diff --git a/CVE-2023-0666.patch b/CVE-2023-0666.patch new file mode 100644 index 0000000000000000000000000000000000000000..c27b4f4ff1db6c7507e03a1518320a60329905b2 --- /dev/null +++ b/CVE-2023-0666.patch @@ -0,0 +1,116 @@ +From 28fdce547c417b868c521f87fb58f71ca6b1e3f7 Mon Sep 17 00:00:00 2001 +From: Gerald Combs +Date: Thu, 18 May 2023 13:52:48 -0700 +Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes + +Use the proper dest_size in various g_strlcpy calls. + +Fixes #19085 +--- + epan/dissectors/packet-rtps.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c +index c152d50..f4da449 100644 +--- a/epan/dissectors/packet-rtps.c ++++ b/epan/dissectors/packet-rtps.c +@@ -4487,7 +4487,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + ++tk_id; + } + +- (void) g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40); ++ (void) g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name)); + + /* Structure of the typecode data: + * +@@ -4658,7 +4658,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + member_name, -1, NULL, ndds_40_hack); + } + /* Finally prints the name of the struct (if provided) */ +- (void) g_strlcpy(type_name, "}", 40); ++ (void) g_strlcpy(type_name, "}", sizeof(type_name)); + break; + + } /* end of case UNION */ +@@ -4829,7 +4829,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + } + } + /* Finally prints the name of the struct (if provided) */ +- (void) g_strlcpy(type_name, "}", 40); ++ (void) g_strlcpy(type_name, "}", sizeof(type_name)); + break; + } + +@@ -4921,7 +4921,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + offset += 4; + alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII); + offset = check_offset_addition(offset, alias_name_length, tree, NULL, tvb); +- (void) g_strlcpy(type_name, alias_name, 40); ++ (void) g_strlcpy(type_name, alias_name, sizeof(type_name)); + break; + } + +@@ -4956,7 +4956,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + if (tk_id == RTI_CDR_TK_VALUE_PARAM) { + type_id_name = "valueparam"; + } +- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name); ++ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name); + break; + } + } /* switch(tk_id) */ +@@ -5120,7 +5120,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree, + long_number = tvb_get_guint32(tvb, offset_tmp, encoding); + name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII); + if (info) +- (void) g_strlcpy(info->member_name, name, long_number); ++ (void) g_strlcpy(info->member_name, name, sizeof(info->member_name)); + + proto_item_append_text(tree, " %s", name); + offset = check_offset_addition(offset, member_length, tree, NULL, tvb); +@@ -5296,13 +5296,13 @@ static gint rtps_util_add_type_member(proto_tree *tree, + proto_item_append_text(tree, " %s (ID: %d)", name, member_id); + if (member_object) { + member_object->member_id = member_id; +- (void) g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256); ++ (void) g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name)); + member_object->type_id = member_type_id; + } + if (info && info->extensibility == EXTENSIBILITY_MUTABLE) { + mutable_member_mapping * mutable_mapping = NULL; + mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping); +- (void) g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256); ++ (void) g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name)); + mutable_mapping->struct_type_id = info->type_id; + mutable_mapping->member_type_id = member_type_id; + mutable_mapping->member_id = member_id; +@@ -5357,7 +5357,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree, + union_member_mapping * mapping = NULL; + + mapping = wmem_new(wmem_file_scope(), union_member_mapping); +- (void) g_strlcpy(mapping->member_name, object.member_name, 256); ++ (void) g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name)); + mapping->member_type_id = object.type_id; + mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT; + mapping->union_type_id = union_type_id + mapping->discriminator; +@@ -5370,7 +5370,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree, + union_member_mapping * mapping = NULL; + + mapping = wmem_new(wmem_file_scope(), union_member_mapping); +- (void) g_strlcpy(mapping->member_name, object.member_name, 256); ++ (void) g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name)); + mapping->member_type_id = object.type_id; + mapping->discriminator = -1; + mapping->union_type_id = union_type_id + mapping->discriminator; +@@ -5390,7 +5390,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree, + ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding); + offset_tmp += 4; + +- (void) g_strlcpy(mapping->member_name, object.member_name, 256); ++ (void) g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name)); + mapping->member_type_id = object.type_id; + mapping->discriminator = discriminator_case; + mapping->union_type_id = union_type_id + discriminator_case; +-- +2.33.0 + diff --git a/wireshark.spec b/wireshark.spec index ab5edaf0eb7e0aecf13d175bbc469aa6f1cafe4c..c9fb1c15c262525653a2e088649ed272985565cb 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -5,7 +5,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 3.6.14 -Release: 6 +Release: 7 Epoch: 1 License: GPL+ Url: http://www.wireshark.org/ @@ -32,6 +32,8 @@ Patch14: CVE-2023-5371.patch Patch15: CVE-2023-6175.patch Patch16: CVE-2024-0208.patch Patch17: CVE-2024-0209.patch +# https://gitlab.com/wireshark/wireshark/-/commit/28fdce547c417b868c521f87fb58f71ca6b1e3f7 +Patch18: CVE-2023-0666.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -206,6 +208,9 @@ exit 0 %{_mandir}/man?/* %changelog +* Mon Mar 25 2024 yaoxin - 1:3.6.14-7 +- Fix CVE-2023-0666 + * Thu Jan 04 2024 wangkai <13474090681@163.com> - 1:3.6.14-6 - Fix CVE-2024-0208,CVE-2024-0209