Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)

To: debian-release@lists.debian.org
Subject: Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)
From: Frederic Peters <fpeters@debian.org>
Date: Sun, 8 May 2005 17:46:04 +0200
Message-id: <[🔎] 20050508154604.GA9284@entrouvert.com>
In-reply-to: <[🔎] 20050508054122.GI9687@mauritius.dodds.net>
References: <E1DURzK-0000HU-00@newraff.debian.org> <[🔎] 20050508054122.GI9687@mauritius.dodds.net>

Steve Langasek wrote:

> The changelog claims to fix infinite loop problems with the DSLw dissector
> and a double-free in the ICEP dissector, but here is the entire diff for
> those two source files:
> 
> diff -u ethereal-0.10.10/epan/dissectors/packet-dlsw.c ethereal-0.10.10/epan/dissectors/packet-dlsw.c
> --- ethereal-0.10.10/epan/dissectors/packet-dlsw.c
> +++ ethereal-0.10.10/epan/dissectors/packet-dlsw.c
> @@ -2,7 +2,7 @@
>   * Routines for DLSw packet dissection (Data Link Switching)
>   * Copyright 2001, Paul Ionescu <paul@acorp.ro>
>   *
> - * $Id: packet-dlsw.c 13019 2005-01-13 17:26:10Z guy $
> + * $Id: packet-dlsw.c 14178 2005-04-24 01:15:53Z gerald $
>   *
>   * Ethereal - Network traffic analyzer
>   * By Gerald Combs <gerald@ethereal.com>

This is not from ethereal_0.10.10-2sarge1.diff.gz; is this a diff
between -2 and -2sarge1 ?

Those fixes (both ICEP and DLSw) were backported in -2.

> Does this mean these problems were actually fixed in -2, where they are also
> mentioned in the changelog (without the CVE #)?

That's it.

> Also, there are changes to packet-bacnet.c, packet-cdp.c, packet-chdlc.c,
> packet-dcm.c, packet-gsm_a.c, packet-gssapi.c, packet-h245.c,
> packet-kerberos.c, packet-q931.c, packet-slowprotocols.c, packet-spnego.c
> that don't seem to correspond to anything in the changelog.  Can you
> explain?

Since the advisory had some unclear parts (take CAN-2005-1460 for
example, "denial of service (assert) in misc dissectors) and ethereal
has a bad history I backported dissectors that checked lengths in a
more precise way.  This applies to packet-bacnet.c, packet-cdp.c,
packet-chdlc.c,

This also applies to packet-dcm.c (as well as memory leaks).

packet-gsm_a.c is an oversight and I don't see security fixes in it.

packet-gssapi.c changes are the ntlmssp changes.

packet-h245.c change fixes a possible segfault.

I believe packet-kerberos.c and packet-spnego.c are somewhat related
to the ntlmssp changes.

packet-q931.c change fixes possible segfaults (and double-free).

packet-slowprotocols.c is mentioned in the advisory: " The 802.3 Slow
protocols dissector could throw an assertion." (probably caused by
a wrong buffer size).

> The files packet-dcerpc.c, packet-rsvp.c, packet-acse.c, and packet-mgcp.c
> also contain at least some changes that appear to be unrelated to the
> security fixes, but are instead protocol dissection enhancements.  I'm
> really not keen on allowing such changes in via t-p-u.

I don't know for packet-dcerpc.c (and packet-dcerpc-atsvc.c),
packet-rsvp.c only has some more proto_item_append_text, packet-acse.c
mostly removes code, packet-mgcp.c changes are indention changes (but
I didn't check them line by line).

I'll have a closer look to how kerberos and spnego are related to
gssapi, as well as a closer look to dcerpc; I'll also cancel
packet-gsm_a.c changes; I believe the other ones are ok.

Regards,

        Frederic

Reply to:

Follow-Ups:
- Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)
  - From: Steve Langasek <vorlon@debian.org>

References:
- Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Please consider asterisk-spandsp-plugins for sarge (Re: packages missing from sarge)
Next by Date: Re: Please allow ndtpd for sarge (Re: packages missing from sarge)
Previous by thread: Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)
Next by thread: Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)
Index(es):
- Date
- Thread