-
Notifications
You must be signed in to change notification settings - Fork 688
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266
Add below patch to fix CVE-2020-24265 and CVE-2020-24266 CVE-2020-24265-and-CVE-2020-24266.patch Link: appneta/tcpreplay@d311085 Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
- Loading branch information
Showing
2 changed files
with
39 additions
and
1 deletion.
There are no files selected for viewing
37 changes: 37 additions & 0 deletions
37
meta-networking/recipes-support/tcpreplay/files/CVE-2020-24265-and-CVE-2020-24266.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
From d3110859064b15408dbca1294dc7e31c2208504d Mon Sep 17 00:00:00 2001 | ||
From: Gabriel Ganne <gabriel.ganne@gmail.com> | ||
Date: Mon, 3 Aug 2020 08:26:38 +0200 | ||
Subject: [PATCH] fix heap-buffer-overflow when DLT_JUNIPER_ETHER | ||
|
||
The test logic on datalen was inverted. | ||
|
||
Processing truncated packats should now raise a warning like the | ||
following: | ||
Warning: <pcap> was captured using a snaplen of 4 bytes. This may mean you have truncated packets. | ||
|
||
Fixes #616 #617 | ||
|
||
CVE: CVE-2020-24265 | ||
CVE: CVE-2020-24266 | ||
Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d] | ||
|
||
Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com> | ||
Signed-off-by: Akash Hadke <akash.hadke@kpit.com> | ||
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> | ||
--- | ||
src/common/get.c | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/src/common/get.c b/src/common/get.c | ||
index f9ee92d3..0517bf0a 100644 | ||
--- a/src/common/get.c | ||
+++ b/src/common/get.c | ||
@@ -178,7 +178,7 @@ get_l2len(const u_char *pktdata, const int datalen, const int datalink) | ||
break; | ||
|
||
case DLT_JUNIPER_ETHER: | ||
- if (datalen >= 5) { | ||
+ if (datalen < 5) { | ||
l2_len = -1; | ||
break; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters