Message ID | 20230605085416.4086325-1-archana.polampalli@windriver.com |
---|---|
State | New |
Headers | show |
Series | [meta-networking,kirkstone,1/1] tcpreplay: fix CVE-2023-27783 | expand |
On 6/5/23 4:54 AM, Polampalli, Archana via lists.openembedded.org wrote: > An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial > of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Thanks for the fix. Master will need these fixes. If master is patched, then we can update tcpreplay to 4.4.3 all the way to kirkstone since this is a bug fix only update and then all the versions will be the same. - Armin > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > .../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++ > .../tcpreplay/tcpreplay_4.4.2.bb | 4 ++- > 2 files changed, 32 insertions(+), 1 deletion(-) > create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > > diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > new file mode 100644 > index 000000000..59adff615 > --- /dev/null > +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > @@ -0,0 +1,29 @@ > +From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001 > +From: Marsman1996 <lqliuyuwei@outlook.com> > +Date: Wed Mar 1 14:48:48 2023 +0800 > +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup > + > +CVE: CVE-2023-27783 > +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8] > + > +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > +--- > + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++- > + 1 file changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > +index e282ef4..98b67e9 100644 > +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx) > + jnpr_ether_config_t *config; > + > + config = (jnpr_ether_config_t *)ctx->encoder->config; > +- tcpedit_dlt_cleanup(config->subctx); > ++ if (config->subctx != NULL) > ++ tcpedit_dlt_cleanup(config->subctx); > + safe_free(plugin->config); > + plugin->config = NULL; > + plugin->config_size = 0; > +-- > +2.40.0 > diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > index 165a0e735..ccff19f16 100644 > --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > @@ -7,7 +7,9 @@ SECTION = "net" > LICENSE = "GPL-3.0-only" > LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" > > -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" > +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \ > + file://CVE-2023-27783.patch \ > + " > > SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#103126): https://lists.openembedded.org/g/openembedded-devel/message/103126 > Mute This Topic: https://lists.openembedded.org/mt/99336397/3616698 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Armin, Master is not patched, CVE fix is patched in tcpreplay master and 4.4.4 version which is yet to release. Regards, Archana
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch new file mode 100644 index 000000000..59adff615 --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch @@ -0,0 +1,29 @@ +From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001 +From: Marsman1996 <lqliuyuwei@outlook.com> +Date: Wed Mar 1 14:48:48 2023 +0800 +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup + +CVE: CVE-2023-27783 +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c +index e282ef4..98b67e9 100644 +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx) + jnpr_ether_config_t *config; + + config = (jnpr_ether_config_t *)ctx->encoder->config; +- tcpedit_dlt_cleanup(config->subctx); ++ if (config->subctx != NULL) ++ tcpedit_dlt_cleanup(config->subctx); + safe_free(plugin->config); + plugin->config = NULL; + plugin->config_size = 0; +-- +2.40.0 diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb index 165a0e735..ccff19f16 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb @@ -7,7 +7,9 @@ SECTION = "net" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \ + file://CVE-2023-27783.patch \ + " SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- .../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++ .../tcpreplay/tcpreplay_4.4.2.bb | 4 ++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch