From fd67754a05c844aa12179f755388e03a8d321d6b Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Feb 2024 15:51:23 -0800 Subject: tcpreplay: backport CVE fix Low severity. Signed-off-by: Rosen Penev --- net/tcpreplay/patches/010-CVE-2023-4256.patch | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 net/tcpreplay/patches/010-CVE-2023-4256.patch (limited to 'net/tcpreplay/patches') diff --git a/net/tcpreplay/patches/010-CVE-2023-4256.patch b/net/tcpreplay/patches/010-CVE-2023-4256.patch new file mode 100644 index 000000000..ac82875bf --- /dev/null +++ b/net/tcpreplay/patches/010-CVE-2023-4256.patch @@ -0,0 +1,27 @@ +From 55ad9d1d701e644ed5b8821456e31acf2e72920c Mon Sep 17 00:00:00 2001 +From: Gabriel Ganne +Date: Sun, 28 Jan 2024 10:02:30 +0100 +Subject: [PATCH] allow recursice call to tcpedit_dlt_cleanup() + +This is just a quick hack to prevent a double-free should +tcpedit_dlt_cleanup() call itself, which can hapen through dlt_jnpr_ether_cleanup() + +Ref: #813 +--- + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c +@@ -164,8 +164,10 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx + jnpr_ether_config_t *config; + + config = (jnpr_ether_config_t *)ctx->encoder->config; +- if (config->subctx != NULL) ++ if (config->subctx != NULL) { ++ ctx->decoded_extra = NULL; + tcpedit_dlt_cleanup(config->subctx); ++ } + safe_free(plugin->config); + plugin->config = NULL; + plugin->config_size = 0; -- cgit v1.2.3