rpms/wireshark
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-56505 - NTLMSSP dissector crash

Browse Source
This commit is contained in:
Michal Ruprich 2024-09-27 11:37:34 +02:00
parent 5801da5e58
commit b6d59e63b8
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
wireshark-0010-CVE-2024-8250.patch Normal file
View File

@ -0,0 +1,49 @@
From 66dcd56f1eae615697b6588ac4778a61a5576391 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sun, 28 Jul 2024 08:24:20 -0400
Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash
table
We could change this table to an autoreset wmem_map as well.
Fix #19943
---
epan/dissectors/packet-ntlmssp.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
index 7e1d754ee35..ff825ddee55 100644
--- a/epan/dissectors/packet-ntlmssp.c
+++ b/epan/dissectors/packet-ntlmssp.c
@@ -2438,7 +2438,9 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, uint32_t encrypted_block_length,
decrypted_payloads = g_slist_prepend(decrypted_payloads,
packet_ntlmssp_info->decrypted_payload);
if (key != NULL) {
- g_hash_table_insert(hash_packet, key, packet_ntlmssp_info);
+ uint8_t *perm_key = g_new(uint8_t, NTLMSSP_KEY_LEN);
+ memcpy(perm_key, key, NTLMSSP_KEY_LEN);
+ g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info);
}
/* Do the decryption of the payload */
@@ -2888,7 +2890,7 @@ header_hash(const void *pointer)
static gboolean
header_equal(gconstpointer pointer1, gconstpointer pointer2)
{
- if (!memcmp(pointer1, pointer2, 16)) {
+ if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) {
return TRUE;
}
else {
@@ -2899,7 +2901,7 @@ header_equal(const void *pointer1, const void *pointer2)
static void
ntlmssp_init_protocol(void)
{
- hash_packet = g_hash_table_new(header_hash, header_equal);
+ hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL);
}
static void
--
GitLab

6
wireshark.spec
View File

@ -6,7 +6,7 @@
Summary: Network traffic analyzer Summary: Network traffic analyzer
Name: wireshark Name: wireshark
Version: 4.2.6 Version: 4.2.6
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 1 Epoch: 1
License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib) License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib)
Url: http://www.wireshark.org/ Url: http://www.wireshark.org/
@ -29,6 +29,7 @@ Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch7: wireshark-0007-cmakelists.patch Patch7: wireshark-0007-cmakelists.patch
Patch8: wireshark-0008-pkgconfig.patch Patch8: wireshark-0008-pkgconfig.patch
Patch9: wireshark-0009-sync-pipe-stderr-messages.patch Patch9: wireshark-0009-sync-pipe-stderr-messages.patch
Patch10: wireshark-0010-CVE-2024-8250.patch
#install tshark together with wireshark GUI #install tshark together with wireshark GUI
Requires: %{name}-cli = %{epoch}:%{version}-%{release} Requires: %{name}-cli = %{epoch}:%{version}-%{release}
@ -281,6 +282,9 @@ fi
%{_libdir}/pkgconfig/%{name}.pc %{_libdir}/pkgconfig/%{name}.pc
%changelog %changelog
* Fri Sep 27 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.6-2
- Resolves: RHEL-56505 - NTLMSSP dissector crash
* Thu Aug 22 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.6-1 * Thu Aug 22 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.6-1
- New version 4.2.6 - New version 4.2.6