diff --git a/wireshark-0010-CVE-2024-8250.patch b/wireshark-0010-CVE-2024-8250.patch new file mode 100644 index 0000000..81f827b --- /dev/null +++ b/wireshark-0010-CVE-2024-8250.patch @@ -0,0 +1,49 @@ +From 66dcd56f1eae615697b6588ac4778a61a5576391 Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sun, 28 Jul 2024 08:24:20 -0400 +Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash + table + +We could change this table to an autoreset wmem_map as well. + +Fix #19943 +--- + epan/dissectors/packet-ntlmssp.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c +index 7e1d754ee35..ff825ddee55 100644 +--- a/epan/dissectors/packet-ntlmssp.c ++++ b/epan/dissectors/packet-ntlmssp.c +@@ -2438,7 +2438,9 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, uint32_t encrypted_block_length, + decrypted_payloads = g_slist_prepend(decrypted_payloads, + packet_ntlmssp_info->decrypted_payload); + if (key != NULL) { +- g_hash_table_insert(hash_packet, key, packet_ntlmssp_info); ++ uint8_t *perm_key = g_new(uint8_t, NTLMSSP_KEY_LEN); ++ memcpy(perm_key, key, NTLMSSP_KEY_LEN); ++ g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info); + } + + /* Do the decryption of the payload */ +@@ -2888,7 +2890,7 @@ header_hash(const void *pointer) + static gboolean + header_equal(gconstpointer pointer1, gconstpointer pointer2) + { +- if (!memcmp(pointer1, pointer2, 16)) { ++ if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) { + return TRUE; + } + else { +@@ -2899,7 +2901,7 @@ header_equal(const void *pointer1, const void *pointer2) + static void + ntlmssp_init_protocol(void) + { +- hash_packet = g_hash_table_new(header_hash, header_equal); ++ hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL); + } + + static void +-- +GitLab + diff --git a/wireshark.spec b/wireshark.spec index 2945ca5..6696da9 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -6,7 +6,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 4.2.6 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib) Url: http://www.wireshark.org/ @@ -29,6 +29,7 @@ Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch Patch7: wireshark-0007-cmakelists.patch Patch8: wireshark-0008-pkgconfig.patch Patch9: wireshark-0009-sync-pipe-stderr-messages.patch +Patch10: wireshark-0010-CVE-2024-8250.patch #install tshark together with wireshark GUI Requires: %{name}-cli = %{epoch}:%{version}-%{release} @@ -281,6 +282,9 @@ fi %{_libdir}/pkgconfig/%{name}.pc %changelog +* Fri Sep 27 2024 Michal Ruprich - 1:4.2.6-2 +- Resolves: RHEL-56505 - NTLMSSP dissector crash + * Thu Aug 22 2024 Michal Ruprich - 1:4.2.6-1 - New version 4.2.6