diff mbox series

[meta-networking,kirkstone] tcpreplay 4.4.4: Fix CVE-2025-9384

Message ID 20260117055625.2658058-1-jacksonj2@kpit.com
State New
Headers show
Series [meta-networking,kirkstone] tcpreplay 4.4.4: Fix CVE-2025-9384 | expand

Commit Message

Jackson Jan. 17, 2026, 5:56 a.m. UTC 
There is a NULL Pointer Dereference in ports2PORT when the user passes ill-formatted
portmap string to tcprewrite with option -r or --portmap

Upstream Repository: https://github.com/appneta/tcpreplay.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9384
CVE: CVE-2025-9384

Signed-off-by: Jackson <jacksonj2@kpit.com>
---
 .../tcpreplay/tcpreplay/CVE-2025-9384.patch   | 38 +++++++++++++++++++
 .../tcpreplay/tcpreplay_4.4.4.bb              |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
new file mode 100644
index 0000000000..a1c19d6f07
--- /dev/null
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
@@ -0,0 +1,38 @@ 
+From 5c12534cdb3c360fb8ec1a8d83ec64449bc9e41d Mon Sep 17 00:00:00 2001
+From: Jackson <jacksonj2@kpit.com>
+Date: Mon, 12 Jan 2026 00:32:07 +0530
+Subject: [PATCH] CVE-2025-9384: Bug #894 stop on --portmap syntax error
+
+src/tcprewrite -r 1:2 -i ping.pcap -c ping.cache -o out.pcap
+src/tcprewrite -r 1-:2 -i ping.pcap -c ping.cache -o out.pcap
+
+Fatal Error in ../../src/tcprewrite.c:main() line 86:
+Unable to parse args: From ../../../src/tcpedit/parse_args.c:tcpedit_post_args() line 189:
+Unable to parse --portmap=1-:2
+
+CVE: CVE-2025-9384
+
+Upstream-Status: Backport [https://github.com/appneta/tcpreplay/pull/946/commits/f6e6ee460ad9fe01e24a1579166b3f7a8c2158a7]
+Comment: Patch refreshed
+
+Signed-off-by: Jackson <jacksonj2@kpit.com>
+---
+ src/tcpedit/portmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tcpedit/portmap.c b/src/tcpedit/portmap.c
+index 5fe1779..1e54728 100644
+--- a/src/tcpedit/portmap.c
++++ b/src/tcpedit/portmap.c
+@@ -104,7 +104,7 @@ ports2PORT(char *ports)
+         from_begin = strtok_r(from_s, "-", &token2);
+         from_end = strtok_r(NULL, "-", &token2);
+         long from_b = strtol(from_begin, &badchar, 10);
+-        if (strlen(badchar) != 0) {
++        if (!from_begin || !from_end || strlen(badchar) != 0) {
+             free(portmap);
+             return NULL;
+         }
+-- 
+2.34.1
+
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
index 29207bc89f..9e6a3301d2 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -15,6 +15,7 @@  SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcprepl
            file://CVE-2023-43279.patch \
            file://CVE-2025-9157.patch \
            file://CVE-2025-51006.patch \
+           file://CVE-2025-9384.patch \
 "
 
 SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"