[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1004267: buster-pu: package libpcap/1.8.1-6+deb10u1



Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Romain Francoise <rfrancoise@debian.org>, team@security.debian.org

  * CVE-2019-15165: Improper PHB header length validation.
    (Closes: #941697)
diff -Nru libpcap-1.8.1/debian/changelog libpcap-1.8.1/debian/changelog
--- libpcap-1.8.1/debian/changelog	2017-12-31 17:56:33.000000000 +0200
+++ libpcap-1.8.1/debian/changelog	2022-01-23 23:00:19.000000000 +0200
@@ -1,3 +1,11 @@
+libpcap (1.8.1-6+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-15165: Improper PHB header length validation.
+    (Closes: #941697)
+
+ -- Adrian Bunk <bunk@debian.org>  Sun, 23 Jan 2022 23:00:19 +0200
+
 libpcap (1.8.1-6) unstable; urgency=medium
 
   * debian/watch: add pgpsigurlmangle option.
diff -Nru libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
--- libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch	1970-01-01 02:00:00.000000000 +0200
+++ libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch	2022-01-23 23:00:07.000000000 +0200
@@ -0,0 +1,53 @@
+From 7ef51510ab5b337cb8b34e1dbe9c9a64fc2c20b9 Mon Sep 17 00:00:00 2001
+From: Michael Richardson <mcr@sandelman.ca>
+Date: Fri, 20 Sep 2019 11:02:00 -0400
+Subject: do sanity checks on PHB header length before allocating memory. There
+ was no fault; but doing the check results in a more consistent error
+
+---
+ sf-pcap-ng.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/sf-pcap-ng.c b/sf-pcap-ng.c
+index 0c02829e..860487b7 100644
+--- a/sf-pcap-ng.c
++++ b/sf-pcap-ng.c
+@@ -102,7 +102,7 @@ struct option_header {
+  * Section Header Block.
+  */
+ #define BT_SHB			0x0A0D0D0A
+-
++#define BT_SHB_INSANE_MAX       1024U*1024U*1U  /* 1MB should be enough */
+ struct section_header_block {
+ 	bpf_u_int32	byte_order_magic;
+ 	u_short		major_version;
+@@ -247,7 +247,7 @@ read_bytes(FILE *fp, void *buf, size_t bytes_to_read, int fail_on_eof,
+ 			if (amt_read == 0 && !fail_on_eof)
+ 				return (0);	/* EOF */
+ 			pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
+-			    "truncated dump file; tried to read %lu bytes, only got %lu",
++			    "truncated pcap-ng dump file; tried to read %lu bytes, only got %lu",
+ 			    (unsigned long)bytes_to_read,
+ 			    (unsigned long)amt_read);
+ 		}
+@@ -798,11 +798,14 @@ pcap_ng_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf,
+ 	/*
+ 	 * Check the sanity of the total length.
+ 	 */
+-	if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)) {
++	if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer) ||
++            (total_length > BT_SHB_INSANE_MAX)) {
+ 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
+-		    "Section Header Block in pcap-ng dump file has a length of %u < %lu",
++		    "Section Header Block in pcap-ng dump file has invalid length %lu < _%u_ < %u (BT_SHB_INSANE_MAX)",
++		    (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)),
+ 		    total_length,
+-		    (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)));
++		    BT_SHB_INSANE_MAX);
++
+ 		*err = 1;
+ 		return (NULL);
+ 	}
+-- 
+2.20.1
+
diff -Nru libpcap-1.8.1/debian/patches/series libpcap-1.8.1/debian/patches/series
--- libpcap-1.8.1/debian/patches/series	2017-12-31 17:31:01.000000000 +0200
+++ libpcap-1.8.1/debian/patches/series	2022-01-23 23:00:17.000000000 +0200
@@ -8,3 +8,4 @@
 disable-remote.diff
 man-errors.diff
 pcap-config.diff
+0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch

Reply to: