* [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783
@ 2023-06-05 8:54 Archana Polampalli
2023-06-06 12:15 ` akuster808
0 siblings, 1 reply; 3+ messages in thread
From: Archana Polampalli @ 2023-06-05 8:54 UTC (permalink / raw)
To: openembedded-devel; +Cc: Hari.GPillai
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial
of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
.../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++
.../tcpreplay/tcpreplay_4.4.2.bb | 4 ++-
2 files changed, 32 insertions(+), 1 deletion(-)
create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
new file mode 100644
index 000000000..59adff615
--- /dev/null
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
@@ -0,0 +1,29 @@
+From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Wed Mar 1 14:48:48 2023 +0800
+Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup
+
+CVE: CVE-2023-27783
+Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
+index e282ef4..98b67e9 100644
+--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
+@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx)
+ jnpr_ether_config_t *config;
+
+ config = (jnpr_ether_config_t *)ctx->encoder->config;
+- tcpedit_dlt_cleanup(config->subctx);
++ if (config->subctx != NULL)
++ tcpedit_dlt_cleanup(config->subctx);
+ safe_free(plugin->config);
+ plugin->config = NULL;
+ plugin->config_size = 0;
+--
+2.40.0
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
index 165a0e735..ccff19f16 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
@@ -7,7 +7,9 @@ SECTION = "net"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
-SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
+SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \
+ file://CVE-2023-27783.patch \
+ "
SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
--
2.40.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783
2023-06-05 8:54 [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783 Archana Polampalli
@ 2023-06-06 12:15 ` akuster808
2023-06-09 16:50 ` Polampalli, Archana
0 siblings, 1 reply; 3+ messages in thread
From: akuster808 @ 2023-06-06 12:15 UTC (permalink / raw)
To: archana.polampalli, openembedded-devel; +Cc: Hari.GPillai
On 6/5/23 4:54 AM, Polampalli, Archana via lists.openembedded.org wrote:
> An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial
> of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
Thanks for the fix.
Master will need these fixes. If master is patched, then we can update
tcpreplay to 4.4.3 all the way to kirkstone since this is a bug fix
only update and then all the versions will be the same.
- Armin
>
> Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> ---
> .../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++
> .../tcpreplay/tcpreplay_4.4.2.bb | 4 ++-
> 2 files changed, 32 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
>
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> new file mode 100644
> index 000000000..59adff615
> --- /dev/null
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> @@ -0,0 +1,29 @@
> +From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001
> +From: Marsman1996 <lqliuyuwei@outlook.com>
> +Date: Wed Mar 1 14:48:48 2023 +0800
> +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup
> +
> +CVE: CVE-2023-27783
> +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8]
> +
> +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> +---
> + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +index e282ef4..98b67e9 100644
> +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx)
> + jnpr_ether_config_t *config;
> +
> + config = (jnpr_ether_config_t *)ctx->encoder->config;
> +- tcpedit_dlt_cleanup(config->subctx);
> ++ if (config->subctx != NULL)
> ++ tcpedit_dlt_cleanup(config->subctx);
> + safe_free(plugin->config);
> + plugin->config = NULL;
> + plugin->config_size = 0;
> +--
> +2.40.0
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> index 165a0e735..ccff19f16 100644
> --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> @@ -7,7 +7,9 @@ SECTION = "net"
> LICENSE = "GPL-3.0-only"
> LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
>
> -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
> +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \
> + file://CVE-2023-27783.patch \
> + "
>
> SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#103126): https://lists.openembedded.org/g/openembedded-devel/message/103126
> Mute This Topic: https://lists.openembedded.org/mt/99336397/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783
2023-06-06 12:15 ` akuster808
@ 2023-06-09 16:50 ` Polampalli, Archana
0 siblings, 0 replies; 3+ messages in thread
From: Polampalli, Archana @ 2023-06-09 16:50 UTC (permalink / raw)
To: akuster808, openembedded-devel; +Cc: G Pillai, Hari
[-- Attachment #1: Type: text/plain, Size: 4483 bytes --]
Hi Armin,
Master is not patched, CVE fix is patched in tcpreplay master and 4.4.4 version which is yet to release.
Regards,
Archana
________________________________
From: akuster808 <akuster808@gmail.com>
Sent: Tuesday, June 6, 2023 5:45 PM
To: Polampalli, Archana <Archana.Polampalli@windriver.com>; openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org>
Cc: G Pillai, Hari <Hari.GPillai@windriver.com>
Subject: Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 6/5/23 4:54 AM, Polampalli, Archana via lists.openembedded.org wrote:
> An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial
> of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
Thanks for the fix.
Master will need these fixes. If master is patched, then we can update
tcpreplay to 4.4.3 all the way to kirkstone since this is a bug fix
only update and then all the versions will be the same.
- Armin
>
> Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> ---
> .../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++
> .../tcpreplay/tcpreplay_4.4.2.bb | 4 ++-
> 2 files changed, 32 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
>
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> new file mode 100644
> index 000000000..59adff615
> --- /dev/null
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch
> @@ -0,0 +1,29 @@
> +From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001
> +From: Marsman1996 <lqliuyuwei@outlook.com>
> +Date: Wed Mar 1 14:48:48 2023 +0800
> +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup
> +
> +CVE: CVE-2023-27783
> +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8]
> +
> +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
> +---
> + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +index e282ef4..98b67e9 100644
> +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
> +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx)
> + jnpr_ether_config_t *config;
> +
> + config = (jnpr_ether_config_t *)ctx->encoder->config;
> +- tcpedit_dlt_cleanup(config->subctx);
> ++ if (config->subctx != NULL)
> ++ tcpedit_dlt_cleanup(config->subctx);
> + safe_free(plugin->config);
> + plugin->config = NULL;
> + plugin->config_size = 0;
> +--
> +2.40.0
> diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> index 165a0e735..ccff19f16 100644
> --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb
> @@ -7,7 +7,9 @@ SECTION = "net"
> LICENSE = "GPL-3.0-only"
> LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
>
> -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"
> +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \
> + file://CVE-2023-27783.patch \
> + "
>
> SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615"
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#103126): https://lists.openembedded.org/g/openembedded-devel/message/103126
> Mute This Topic: https://lists.openembedded.org/mt/99336397/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
[-- Attachment #2: Type: text/html, Size: 7693 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-09 16:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-05 8:54 [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783 Archana Polampalli
2023-06-06 12:15 ` akuster808
2023-06-09 16:50 ` Polampalli, Archana
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).