From e0a64b4d1179a8d7df8cacf5a1cc12daae71ebe1 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 13 Feb 2024 03:07:08 +0300 Subject: [PATCH] import tcpdump-4.9.3-3.el8_9.1 --- .gitignore | 1 + .tcpdump.metadata | 1 + SOURCES/0017-CVE-2021-41043.patch | 48 ++++++++++++++++++++++++++++++ SOURCES/tcpdump-4.9.3.tar.gz.sig | Bin 442 -> 0 bytes SPECS/tcpdump.spec | 6 +++- 5 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0017-CVE-2021-41043.patch delete mode 100644 SOURCES/tcpdump-4.9.3.tar.gz.sig diff --git a/.gitignore b/.gitignore index e45ade0..b87fb0f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ SOURCES/tcpdump-4.9.3.tar.gz +SOURCES/tcpdump-4.9.3.tar.gz.sig SOURCES/tcpslice-1.2a3.tar.gz diff --git a/.tcpdump.metadata b/.tcpdump.metadata index 7eaf682..26da798 100644 --- a/.tcpdump.metadata +++ b/.tcpdump.metadata @@ -1,2 +1,3 @@ 59b309f3620ac4b709de2eaf7bf3a83bf04bc048 SOURCES/tcpdump-4.9.3.tar.gz +cfc1a4a7fce082844312906046a4d53a0e87ce26 SOURCES/tcpdump-4.9.3.tar.gz.sig 98790301cb1bf4399a95153bc62d49b3f5808994 SOURCES/tcpslice-1.2a3.tar.gz diff --git a/SOURCES/0017-CVE-2021-41043.patch b/SOURCES/0017-CVE-2021-41043.patch new file mode 100644 index 0000000..27d5d46 --- /dev/null +++ b/SOURCES/0017-CVE-2021-41043.patch @@ -0,0 +1,48 @@ +From 030859fce9c77417de657b9bb29c0f78c2d68f4a Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko +Date: Thu, 30 Dec 2021 17:52:52 +0000 +Subject: [PATCH] CVE-2021-41043: Fix a use-after-free in extract_slice(). + +This issue was discovered by Mohammad Hosein Askari (@C0NSTANTINE110), +see GitHub issue #11. + +In extract_slice() pcap_dump_open() takes a pcap_t argument to tell +which DLT to use for the output file. This used to be the pcap_t of the +first input file, as main() requires at least one input file. However, +the loop before pcap_dump_open() closes all, including the first, input +files that don't meet a test condition. This way, when the first file +didn't meet the condition, the call to pcap_dump_open() would end up as +a use-after-free. Make the pcap_dump_open() call before the loop, when +the first array element is always valid, and fix this problem. +--- +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index 6d08473..7c0f4a0 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -841,6 +841,13 @@ extract_slice(struct state *states, const int numfiles, const char *write_file_n + TV_SUB(start_time, base_time, &relative_start); + TV_SUB(stop_time, base_time, &relative_stop); + ++ /* Always write the output file, use the first input file's DLT. */ ++ dumper = pcap_dump_open(states[0].p, write_file_name); ++ if (!dumper) { ++ error("error creating output file '%s': %s", ++ write_file_name, pcap_geterr(states[0].p)); ++ } ++ + for (i = 0; i < numfiles; ++i) { + s = &states[i]; + +@@ -879,12 +886,6 @@ extract_slice(struct state *states, const int numfiles, const char *write_file_n + get_next_packet(s); + } + +- dumper = pcap_dump_open(states->p, write_file_name); +- if (! dumper) { +- error( "error creating output file %s: ", +- write_file_name, pcap_geterr( states->p ) ); +- } +- + + /* + * Now, loop thru all the packets in all the files, diff --git a/SOURCES/tcpdump-4.9.3.tar.gz.sig b/SOURCES/tcpdump-4.9.3.tar.gz.sig deleted file mode 100644 index ef927bf9541086cdcb1c31b5ce33e9d38b355ea9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 442 zcmV;r0Y(0a0k;GI0SEvc79j*57HU^QtGVDLnvF2viQe(q!Cegn0$q|DkN^q^5a5a4 z@!7#$4Q#~>A4IO*)nFcHUfv5*8k5$`S*%%gcm@B$eL!06>_ak%79e+c?^$S;^bu-=V06PyKFg`}WZI_>RXBO&AD%3*)$=bRnO} zJD}e4bV1mM_sSFRbY6*UX+T#Dc)c_@=#X@LMqaRT;q0@kIZuAK+nmvS`hJ~*OWETM krD>GSGQJq+S0^^kT3vUF;1k_r^*i6ag|Muj`ed%cdD - 14:4.9.3-3.1 +- Resolves: RHEL-20814 - tcpslice: use-after-free in extract_slice() + * Mon Jan 10 2022 Michal Ruprich - 14:4.9.3-3 - Resolves: #2005451 - tcpdump support for direction and interface needed in RHEL8