aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch')
-rw-r--r--meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch122
1 files changed, 122 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
new file mode 100644
index 0000000000..7732916826
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch
@@ -0,0 +1,122 @@
+From 265cbf15a418b629c3c8f02c0ba901913b1c8fd2 Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Thu, 18 May 2023 13:52:48 -0700
+Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
+
+Use the proper dest_size in various g_strlcpy calls.
+
+Fixes #19085
+
+(cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7)
+
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2]
+CVE: CVE-2023-0666
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
+index 5c2d1c1..ef592d7 100644
+--- a/epan/dissectors/packet-rtps.c
++++ b/epan/dissectors/packet-rtps.c
+@@ -3025,7 +3025,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+ ++tk_id;
+ }
+
+- g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
++ g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
+
+ /* Structure of the typecode data:
+ *
+@@ -3196,7 +3196,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+ member_name, -1, NULL, ndds_40_hack);
+ }
+ /* Finally prints the name of the struct (if provided) */
+- g_strlcpy(type_name, "}", 40);
++ g_strlcpy(type_name, "}", sizeof(type_name));
+ break;
+
+ } /* end of case UNION */
+@@ -3367,7 +3367,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+ }
+ }
+ /* Finally prints the name of the struct (if provided) */
+- g_strlcpy(type_name, "}", 40);
++ g_strlcpy(type_name, "}", sizeof(type_name));
+ break;
+ }
+
+@@ -3459,7 +3459,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+ offset += 4;
+ alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
+ offset += alias_name_length;
+- g_strlcpy(type_name, alias_name, 40);
++ g_strlcpy(type_name, alias_name, sizeof(type_name));
+ break;
+ }
+
+@@ -3494,7 +3494,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
+ if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
+ type_id_name = "valueparam";
+ }
+- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
++ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
+ break;
+ }
+ } /* switch(tk_id) */
+@@ -3673,7 +3673,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
+ long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
+ name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
+ if (info)
+- g_strlcpy(info->member_name, name, long_number);
++ g_strlcpy(info->member_name, name, sizeof(info->member_name));
+
+ proto_item_append_text(tree, " %s", name);
+ offset += member_length;
+@@ -3848,13 +3848,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
+ proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
+ if (member_object) {
+ member_object->member_id = member_id;
+- g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
++ g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
+ member_object->type_id = member_type_id;
+ }
+ if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
+ mutable_member_mapping * mutable_mapping = NULL;
+ mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
+- g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
++ g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
+ mutable_mapping->struct_type_id = info->type_id;
+ mutable_mapping->member_type_id = member_type_id;
+ mutable_mapping->member_id = member_id;
+@@ -3909,7 +3909,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+ union_member_mapping * mapping = NULL;
+
+ mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+- g_strlcpy(mapping->member_name, object.member_name, 256);
++ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+ mapping->member_type_id = object.type_id;
+ mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
+ mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3922,7 +3922,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+ union_member_mapping * mapping = NULL;
+
+ mapping = wmem_new(wmem_file_scope(), union_member_mapping);
+- g_strlcpy(mapping->member_name, object.member_name, 256);
++ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+ mapping->member_type_id = object.type_id;
+ mapping->discriminator = -1;
+ mapping->union_type_id = union_type_id + mapping->discriminator;
+@@ -3942,7 +3942,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
+ ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
+ offset_tmp += 4;
+
+- g_strlcpy(mapping->member_name, object.member_name, 256);
++ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
+ mapping->member_type_id = object.type_id;
+ mapping->discriminator = discriminator_case;
+ mapping->union_type_id = union_type_id + discriminator_case;
+--
+2.25.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-30 21:28:46 +0000