From 91e590e2ad271b740ddf5b6ef49c716c017b132c Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Fri, 6 Jun 2025 10:29:16 +0800 Subject: [PATCH] Fix CVE-2025-5601 --- CVE-2025-5601.patch | 63 +++++++++++++++++++++++++++++++++++++++++++++ wireshark.spec | 6 ++++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 CVE-2025-5601.patch diff --git a/CVE-2025-5601.patch b/CVE-2025-5601.patch new file mode 100644 index 0000000..a289bef --- /dev/null +++ b/CVE-2025-5601.patch @@ -0,0 +1,63 @@ +From 8c186dbb381cf51064fa8dbff7953468d5ae394c Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sat, 26 Apr 2025 10:01:19 +0000 +Subject: [PATCH] column: Do not allow fence to go beyond column size when + prepending + +When moving the fence location forward when prepending, ensure +that it does not go past the end of the buffer. + +Also get rid of unnecessary branching and strlen calls. + +Fix #20509 + + +(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0) + +Co-authored-by: John Thacker + +Origin: https://gitlab.com/wireshark/wireshark/-/commit/8c186dbb381cf51064fa8dbff7953468d5ae394c +--- + epan/column-utils.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/epan/column-utils.c b/epan/column-utils.c +index e5b4e31..3b61dce 100644 +--- a/epan/column-utils.c ++++ b/epan/column-utils.c +@@ -578,8 +578,13 @@ col_prepend_fstr(column_info *cinfo, const gint el, const gchar *format, ...) + /* + * Move the fence, unless it's at the beginning of the string. + */ +- if (col_item->col_fence > 0) +- col_item->col_fence += (int) strlen(col_item->col_buf); ++ if (col_item->col_fence > 0) { ++ /* pos >= strlen if truncation occurred; this saves on a strlen ++ * call and prevents adding a single byte character later if a ++ * a multibyte character was truncated (good). */ ++ col_item->col_fence += (int) pos; ++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence); ++ } + + (void) g_strlcat(col_item->col_buf, orig, max_len); + col_item->col_data = col_item->col_buf; +@@ -622,11 +627,11 @@ col_prepend_fence_fstr(column_info *cinfo, const gint el, const gchar *format, . + * Move the fence if it exists, else create a new fence at the + * end of the prepended data. + */ +- if (col_item->col_fence > 0) { +- col_item->col_fence += (int) strlen(col_item->col_buf); +- } else { +- col_item->col_fence = (int) strlen(col_item->col_buf); +- } ++ /* pos >= strlen if truncation occurred; this saves on a strlen ++ * call and prevents adding a single byte character later if a ++ * a multibyte character was truncated (good). */ ++ col_item->col_fence += (int) pos; ++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence); + (void) g_strlcat(col_item->col_buf, orig, max_len); + col_item->col_data = col_item->col_buf; + } +-- +2.49.0 + diff --git a/wireshark.spec b/wireshark.spec index 1ad9fd1..51a5f54 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -5,7 +5,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 3.6.14 -Release: 12 +Release: 13 Epoch: 1 License: GPL+ Url: http://www.wireshark.org/ @@ -41,6 +41,7 @@ Patch22: CVE-2024-4855.patch Patch23: CVE-2024-8250.patch Patch24: CVE-2024-24476.patch Patch25: CVE-2024-8645.patch +Patch26: CVE-2025-5601.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -215,6 +216,9 @@ exit 0 %{_mandir}/man?/* %changelog +* Fri Jun 06 2025 yaoxin <1024769339@qq.com> - 1:3.6.14-13 +- Fix CVE-2025-5601 + * Wed Oct 09 2024 yaoxin - 1:3.6.14-12 - Fix CVE-2024-8645 -- Gitee