From fd67754a05c844aa12179f755388e03a8d321d6b Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Feb 2024 15:51:23 -0800 Subject: [PATCH] tcpreplay: backport CVE fix Low severity. Signed-off-by: Rosen Penev --- net/tcpreplay/Makefile | 2 +- net/tcpreplay/patches/010-CVE-2023-4256.patch | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 net/tcpreplay/patches/010-CVE-2023-4256.patch diff --git a/net/tcpreplay/Makefile b/net/tcpreplay/Makefile index d4496b7cbb..2ffb016c82 100644 --- a/net/tcpreplay/Makefile +++ b/net/tcpreplay/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpreplay PKG_VERSION:=4.4.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/appneta/tcpreplay/releases/download/v$(PKG_VERSION) diff --git a/net/tcpreplay/patches/010-CVE-2023-4256.patch b/net/tcpreplay/patches/010-CVE-2023-4256.patch new file mode 100644 index 0000000000..ac82875bfb --- /dev/null +++ b/net/tcpreplay/patches/010-CVE-2023-4256.patch @@ -0,0 +1,27 @@ +From 55ad9d1d701e644ed5b8821456e31acf2e72920c Mon Sep 17 00:00:00 2001 +From: Gabriel Ganne +Date: Sun, 28 Jan 2024 10:02:30 +0100 +Subject: [PATCH] allow recursice call to tcpedit_dlt_cleanup() + +This is just a quick hack to prevent a double-free should +tcpedit_dlt_cleanup() call itself, which can hapen through dlt_jnpr_ether_cleanup() + +Ref: #813 +--- + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c +@@ -164,8 +164,10 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx + jnpr_ether_config_t *config; + + config = (jnpr_ether_config_t *)ctx->encoder->config; +- if (config->subctx != NULL) ++ if (config->subctx != NULL) { ++ ctx->decoded_extra = NULL; + tcpedit_dlt_cleanup(config->subctx); ++ } + safe_free(plugin->config); + plugin->config = NULL; + plugin->config_size = 0; -- 2.30.2