master

分支 (3)

标签 (1)

管理

管理

master

openEuler1.0-base

openEuler1.0

openEuler-20.03-LTS-tag

wireshark
/
wireshark-CVE-2018-18225.patch

From 5a2aafef7a8ad4b3917823133c2e3534951fc4d3 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 9 Oct 2018 19:18:34 +0200
Subject: [PATCH] coap: ensure that piv_len matches piv

In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).

Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/packet-coap.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/epan/dissectors/packet-coap.c b/epan/dissectors/packet-coap.c
index b034042..40331af 100644
--- a/epan/dissectors/packet-coap.c
+++ b/epan/dissectors/packet-coap.c
@@ -451,8 +451,11 @@ dissect_coap_opt_object_security(tvbuff_t *tvb, proto_item *head_item, proto_tre
 	coinfo->object_security = TRUE;

 	coinfo->oscore_info->piv = NULL;
+	coinfo->oscore_info->piv_len = 0;
 	coinfo->oscore_info->kid_context = NULL;
+	coinfo->oscore_info->kid_context_len = 0;
 	coinfo->oscore_info->kid = NULL;
+	coinfo->oscore_info->kid_len = 0;

 	if (opt_length == 0) { /* option length is zero, means flag byte is 0x00*/
 		/* add info to the head of the packet detail */
@@ -1148,11 +1151,9 @@ dissect_coap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* d
 							/* Indicate to OSCORE that this response contains its own PIV */
 							coinfo->oscore_info->piv_in_response = TRUE;
 							coap_trans->oscore_info->piv_in_response = TRUE;
-						} else {
-							if (coap_trans->oscore_info->piv) {
-								/* Use the PIV from the request */
-								coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
-							}
+						} else if (coap_trans->oscore_info->piv_len > 0) {
+							/* Use the PIV from the request */
+							coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
 							coinfo->oscore_info->piv_len = coap_trans->oscore_info->piv_len;
 						}
 						coinfo->oscore_info->response = TRUE;
--
1.7.12.4