From feff65c72fe6d512697ccf9f1c9e2ff32240777e Mon Sep 17 00:00:00 2001 From: wk333 <13474090681@163.com> Date: Fri, 30 Aug 2024 10:15:23 +0800 Subject: [PATCH] Fix CVE-2024-8250 --- CVE-2024-8250.patch | 56 +++++++++++++++++++++++++++++++++++++++++++++ wireshark.spec | 8 +++++-- 2 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 CVE-2024-8250.patch diff --git a/CVE-2024-8250.patch b/CVE-2024-8250.patch new file mode 100644 index 0000000..4791221 --- /dev/null +++ b/CVE-2024-8250.patch @@ -0,0 +1,56 @@ +From be0e7c955d7efa628baa97447127c3434b575765 Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sun, 28 Jul 2024 13:06:50 +0000 +Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash + table + +Origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/16640 + +We could change this table to an autoreset wmem_map as well. + +Fix #19943 + + +(cherry picked from commit 66dcd56f1eae615697b6588ac4778a61a5576391) + +Co-authored-by: John Thacker +--- + epan/dissectors/packet-ntlmssp.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c +index a538c204e61..d279d74eb53 100644 +--- a/epan/dissectors/packet-ntlmssp.c ++++ b/epan/dissectors/packet-ntlmssp.c +@@ -2353,7 +2353,9 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length, + decrypted_payloads = g_slist_prepend(decrypted_payloads, + packet_ntlmssp_info->decrypted_payload); + if (key != NULL) { +- g_hash_table_insert(hash_packet, key, packet_ntlmssp_info); ++ uint8_t *perm_key = g_new(uint8_t, NTLMSSP_KEY_LEN); ++ memcpy(perm_key, key, NTLMSSP_KEY_LEN); ++ g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info); + } + + /* Do the decryption of the payload */ +@@ -2803,7 +2805,7 @@ header_hash(gconstpointer pointer) + static gboolean + header_equal(gconstpointer pointer1, gconstpointer pointer2) + { +- if (!memcmp(pointer1, pointer2, 16)) { ++ if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) { + return TRUE; + } + else { +@@ -2814,7 +2816,7 @@ header_equal(gconstpointer pointer1, gconstpointer pointer2) + static void + ntlmssp_init_protocol(void) + { +- hash_packet = g_hash_table_new(header_hash, header_equal); ++ hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL); + } + + static void +-- +GitLab + diff --git a/wireshark.spec b/wireshark.spec index 7fc6e36..5a2e8d5 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -5,7 +5,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 4.2.5 -Release: 1 +Release: 2 Epoch: 1 License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib) Url: http://www.wireshark.org/ @@ -22,6 +22,7 @@ Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch Patch7: wireshark-0007-cmakelists.patch Patch8: wireshark-0008-pkgconfig.patch +Patch9: CVE-2024-8250.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -202,7 +203,10 @@ fi %{_mandir}/man?/* %changelog -* Wed Jul 03 2024 yaoxin 1:4.2.5-1 +* Fri Aug 30 2024 wangkai <13474090681@163.com> - 1:4.2.5-2 +- Fix CVE-2024-8250 + +* Wed Jul 03 2024 yaoxin - 1:4.2.5-1 - Update to 4.2.5 - vulnerabilities fixed: * CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops -- Gitee