[oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783

[oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783

[Archana Polampalli]

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial
of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 .../tcpreplay/tcpreplay/CVE-2023-27783.patch  | 29 +++++++++++++++++++
 .../tcpreplay/tcpreplay_4.4.2.bb              |  4 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch

diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
new file mode 100644
index 000000000..59adff615
--- /dev/null
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
@@ -0,0 +1,29 @@
+From e831aad6d48874abab6efa37d4460da2be3ac765  Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Wed Mar 1 14:48:48 2023 +0800
+Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup
+
+CVE: CVE-2023-27783
+Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
+index e282ef4..98b67e9 100644
+--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
+@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx)
+         jnpr_ether_config_t *config;
+
+         config = (jnpr_ether_config_t *)ctx->encoder->config;
+-        tcpedit_dlt_cleanup(config->subctx);
++        if (config->subctx != NULL)
++            tcpedit_dlt_cleanup(config->subctx);
+         safe_free(plugin->config);
+         plugin->config = NULL;
+         plugin->config_size = 0;
+--
+2.40.0
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
index 165a0e735..ccff19f16 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
@@ -7,7 +7,9 @@ SECTION = "net"
 LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
 
-SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
+SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \
+           file://CVE-2023-27783.patch \
+           "
 
 SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
 
-- 
2.40.0

Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783

[akuster808]

On 6/5/23 4:54 AM, Polampalli, Archana via lists.openembedded.org wrote:
> An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial
> of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
Thanks for the fix.

Master will need these fixes. If master is patched,  then we can update 
tcpreplay to 4.4.3  all the way to kirkstone since this is a bug fix 
only update and then all the versions will be the same.


- Armin
>
> Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> ---
>   .../tcpreplay/tcpreplay/CVE-2023-27783.patch  | 29 +++++++++++++++++++
>   .../tcpreplay/tcpreplay_4.4.2.bb              |  4 ++-
>   2 files changed, 32 insertions(+), 1 deletion(-)
>   create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
>
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> new file mode 100644
> index 000000000..59adff615
> --- /dev/null
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> @@ -0,0 +1,29 @@
> +From e831aad6d48874abab6efa37d4460da2be3ac765  Mon Sep 17 00:00:00 2001
> +From: Marsman1996 <lqliuyuwei@outlook.com>
> +Date: Wed Mar 1 14:48:48 2023 +0800
> +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup
> +
> +CVE: CVE-2023-27783
> +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8]
> +
> +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> +---
> + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +index e282ef4..98b67e9 100644
> +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx)
> +         jnpr_ether_config_t *config;
> +
> +         config = (jnpr_ether_config_t *)ctx->encoder->config;
> +-        tcpedit_dlt_cleanup(config->subctx);
> ++        if (config->subctx != NULL)
> ++            tcpedit_dlt_cleanup(config->subctx);
> +         safe_free(plugin->config);
> +         plugin->config = NULL;
> +         plugin->config_size = 0;
> +--
> +2.40.0
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> index 165a0e735..ccff19f16 100644
> --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> @@ -7,7 +7,9 @@ SECTION = "net"
>   LICENSE = "GPL-3.0-only"
>   LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
>   
> -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
> +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \
> +           file://CVE-2023-27783.patch \
> +           "
>   
>   SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
>   
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#103126): https://lists.openembedded.org/g/openembedded-devel/message/103126
> Mute This Topic: https://lists.openembedded.org/mt/99336397/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783

[Polampalli, Archana]

[-- Attachment #1: Type: text/plain, Size: 4483 bytes --]

Hi Armin,

Master is not patched, CVE fix is patched in tcpreplay master and 4.4.4 version which is yet to release.

Regards,
Archana
________________________________
From: akuster808 <akuster808@gmail.com>
Sent: Tuesday, June 6, 2023 5:45 PM
To: Polampalli, Archana <Archana.Polampalli@windriver.com>; openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org>
Cc: G Pillai, Hari <Hari.GPillai@windriver.com>
Subject: Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On 6/5/23 4:54 AM, Polampalli, Archana via lists.openembedded.org wrote:
> An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial
> of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
Thanks for the fix.

Master will need these fixes. If master is patched,  then we can update
tcpreplay to 4.4.3  all the way to kirkstone since this is a bug fix
only update and then all the versions will be the same.


- Armin
>
> Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> ---
>   .../tcpreplay/tcpreplay/CVE-2023-27783.patch  | 29 +++++++++++++++++++
>   .../tcpreplay/tcpreplay_4.4.2.bb              |  4 ++-
>   2 files changed, 32 insertions(+), 1 deletion(-)
>   create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
>
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> new file mode 100644
> index 000000000..59adff615
> --- /dev/null
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> @@ -0,0 +1,29 @@
> +From e831aad6d48874abab6efa37d4460da2be3ac765  Mon Sep 17 00:00:00 2001
> +From: Marsman1996 <lqliuyuwei@outlook.com>
> +Date: Wed Mar 1 14:48:48 2023 +0800
> +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup
> +
> +CVE: CVE-2023-27783
> +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8]
> +
> +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> +---
> + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +index e282ef4..98b67e9 100644
> +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx)
> +         jnpr_ether_config_t *config;
> +
> +         config = (jnpr_ether_config_t *)ctx->encoder->config;
> +-        tcpedit_dlt_cleanup(config->subctx);
> ++        if (config->subctx != NULL)
> ++            tcpedit_dlt_cleanup(config->subctx);
> +         safe_free(plugin->config);
> +         plugin->config = NULL;
> +         plugin->config_size = 0;
> +--
> +2.40.0
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> index 165a0e735..ccff19f16 100644
> --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> @@ -7,7 +7,9 @@ SECTION = "net"
>   LICENSE = "GPL-3.0-only"
>   LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
>
> -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
> +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \
> +           file://CVE-2023-27783.patch \
> +           "
>
>   SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#103126): https://lists.openembedded.org/g/openembedded-devel/message/103126
> Mute This Topic: https://lists.openembedded.org/mt/99336397/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


[-- Attachment #2: Type: text/html, Size: 7693 bytes --]