_length_remaining (tvb, start_offset); > >- for (i = 0; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) >+ i = 0; >+ while (i<l && (step=tvb_get_guint8(tvb, start_offset + i))>0) > { > proto_item *force_item = proto_tree_add_text (tree, tvb, start_offset + i, tvb_get_guint8 (tvb, start_offset + i), "Force Option %s (%u)", val_to_str_ext_const (tvb_get_guint8 (tvb, start_offset + i + 1), &r3_forceitemnames_ext, "[Unknown]"), tvb_get_guint8 (tvb, start_offset + i + 1)); > proto_tree *force_tree = proto_item_add_subtree (force_item, ett_r3forceoptions); >@@ -6290,6 +6304,8 @@ static void dissect_r3_cmdmfg_forceoptio > case 4 : proto_tree_add_item (force_tree, hf_r3_forceoptions_state_32, tvb, start_offset + i + 2, 4, ENC_LITTLE_ENDIAN); break; > default : DISSECTOR_ASSERT (0); > } >+ >+ i += step; > } > } >
diff -uNrp wireshark-1.8.9/epan/dissectors/packet-assa_r3.c wireshark-1.8.10/epan/dissectors/packet-assa_r3.c --- wireshark-1.8.9/epan/dissectors/packet-assa_r3.c 2013-06-03 22:47:07.000000000 -0400 +++ wireshark-1.8.10/epan/dissectors/packet-assa_r3.c 2013-08-08 22:59:34.000000000 -0400 @@ -2,7 +2,7 @@ * Routines for R3 packet dissection * Copyright (c) 2009 Assa Abloy USA <jcwren@assaabloyusa.com> * - * $Id: packet-assa_r3.c 49747 2013-06-04 02:40:14Z morriss $ + * $Id: packet-assa_r3.c 51232 2013-08-09 02:26:21Z morriss $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -5191,6 +5191,7 @@ static void dissect_r3_upstreammfgfield_ guint items = 0; guint octets; guint i; + guint8 step; i = start_offset; while (i < l) @@ -5209,7 +5210,8 @@ static void dissect_r3_upstreammfgfield_ cf_item = proto_tree_add_text (tree, tvb, start_offset, l, "Capabilities (%u items)", items); cf_tree = proto_item_add_subtree (cf_item, ett_r3capabilities); - for (i = start_offset; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) + i = 0; + while (i<l && (step=tvb_get_guint8(tvb, i))>0) { proto_item *tmp_item = proto_tree_add_item (cf_tree, hf_r3_capabilities, tvb, start_offset + i, tvb_get_guint8 (tvb, start_offset + i), ENC_NA); proto_tree *tmp_tree = proto_item_add_subtree (tmp_item, ett_r3capabilities); @@ -5221,6 +5223,8 @@ static void dissect_r3_upstreammfgfield_ proto_tree_add_item (tmp_tree, hf_r3_capabilities_length, tvb, start_offset + i + 0, 1, ENC_LITTLE_ENDIAN); proto_tree_add_item (tmp_tree, hf_r3_capabilities_type, tvb, start_offset + i + 1, 1, ENC_LITTLE_ENDIAN); proto_tree_add_item (tmp_tree, hf_r3_capabilities_value, tvb, start_offset + i + 2, 2, ENC_LITTLE_ENDIAN); + + i += step; } } @@ -5328,18 +5332,24 @@ static void dissect_r3_upstreammfgfield_ guint32 l = tvb_length_remaining (tvb, start_offset); guint32 error = FALSE; guint32 i; + guint8 step; if (l % 3 != 0) expert_add_info_format (pinfo, tree, PI_UNDECODED, PI_WARN, "Checksum results data length not modulo 3 == 0"); else { - for (i = start_offset; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) + i = 0; + while (i<l && (step=tvb_get_guint8(tvb, i))>0) + { error |= tvb_get_guint8 (tvb, start_offset + i + 2); + i += step; + } cksum_item = proto_tree_add_text (tree, tvb, start_offset, l, "Checksum Results (%s)", error ? "Error" : "No Errors"); cksum_tree = proto_item_add_subtree (cksum_item, ett_r3checksumresults); - for (i = 0; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) + i = 0; + while (i<l && (step=tvb_get_guint8(tvb, i))>0) { proto_item *res_item = proto_tree_add_item (cksum_tree, hf_r3_checksumresults, tvb, start_offset + i, tvb_get_guint8 (tvb, start_offset + i), ENC_NA); proto_tree *res_tree = proto_item_add_subtree (res_item, ett_r3checksumresultsfield); @@ -5352,6 +5362,8 @@ static void dissect_r3_upstreammfgfield_ proto_tree_add_item (res_tree, hf_r3_checksumresults_length, tvb, start_offset + i + 0, 1, ENC_LITTLE_ENDIAN); proto_tree_add_item (res_tree, hf_r3_checksumresults_field, tvb, start_offset + i + 1, 1, ENC_LITTLE_ENDIAN); proto_tree_add_item (res_tree, hf_r3_checksumresults_state, tvb, start_offset + i + 2, 1, ENC_LITTLE_ENDIAN); + + i += step; } } } @@ -6267,6 +6279,7 @@ static void dissect_r3_cmdmfg_forceoptio { guint i = 0; guint l = 0; + guint8 step; proto_tree_add_item (tree, hf_r3_commandmfglength, tvb, start_offset + 0, 1, ENC_LITTLE_ENDIAN); proto_tree_add_item (tree, hf_r3_commandmfg, tvb, start_offset + 1, 1, ENC_LITTLE_ENDIAN); @@ -6274,7 +6287,8 @@ static void dissect_r3_cmdmfg_forceoptio start_offset += 2; l = tvb_length_remaining (tvb, start_offset); - for (i = 0; i < l; i += tvb_get_guint8 (tvb, start_offset + i)) + i = 0; + while (i<l && (step=tvb_get_guint8(tvb, start_offset + i))>0) { proto_item *force_item = proto_tree_add_text (tree, tvb, start_offset + i, tvb_get_guint8 (tvb, start_offset + i), "Force Option %s (%u)", val_to_str_ext_const (tvb_get_guint8 (tvb, start_offset + i + 1), &r3_forceitemnames_ext, "[Unknown]"), tvb_get_guint8 (tvb, start_offset + i + 1)); proto_tree *force_tree = proto_item_add_subtree (force_item, ett_r3forceoptions); @@ -6290,6 +6304,8 @@ static void dissect_r3_cmdmfg_forceoptio case 4 : proto_tree_add_item (force_tree, hf_r3_forceoptions_state_32, tvb, start_offset + i + 2, 4, ENC_LITTLE_ENDIAN); break; default : DISSECTOR_ASSERT (0); } + + i += step; } }
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 11214
: 4346 |
4347