meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Thu, 18 May 2023 18:06:36 -0400
Subject: [PATCH] MS-MMS: Use format_text_string()

The length of a string transcoded from UTF-16 to UTF-8 can be
shorter (or longer) than the original length in bytes in the packet.
Use the new string length, not the original length.

Use format_text_string, which is a convenience function that
calls strlen.

Fix #19086

(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b)

Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a]
CVE: CVE-2023-0667
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 epan/dissectors/packet-ms-mms.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c
index db1d2cc..3d5c7ee 100644
--- a/epan/dissectors/packet-ms-mms.c
+++ b/epan/dissectors/packet-ms-mms.c
@@ -739,7 +739,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro
                                  transport_info, "Transport: (%s)", transport_info);
 
     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
-                    format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20));
+                    format_text_string(pinfo->pool, (const guchar*)transport_info));
 
 
     /* Try to extract details from this string */
@@ -836,7 +836,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
                             ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version);
 
         col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')",
-                    format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version)));
+                    format_text_string(pinfo->pool, (const guchar*)server_version));
     }
     offset += (server_version_length*2);
 
@@ -890,7 +890,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_
                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info);
 
     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
-                    format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info)));
+                    format_text_string(pinfo->pool, (const guchar*)player_info));
 }
 
 /* Dissect info about where client wants to start playing from */
@@ -965,7 +965,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto
                         ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file);
 
     col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
-                    format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file)));
+                    format_text_string(pinfo->pool, (const guchar*)server_file));
 }
 
 /* Dissect media details from server */
-- 
2.25.1