meta-openembedded - Collection of OpenEmbedded layers

Age	Commit message (Expand)	Author
2016-11-29	xfce-app.bbclass: add x11 to REQUIRED_DISTRO_FEATURES	Jackie Huang
2016-11-29	xfce-panel-plugin.bbclass: add x11 to REQUIRED_DISTRO_FEATURES	Jackie Huang
2016-11-29	thunar-plugin.bbclass: add x11 to REQUIRED_DISTRO_FEATURES	Jackie Huang
2016-05-06	meta-xfce: add intltool-native to DEPENDS	Andreas Müller
2014-10-16	xfce-app.bbclass: SRC_URI calculation supports multiple digit version numbers	Andreas Müller
2014-06-10	xfce-git: Run autogen.sh in source directory	Ash Charles
2014-04-20	xfce-git.bbclass initial add	Andreas Müller
2013-05-19	thunar-plugin.bbclass: initial add	Andreas Müller
2012-09-18	xfce.bbclass: change SRC_URI calculation	Andreas Müller
2012-01-05	xfce.bbclass: inherit gettext	Andreas Müller
2011-11-02	xfce-panel-plugin.bbclass: Add further directories to FILES_${PN}	Andreas Müller
2011-11-02	xfce.bbclass: Add further folders for ${PN}-dev/-staticdev/-dbg	Andreas Müller
2011-10-31	xfce-app.bbclass: just set SRC_URI commmon to most xfce-apps	Andreas Müller
2011-10-25	xfce-panel-plugin.bbclass: pack modules also from ${libdir}/xfce4/panel-plugins	Andreas Müller
2011-10-25	xfce.bbclass: Move static libraries to ${PN}-staticdev	Andreas Müller
2011-10-18	xfce-panel-plugin: bbclass for panel plugins	Andreas Müller
2011-09-22	xfce4-dev-tools: add native support	Andreas Müller
2011-08-05	xfce.bbclass: A class for xfce-global settings	Andreas Mueller

From cb190d6839ddcd4596b0205844f45553f1e77105 Mon Sep 17 00:00:00 2001 From: Guy Harris <gharris@sonic.net> Date: Fri, 19 May 2023 16:29:45 -0700 Subject: [PATCH] netscaler: add more checks to make sure the record is within the page. Whie we're at it, restructure some other checks to test-before-casting - it's OK to test afterwards, but testing before makes it follow the pattern used elsewhere. Fixes #19081. Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105] CVE: CVE-2023-2858 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- wiretap/netscaler.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c index 01a7f6d..4fa020b 100644 --- a/wiretap/netscaler.c +++ b/wiretap/netscaler.c @@ -1091,13 +1091,13 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info) #define PACKET_DESCRIBE(rec,buf,FULLPART,fullpart,ver,type,HEADERVER) \ do {\ - nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\ /* Make sure the record header is entirely contained in the page */\ - if ((nstrace_buflen - nstrace_buf_offset) < sizeof *type) {\ + if ((nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_pktrace##fullpart##_v##ver##_t)) {\ *err = WTAP_ERR_BAD_FILE;\ *err_info = g_strdup("nstrace: record header crosses page boundary");\ return FALSE;\ }\ + nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\ /* Check sanity of record size */\ if (pletoh16(&type->nsprRecordSize) < sizeof *type) {\ *err = WTAP_ERR_BAD_FILE;\ @@ -1162,6 +1162,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf, case NSPR_ABSTIME_V10: { + if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info)) + return FALSE; nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset]; if (pletoh16(&fp->nsprRecordSize) == 0) { *err = WTAP_ERR_BAD_FILE; @@ -1175,6 +1177,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf, case NSPR_RELTIME_V10: { + if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info)) + return FALSE; nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset]; if (pletoh16(&fp->nsprRecordSize) == 0) { *err = WTAP_ERR_BAD_FILE; @@ -1192,6 +1196,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf, default: { + if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info)) + return FALSE; nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset]; if (pletoh16(&fp->nsprRecordSize) == 0) { *err = WTAP_ERR_BAD_FILE; @@ -1475,14 +1481,14 @@ static gboolean nstrace_read_v20(wtap *wth, wtap_rec *rec, Buffer *buf, #define PACKET_DESCRIBE(rec,buf,FULLPART,ver,enumprefix,type,structname,HEADERVER)\ do {\ - nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\ /* Make sure the record header is entirely contained in the page */\ - if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof *fp) {\ + if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_##structname##_t)) {\ *err = WTAP_ERR_BAD_FILE;\ *err_info = g_strdup("nstrace: record header crosses page boundary");\ g_free(nstrace_tmpbuff);\ return FALSE;\ }\ + nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\ (rec)->rec_type = REC_TYPE_PACKET;\ TIMEDEFV##ver((rec),fp,type);\ FULLPART##SIZEDEFV##ver((rec),fp,ver);\ @@ -1589,7 +1595,6 @@ static gboolean nstrace_read_v30(wtap *wth, wtap_rec *rec, Buffer *buf, g_free(nstrace_tmpbuff); return FALSE; } - hdp = (nspr_hd_v20_t *) &nstrace_buf[nstrace_buf_offset]; if (nspr_getv20recordsize(hdp) == 0) { *err = WTAP_ERR_BAD_FILE; -- 2.25.1