| Message ID | 20250725092632.672324-1-namanj1@kpit.com |
|---|---|
| State | Not Applicable |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone] tcpreplay: fix CVE-2023-43279 | expand |
Wrong mailing list! This patch is for meta-openembedded, not oe-core. Steve On Tue, Jul 29, 2025 at 5:19 AM Naman Jain via lists.openembedded.org <nmjain23=gmail.com@lists.openembedded.org> wrote: > > From: Jiaying Song <jiaying.song.cn@windriver.com> > > Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay > 4.4.4 allows attackers to crash the application via crafted tcprewrite > command. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2023-43279 > > Upstream patches: > https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 > > Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> > Signed-off-by: Armin Kuster <akuster808@gmail.com> > (cherry picked from commit ea99328a0685b577adf4175e4d674c560ce9a490) > Signed-off-by: Divyanshu Rathore <divyanshu.rathore@kpit.com> > --- > .../tcpreplay/tcpreplay/CVE-2023-43279.patch | 39 +++++++++++++++++++ > .../tcpreplay/tcpreplay_4.4.4.bb | 1 + > 2 files changed, 40 insertions(+) > create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch > > diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch > new file mode 100644 > index 0000000000..45581268c0 > --- /dev/null > +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch > @@ -0,0 +1,39 @@ > +From 3164a75f2660a5c3537feff9fd8751346cf5ca57 Mon Sep 17 00:00:00 2001 > +From: Gabriel Ganne <gabriel.ganne@gmail.com> > +Date: Sun, 21 Jan 2024 09:16:38 +0100 > +Subject: [PATCH] add check for empty cidr > + > +This causes tcprewrite to exit with an error instead of crashing. > + > +Fixes: #824 > + > +Upstream-Status: Backport > +CVE: CVE-2023-43279 > + > +Reference to upstream patch: > +https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 > + > +Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com> > +Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> > +--- > + src/common/cidr.c | 4 ++++ > + 1 file changed, 4 insertions(+) > + > +diff --git a/src/common/cidr.c b/src/common/cidr.c > +index 687fd04..9afbfec 100644 > +--- a/src/common/cidr.c > ++++ b/src/common/cidr.c > +@@ -249,6 +249,10 @@ parse_cidr(tcpr_cidr_t **cidrdata, char *cidrin, char *delim) > + char *network; > + char *token = NULL; > + > ++ if (cidrin == NULL) { > ++ errx(-1, "%s", "Unable to parse empty CIDR"); > ++ } > ++ > + mask_cidr6(&cidrin, delim); > + > + /* first iteration of input using strtok */ > +-- > +2.25.1 > + > diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb > index 32c978c1e0..8b41ba25a4 100644 > --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb > +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb > @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" > > SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \ > file://CVE-2023-4256.patch \ > + file://CVE-2023-43279.patch \ > " > > SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#221071): https://lists.openembedded.org/g/openembedded-core/message/221071 > Mute This Topic: https://lists.openembedded.org/mt/114429834/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch new file mode 100644 index 0000000000..45581268c0 --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-43279.patch @@ -0,0 +1,39 @@ +From 3164a75f2660a5c3537feff9fd8751346cf5ca57 Mon Sep 17 00:00:00 2001 +From: Gabriel Ganne <gabriel.ganne@gmail.com> +Date: Sun, 21 Jan 2024 09:16:38 +0100 +Subject: [PATCH] add check for empty cidr + +This causes tcprewrite to exit with an error instead of crashing. + +Fixes: #824 + +Upstream-Status: Backport +CVE: CVE-2023-43279 + +Reference to upstream patch: +https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560 + +Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com> +Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> +--- + src/common/cidr.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/common/cidr.c b/src/common/cidr.c +index 687fd04..9afbfec 100644 +--- a/src/common/cidr.c ++++ b/src/common/cidr.c +@@ -249,6 +249,10 @@ parse_cidr(tcpr_cidr_t **cidrdata, char *cidrin, char *delim) + char *network; + char *token = NULL; + ++ if (cidrin == NULL) { ++ errx(-1, "%s", "Unable to parse empty CIDR"); ++ } ++ + mask_cidr6(&cidrin, delim); + + /* first iteration of input using strtok */ +-- +2.25.1 + diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb index 32c978c1e0..8b41ba25a4 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \ file://CVE-2023-4256.patch \ + file://CVE-2023-43279.patch \ " SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"