Wireshark's DRDA dissector is prone to the infinite loop problem if specially crafted traffic is fed into it [1]. Fix: The patch at http://codelabs.ru/fbsd/ports/wireshark/1.8.2-fix-cve-2012-3548.diff fixes the issue for me. Here is the quality assurance page: http://codelabs.ru/fbsd/ports/qa/net/wireshark/1.8.2_1 When you'll be updating the port, please, include the line {{{ Security: http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html }}} into the commit log message. The version specification inside VuXML entry (security/vuxml/vuln.xml) should be changed from "1.9" to the port version that will receive the fix for this CVE. How-To-Repeat: [1] http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html
Responsible Changed From-To: freebsd-ports-bugs->marcus Over to maintainer (via the GNATS Auto Assign Tool)
Ping! -- Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
Author: marcus Date: Wed Sep 5 15:59:55 2012 New Revision: 303711 URL: http://svn.freebsd.org/changeset/ports/303711 Log: Add a fix for CVE-2012-3548. PR: 171220 Submitted by: rea Obtained from: Wireshark bug 9009 Added: head/net/wireshark/files/patch-cve-2012-3548 (contents, props changed) Modified: head/net/wireshark/Makefile Modified: head/net/wireshark/Makefile ============================================================================== --- head/net/wireshark/Makefile Wed Sep 5 15:43:33 2012 (r303710) +++ head/net/wireshark/Makefile Wed Sep 5 15:59:55 2012 (r303711) @@ -7,6 +7,7 @@ PORTNAME?= wireshark PORTVERSION= 1.8.2 +PORTREVISION= 1 CATEGORIES= net ipv6 MASTER_SITES= http://www.wireshark.org/download/src/ \ http://ftp.uni-kl.de/pub/wireshark/src/ \ Added: head/net/wireshark/files/patch-cve-2012-3548 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/wireshark/files/patch-cve-2012-3548 Wed Sep 5 15:59:55 2012 (r303711) @@ -0,0 +1,23 @@ +Obtained-from: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9009&action=diff&context=patch&collapsed=&headers=1&format=raw + +--- epan/dissectors/packet-drda.c (revision 44689) ++++ epan/dissectors/packet-drda.c (working copy) +@@ -55,6 +55,7 @@ + #include <epan/packet.h> + #include <epan/conversation.h> + #include <epan/prefs.h> ++#include <epan/expert.h> + #include "packet-tcp.h" + + static int proto_drda = -1; +@@ -696,6 +697,10 @@ + { + iCommand = tvb_get_ntohs(tvb, offset + 8); + iLength = tvb_get_ntohs(tvb, offset + 0); ++ if (iLength < 10) { ++ expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR, "Invalid length detected (%u): should be at least 10 bytes long", iLength); ++ break; ++ } + /* iCommandEnd is the length of the packet up to the end of the current command */ + iCommandEnd += iLength; + _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, thanks!