tcpreplay: backport CVE fix

Low severity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

diff --git a/net/tcpreplay/Makefile b/net/tcpreplay/Makefile
index d4496b7cbbd04a5c45254c169de19398b1af45d6..2ffb016c8292d8d57d56f7fbb5dab4441f142592 100644 (file)
--- a/net/tcpreplay/Makefile
+++ b/net/tcpreplay/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tcpreplay
 PKG_VERSION:=4.4.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/appneta/tcpreplay/releases/download/v$(PKG_VERSION)

diff --git a/net/tcpreplay/patches/010-CVE-2023-4256.patch b/net/tcpreplay/patches/010-CVE-2023-4256.patch
new file mode 100644 (file)
index 0000000..ac82875
--- /dev/null
+++ b/net/tcpreplay/patches/010-CVE-2023-4256.patch
@@ -0,0 +1,27 @@
+From 55ad9d1d701e644ed5b8821456e31acf2e72920c Mon Sep 17 00:00:00 2001
+From: Gabriel Ganne <gabriel.ganne@gmail.com>
+Date: Sun, 28 Jan 2024 10:02:30 +0100
+Subject: [PATCH] allow recursice call to tcpedit_dlt_cleanup()
+
+This is just a quick hack to prevent a double-free should
+tcpedit_dlt_cleanup() call itself, which can hapen through dlt_jnpr_ether_cleanup()
+
+Ref: #813
+---
+ src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
+@@ -164,8 +164,10 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx
+         jnpr_ether_config_t *config;
+ 
+         config = (jnpr_ether_config_t *)ctx->encoder->config;
+-        if (config->subctx != NULL)
++        if (config->subctx != NULL) {
++            ctx->decoded_extra = NULL;
+             tcpedit_dlt_cleanup(config->subctx);
++        }
+         safe_free(plugin->config);
+         plugin->config = NULL;
+         plugin->config_size = 0;