pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/wireshark Add fix for infinite loop in SMTP dissec...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bda48bc8627e
branches: trunk
changeset: 550663:bda48bc8627e
user: tron <tron%pkgsrc.org@localhost>
date: Tue Nov 25 22:53:54 2008 +0000
description:
Add fix for infinite loop in SMTP dissector from Wireshark SVN repository.
This addresses the security vulnerability reported in SA32840.
diffstat:
net/wireshark/Makefile | 3 +-
net/wireshark/distinfo | 3 +-
net/wireshark/patches/patch-ad | 341 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 345 insertions(+), 2 deletions(-)
diffs (truncated from 371 to 300 lines):
diff -r f7a71ab95685 -r bda48bc8627e net/wireshark/Makefile
--- a/net/wireshark/Makefile Tue Nov 25 19:11:39 2008 +0000
+++ b/net/wireshark/Makefile Tue Nov 25 22:53:54 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2008/10/22 06:50:23 tron Exp $
+# $NetBSD: Makefile,v 1.28 2008/11/25 22:53:54 tron Exp $
DISTNAME= wireshark-1.0.4
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= http://www.wireshark.org/download/src/ \
${MASTER_SITE_SOURCEFORGE:=wireshark/}
diff -r f7a71ab95685 -r bda48bc8627e net/wireshark/distinfo
--- a/net/wireshark/distinfo Tue Nov 25 19:11:39 2008 +0000
+++ b/net/wireshark/distinfo Tue Nov 25 22:53:54 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2008/10/26 14:06:52 tron Exp $
+$NetBSD: distinfo,v 1.18 2008/11/25 22:53:54 tron Exp $
SHA1 (wireshark-1.0.4.tar.bz2) = 8e75a6d909a1da803db77f6f86fdd5096e5bbac8
RMD160 (wireshark-1.0.4.tar.bz2) = 741b6618ba34b55079f15d5725a1e9a22a4fc351
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = c155f38e66a553b14778dc73344b46f8614eb9b0
SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c
SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840
+SHA1 (patch-ad) = e19775622ed6facc4ab05ebd09059f78444f6c43
diff -r f7a71ab95685 -r bda48bc8627e net/wireshark/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/wireshark/patches/patch-ad Tue Nov 25 22:53:54 2008 +0000
@@ -0,0 +1,341 @@
+$NetBSD: patch-ad,v 1.1 2008/11/25 22:53:55 tron Exp $
+
+--- epan/dissectors/packet-smtp.c.orig 2008-10-20 20:19:31.000000000 +0100
++++ epan/dissectors/packet-smtp.c 2008-11-25 22:30:30.000000000 +0000
+@@ -101,10 +101,6 @@
+ "DATA fragments"
+ };
+
+-/* Define media_type/Content type table */
+-static dissector_table_t media_type_dissector_table;
+-
+-
+ static dissector_handle_t imf_handle = NULL;
+
+ /*
+@@ -179,6 +175,7 @@
+ gint length_remaining;
+ gboolean eom_seen = FALSE;
+ gint next_offset;
++ gint loffset;
+ gboolean is_continuation_line;
+ int cmdlen;
+ fragment_data *frag_msg = NULL;
+@@ -221,21 +218,6 @@
+ * longer than what's in the buffer, so the "tvb_get_ptr()" call
+ * won't throw an exception.
+ */
+- linelen = tvb_find_line_end(tvb, offset, -1, &next_offset,
+- smtp_desegment && pinfo->can_desegment);
+- if (linelen == -1) {
+- /*
+- * We didn't find a line ending, and we're doing desegmentation;
+- * tell the TCP dissector where the data for this message starts
+- * in the data it handed us, and tell it we need one more byte
+- * (we may need more, but we'll try again if what we get next
+- * isn't enough), and return.
+- */
+- pinfo->desegment_offset = offset;
+- pinfo->desegment_len = 1;
+- return;
+- }
+- line = tvb_get_ptr(tvb, offset, linelen);
+
+ frame_data = p_get_proto_data(pinfo->fd, proto_smtp);
+
+@@ -271,6 +253,42 @@
+
+ }
+
++ if(request) {
++ frame_data = se_alloc(sizeof(struct smtp_proto_data));
++
++ frame_data->conversation_id = conversation->index;
++ frame_data->more_frags = TRUE;
++
++ p_add_proto_data(pinfo->fd, proto_smtp, frame_data);
++
++ }
++
++ loffset = offset;
++ while (tvb_offset_exists(tvb, loffset)) {
++
++ linelen = tvb_find_line_end(tvb, loffset, -1, &next_offset,
++ smtp_desegment && pinfo->can_desegment);
++ if (linelen == -1) {
++
++ if(offset == loffset) {
++ /*
++ * We didn't find a line ending, and we're doing desegmentation;
++ * tell the TCP dissector where the data for this message starts
++ * in the data it handed us, and tell it we need one more byte
++ * (we may need more, but we'll try again if what we get next
++ * isn't enough), and return.
++ */
++ pinfo->desegment_offset = loffset;
++ pinfo->desegment_len = 1;
++ return;
++ }
++ else {
++ linelen = tvb_length_remaining(tvb, loffset);
++ next_offset = loffset + linelen;
++ }
++ }
++ line = tvb_get_ptr(tvb, loffset, linelen);
++
+ /*
+ * Check whether or not this packet is an end of message packet
+ * We should look for CRLF.CRLF and they may be split.
+@@ -286,16 +304,16 @@
+ * .CRLF at the begining of the same packet.
+ */
+
+- if ((request_val->crlf_seen && tvb_strneql(tvb, offset, ".\r\n", 3) == 0) ||
+- tvb_strneql(tvb, offset, "\r\n.\r\n", 5) == 0) {
++ if ((request_val->crlf_seen && tvb_strneql(tvb, loffset, ".\r\n", 3) == 0) ||
++ tvb_strneql(tvb, loffset, "\r\n.\r\n", 5) == 0) {
+
+ eom_seen = TRUE;
+
+- }
++ }
+
+- length_remaining = tvb_length_remaining(tvb, offset);
+- if (length_remaining == tvb_reported_length_remaining(tvb, offset) &&
+- tvb_strneql(tvb, offset + length_remaining - 2, "\r\n", 2) == 0) {
++ length_remaining = tvb_length_remaining(tvb, loffset);
++ if (length_remaining == tvb_reported_length_remaining(tvb, loffset) &&
++ tvb_strneql(tvb, loffset + length_remaining - 2, "\r\n", 2) == 0) {
+
+ request_val->crlf_seen = TRUE;
+
+@@ -314,11 +332,6 @@
+
+ if (request) {
+
+- frame_data = se_alloc(sizeof(struct smtp_proto_data));
+-
+- frame_data->conversation_id = conversation->index;
+- frame_data->more_frags = TRUE;
+-
+ if (request_val->reading_data) {
+ /*
+ * This is message data.
+@@ -333,6 +346,9 @@
+ */
+ frame_data->pdu_type = SMTP_PDU_EOM;
+ request_val->reading_data = FALSE;
++
++ break;
++
+ } else {
+ /*
+ * Message data with no EOM.
+@@ -344,7 +360,7 @@
+ * We are handling a BDAT message.
+ * Check if we have reached end of the data chunk.
+ */
+- request_val->msg_read_len += tvb_length_remaining(tvb, offset);
++ request_val->msg_read_len += tvb_length_remaining(tvb, loffset);
+
+ if (request_val->msg_read_len == request_val->msg_tot_len) {
+ /*
+@@ -360,6 +376,8 @@
+ */
+ frame_data->more_frags = FALSE;
+ }
++
++ break; /* no need to go through the remaining lines */
+ }
+ }
+ }
+@@ -450,12 +468,15 @@
+ frame_data->pdu_type = request_val->data_seen ? SMTP_PDU_MESSAGE : SMTP_PDU_CMD;
+
+ }
+-
+ }
++ }
+
+- p_add_proto_data(pinfo->fd, proto_smtp, frame_data);
++ /*
++ * Step past this line.
++ */
++ loffset = next_offset;
+
+- }
++ }
+ }
+
+ /*
+@@ -467,6 +488,7 @@
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMTP");
+
+ if (check_col(pinfo->cinfo, COL_INFO)) { /* Add the appropriate type here */
++ col_clear(pinfo->cinfo, COL_INFO);
+
+ /*
+ * If it is a request, we have to look things up, otherwise, just
+@@ -481,21 +503,38 @@
+ case SMTP_PDU_MESSAGE:
+
+ length_remaining = tvb_length_remaining(tvb, offset);
+- col_set_str(pinfo->cinfo, COL_INFO, smtp_data_desegment ? "DATA fragment" : "Message Body");
++ col_set_str(pinfo->cinfo, COL_INFO, smtp_data_desegment ? "C: DATA fragment" : "C: Message Body");
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", %d byte%s", length_remaining,
+ plurality (length_remaining, "", "s"));
+ break;
+
+ case SMTP_PDU_EOM:
+
+- col_add_fstr(pinfo->cinfo, COL_INFO, "EOM: %s",
+- format_text(line, linelen));
++ col_set_str(pinfo->cinfo, COL_INFO, "C: .");
++
+ break;
+
+ case SMTP_PDU_CMD:
+
+- col_add_fstr(pinfo->cinfo, COL_INFO, "Command: %s",
+- format_text(line, linelen));
++ loffset = offset;
++ while (tvb_offset_exists(tvb, loffset)) {
++ /*
++ * Find the end of the line.
++ */
++ linelen = tvb_find_line_end(tvb, loffset, -1, &next_offset, FALSE);
++ line = tvb_get_ptr(tvb, loffset, linelen);
++
++ if(loffset == offset)
++ col_append_fstr(pinfo->cinfo, COL_INFO, "C: %s",
++ format_text(line, linelen));
++ else {
++ col_append_fstr(pinfo->cinfo, COL_INFO, " | %s",
++ format_text(line, linelen));
++ }
++
++ loffset = next_offset;
++
++ }
+ break;
+
+ }
+@@ -503,9 +542,24 @@
+ }
+ else {
+
+- col_add_fstr(pinfo->cinfo, COL_INFO, "Response: %s",
+- format_text(line, linelen));
++ loffset = offset;
++ while (tvb_offset_exists(tvb, loffset)) {
++ /*
++ * Find the end of the line.
++ */
++ linelen = tvb_find_line_end(tvb, loffset, -1, &next_offset, FALSE);
++ line = tvb_get_ptr(tvb, loffset, linelen);
++
++ if(loffset == offset)
++ col_append_fstr(pinfo->cinfo, COL_INFO, "S: %s",
++ format_text(line, linelen));
++ else {
++ col_append_fstr(pinfo->cinfo, COL_INFO, " | %s",
++ format_text(line, linelen));
++ }
+
++ loffset = next_offset;
++ }
+ }
+ }
+
+@@ -560,8 +614,7 @@
+ * DATA command this terminates before sending another
+ * request, but we should probably handle it.
+ */
+- proto_tree_add_text(smtp_tree, tvb, offset, linelen,
+- "EOM: %s", format_text(line, linelen));
++ proto_tree_add_text(smtp_tree, tvb, offset, linelen, "C: .");
+
+ if(smtp_data_desegment) {
+
+@@ -582,6 +635,15 @@
+ * previous command before sending another request, but we
+ * should probably handle it.
+ */
++
++ loffset = offset;
++ while (tvb_offset_exists(tvb, loffset)) {
++
++ /*
++ * Find the end of the line.
++ */
Home |
Main Index |
Thread Index |
Old Index