tcpreplay: backport CVE fix

Low severity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

1 files changed, 27 insertions, 0 deletions

diff --git a/net/tcpreplay/patches/010-CVE-2023-4256.patch b/net/tcpreplay/patches/010-CVE-2023-4256.patch
new file mode 100644
index 000000000..ac82875bf
--- /dev/null
+++ b/net/tcpreplay/patches/010-CVE-2023-4256.patch
@@ -0,0 +1,27 @@
+From 55ad9d1d701e644ed5b8821456e31acf2e72920c Mon Sep 17 00:00:00 2001
+From: Gabriel Ganne <gabriel.ganne@gmail.com>
+Date: Sun, 28 Jan 2024 10:02:30 +0100
+Subject: [PATCH] allow recursice call to tcpedit_dlt_cleanup()
+
+This is just a quick hack to prevent a double-free should
+tcpedit_dlt_cleanup() call itself, which can hapen through dlt_jnpr_ether_cleanup()
+
+Ref: #813
+---
+ src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
+@@ -164,8 +164,10 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx
+         jnpr_ether_config_t *config;
+ 
+         config = (jnpr_ether_config_t *)ctx->encoder->config;
+-        if (config->subctx != NULL)
++        if (config->subctx != NULL) {
++            ctx->decoded_extra = NULL;
+             tcpedit_dlt_cleanup(config->subctx);
++        }
+         safe_free(plugin->config);
+         plugin->config = NULL;
+         plugin->config_size = 0;