Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Sep 2012 15:59:55 +0000 (UTC)
From:      Joe Marcus Clarke <marcus@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r303711 - in head/net/wireshark: . files
Message-ID:  <201209051559.q85FxtQw064889@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: marcus
Date: Wed Sep  5 15:59:55 2012
New Revision: 303711
URL: http://svn.freebsd.org/changeset/ports/303711

Log:
  Add a fix for CVE-2012-3548.
  
  PR:		171220
  Submitted by:	rea
  Obtained from:	Wireshark bug 9009

Added:
  head/net/wireshark/files/patch-cve-2012-3548   (contents, props changed)
Modified:
  head/net/wireshark/Makefile

Modified: head/net/wireshark/Makefile
==============================================================================
--- head/net/wireshark/Makefile	Wed Sep  5 15:43:33 2012	(r303710)
+++ head/net/wireshark/Makefile	Wed Sep  5 15:59:55 2012	(r303711)
@@ -7,6 +7,7 @@
 
 PORTNAME?=	wireshark
 PORTVERSION=	1.8.2
+PORTREVISION=	1
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://www.wireshark.org/download/src/ \
 		http://ftp.uni-kl.de/pub/wireshark/src/ \

Added: head/net/wireshark/files/patch-cve-2012-3548
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/wireshark/files/patch-cve-2012-3548	Wed Sep  5 15:59:55 2012	(r303711)
@@ -0,0 +1,23 @@
+Obtained-from: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9009&action=diff&context=patch&collapsed=&headers=1&format=raw
+
+--- epan/dissectors/packet-drda.c	(revision 44689)
++++ epan/dissectors/packet-drda.c	(working copy)
+@@ -55,6 +55,7 @@ 
+ #include <epan/packet.h>
+ #include <epan/conversation.h>
+ #include <epan/prefs.h>
++#include <epan/expert.h>
+ #include "packet-tcp.h"
+ 
+ static int proto_drda = -1;
+@@ -696,6 +697,10 @@ 
+     {
+         iCommand = tvb_get_ntohs(tvb, offset + 8);
+         iLength = tvb_get_ntohs(tvb, offset + 0);
++        if (iLength < 10) {
++            expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR, "Invalid length detected (%u): should be at least 10 bytes long", iLength);
++            break;
++        }
+         /* iCommandEnd is the length of the packet up to the end of the current command */
+         iCommandEnd += iLength;
+

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209051559.q85FxtQw064889>