Re: Accepted ethereal 0.10.10-2sarge1 (i386 source)
Steve Langasek wrote:
> The changelog claims to fix infinite loop problems with the DSLw dissector
> and a double-free in the ICEP dissector, but here is the entire diff for
> those two source files:
>
> diff -u ethereal-0.10.10/epan/dissectors/packet-dlsw.c ethereal-0.10.10/epan/dissectors/packet-dlsw.c
> --- ethereal-0.10.10/epan/dissectors/packet-dlsw.c
> +++ ethereal-0.10.10/epan/dissectors/packet-dlsw.c
> @@ -2,7 +2,7 @@
> * Routines for DLSw packet dissection (Data Link Switching)
> * Copyright 2001, Paul Ionescu <paul@acorp.ro>
> *
> - * $Id: packet-dlsw.c 13019 2005-01-13 17:26:10Z guy $
> + * $Id: packet-dlsw.c 14178 2005-04-24 01:15:53Z gerald $
> *
> * Ethereal - Network traffic analyzer
> * By Gerald Combs <gerald@ethereal.com>
This is not from ethereal_0.10.10-2sarge1.diff.gz; is this a diff
between -2 and -2sarge1 ?
Those fixes (both ICEP and DLSw) were backported in -2.
> Does this mean these problems were actually fixed in -2, where they are also
> mentioned in the changelog (without the CVE #)?
That's it.
> Also, there are changes to packet-bacnet.c, packet-cdp.c, packet-chdlc.c,
> packet-dcm.c, packet-gsm_a.c, packet-gssapi.c, packet-h245.c,
> packet-kerberos.c, packet-q931.c, packet-slowprotocols.c, packet-spnego.c
> that don't seem to correspond to anything in the changelog. Can you
> explain?
Since the advisory had some unclear parts (take CAN-2005-1460 for
example, "denial of service (assert) in misc dissectors) and ethereal
has a bad history I backported dissectors that checked lengths in a
more precise way. This applies to packet-bacnet.c, packet-cdp.c,
packet-chdlc.c,
This also applies to packet-dcm.c (as well as memory leaks).
packet-gsm_a.c is an oversight and I don't see security fixes in it.
packet-gssapi.c changes are the ntlmssp changes.
packet-h245.c change fixes a possible segfault.
I believe packet-kerberos.c and packet-spnego.c are somewhat related
to the ntlmssp changes.
packet-q931.c change fixes possible segfaults (and double-free).
packet-slowprotocols.c is mentioned in the advisory: " The 802.3 Slow
protocols dissector could throw an assertion." (probably caused by
a wrong buffer size).
> The files packet-dcerpc.c, packet-rsvp.c, packet-acse.c, and packet-mgcp.c
> also contain at least some changes that appear to be unrelated to the
> security fixes, but are instead protocol dissection enhancements. I'm
> really not keen on allowing such changes in via t-p-u.
I don't know for packet-dcerpc.c (and packet-dcerpc-atsvc.c),
packet-rsvp.c only has some more proto_item_append_text, packet-acse.c
mostly removes code, packet-mgcp.c changes are indention changes (but
I didn't check them line by line).
I'll have a closer look to how kerberos and spnego are related to
gssapi, as well as a closer look to dcerpc; I'll also cancel
packet-gsm_a.c changes; I believe the other ones are ok.
Regards,
Frederic
Reply to: