From b6d59e63b8414228774e4224315cbd97f6b3d774 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <mruprich@redhat.com>
Date: Fri, 27 Sep 2024 11:37:34 +0200
Subject: [PATCH] Resolves: RHEL-56505 - NTLMSSP dissector crash

---
 wireshark-0010-CVE-2024-8250.patch | 49 ++++++++++++++++++++++++++++++
 wireshark.spec                     |  6 +++-
 2 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 wireshark-0010-CVE-2024-8250.patch

diff --git a/wireshark-0010-CVE-2024-8250.patch b/wireshark-0010-CVE-2024-8250.patch
new file mode 100644
index 0000000..81f827b
--- /dev/null
+++ b/wireshark-0010-CVE-2024-8250.patch
@@ -0,0 +1,49 @@
+From 66dcd56f1eae615697b6588ac4778a61a5576391 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sun, 28 Jul 2024 08:24:20 -0400
+Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash
+ table
+
+We could change this table to an autoreset wmem_map as well.
+
+Fix #19943
+---
+ epan/dissectors/packet-ntlmssp.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
+index 7e1d754ee35..ff825ddee55 100644
+--- a/epan/dissectors/packet-ntlmssp.c
++++ b/epan/dissectors/packet-ntlmssp.c
+@@ -2438,7 +2438,9 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, uint32_t encrypted_block_length,
+       decrypted_payloads = g_slist_prepend(decrypted_payloads,
+                                            packet_ntlmssp_info->decrypted_payload);
+       if (key != NULL) {
+-        g_hash_table_insert(hash_packet, key, packet_ntlmssp_info);
++        uint8_t *perm_key = g_new(uint8_t, NTLMSSP_KEY_LEN);
++        memcpy(perm_key, key, NTLMSSP_KEY_LEN);
++        g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info);
+       }
+ 
+       /* Do the decryption of the payload */
+@@ -2888,7 +2890,7 @@ header_hash(const void *pointer)
+ static gboolean
+ header_equal(gconstpointer pointer1, gconstpointer pointer2)
+ {
+-  if (!memcmp(pointer1, pointer2, 16)) {
++  if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) {
+     return TRUE;
+   }
+   else {
+@@ -2899,7 +2901,7 @@ header_equal(const void *pointer1, const void *pointer2)
+ static void
+ ntlmssp_init_protocol(void)
+ {
+-  hash_packet = g_hash_table_new(header_hash, header_equal);
++  hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL);
+ }
+ 
+ static void
+-- 
+GitLab
+
diff --git a/wireshark.spec b/wireshark.spec
index 2945ca5..6696da9 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -6,7 +6,7 @@
 Summary:	Network traffic analyzer
 Name:		wireshark
 Version:	4.2.6
-Release:	1%{?dist}
+Release:	2%{?dist}
 Epoch:		1
 License:	BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib)
 Url:		http://www.wireshark.org/
@@ -29,6 +29,7 @@ Patch6:   wireshark-0006-Move-tmp-to-var-tmp.patch
 Patch7:   wireshark-0007-cmakelists.patch
 Patch8:   wireshark-0008-pkgconfig.patch
 Patch9:   wireshark-0009-sync-pipe-stderr-messages.patch
+Patch10:  wireshark-0010-CVE-2024-8250.patch
 
 #install tshark together with wireshark GUI
 Requires:	%{name}-cli = %{epoch}:%{version}-%{release}
@@ -281,6 +282,9 @@ fi
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Fri Sep 27 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.6-2
+- Resolves: RHEL-56505 - NTLMSSP dissector crash
+
 * Thu Aug 22 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.6-1
 - New version 4.2.6