aboutsummaryrefslogtreecommitdiffstats
path: root/main/tcpflow/CVE-2018-18409.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/tcpflow/CVE-2018-18409.patch')
-rw-r--r--main/tcpflow/CVE-2018-18409.patch183
1 files changed, 183 insertions, 0 deletions
diff --git a/main/tcpflow/CVE-2018-18409.patch b/main/tcpflow/CVE-2018-18409.patch
new file mode 100644
index 0000000000..fb324de704
--- /dev/null
+++ b/main/tcpflow/CVE-2018-18409.patch
@@ -0,0 +1,183 @@
+From 89c04b4fb0e46b3c4f1388686e83966e531cbea9 Mon Sep 17 00:00:00 2001
+From: "Simson L. Garfinkel" <simsong@acm.org>
+Date: Sat, 20 Oct 2018 07:31:32 -0400
+Subject: [PATCH] fixed theoretical stack overflow identified in #195)
+
+---
+ src/iptree.h | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/src/iptree.h b/src/iptree.h
+index 6332e8e..6abf25b 100644
+--- a/src/iptree.h
++++ b/src/iptree.h
+@@ -241,8 +241,10 @@ private:;
+ return (addr[i / 8]) & (1<<((7-i)&7));
+ }
+ /* set the ith bit to 1 */
+- static void setbit(uint8_t *addr,size_t i){
+- addr[i / 8] |= (1<<((7-i)&7));
++ static void setbit(uint8_t *addr,size_t addr, size_t i){
++ if ( i/8 < addr) {
++ addr[i / 8] |= (1<<((7-i)&7));
++ }
+ }
+
+ virtual ~iptreet(){} // required per compiler warnings
+@@ -388,7 +390,8 @@ private:;
+ uint8_t addr1[ADDRBYTES];
+
+ memset(addr0,0,sizeof(addr0)); memcpy(addr0,addr,(depth+7)/8);
+- memset(addr1,0,sizeof(addr1)); memcpy(addr1,addr,(depth+7)/8); setbit(addr1,depth);
++ memset(addr1,0,sizeof(addr1)); memcpy(addr1,addr,(depth+7)/8);
++ setbit(addr1,sizeof(addr1),depth);
+
+ if(ptr->ptr0) get_histogram(depth+1,addr0,ptr->ptr0,histogram);
+ if(ptr->ptr1) get_histogram(depth+1,addr1,ptr->ptr1,histogram);
+@@ -527,8 +530,10 @@ class ip2tree:public iptreet<uint64_t,32> {
+ /* de-interleave a pair of addresses */
+ static void un_pair(uint8_t *addr1,uint8_t *addr2,size_t addr12len,size_t *depth1,size_t *depth2,const uint8_t *addr,size_t addrlen,size_t depth){
+ for(size_t i=0;i<addrlen*8/2;i++){
+- if(iptreet<uint64_t,32>::bit(addr,i*2)) iptreet<uint64_t,32>::setbit(addr1,i);
+- if(iptreet<uint64_t,32>::bit(addr,i*2+1)) iptreet<uint64_t,32>::setbit(addr2,i);
++ if(iptreet<uint64_t,32>::bit(addr,i*2))
++ iptreet<uint64_t,32>::setbit(addr1,sizeof(addr1),i);
++ if(iptreet<uint64_t,32>::bit(addr,i*2+1))
++ iptreet<uint64_t,32>::setbit(addr2,sizeof(addr2),i);
+ }
+ *depth1 = (depth+1)/2;
+ *depth2 = (depth)/2;
+@@ -563,8 +568,10 @@ class ip2tree:public iptreet<uint64_t,32> {
+ memset(addr,0,sizeof(addr));
+ /* Interleave on the bit by bit level */
+ for(size_t i=0;i<addrlen*8;i++){
+- if(iptreet<uint64_t,32>::bit(addr1,i)) iptreet<uint64_t,32>::setbit(addr,i*2);
+- if(iptreet<uint64_t,32>::bit(addr2,i)) iptreet<uint64_t,32>::setbit(addr,i*2+1);
++ if(iptreet<uint64_t,32>::bit(addr1,i))
++ iptreet<uint64_t,32>::setbit(addr,sizeof(addr),i*2);
++ if(iptreet<uint64_t,32>::bit(addr2,i))
++ iptreet<uint64_t,32>::setbit(addr,sizeof(addr),i*2+1);
+ }
+ add(addr,addrlen*2,val); /* Add it */
+ }
+From f4097c7c99ebb7b54d93a426016840072946c410 Mon Sep 17 00:00:00 2001
+From: "Simson L. Garfinkel" <simsong@acm.org>
+Date: Wed, 21 Nov 2018 17:57:12 -0600
+Subject: [PATCH] fixed sizeof(addr1) and sizeof(addr2) error in un_pair
+
+---
+ src/iptree.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/iptree.h b/src/iptree.h
+index 2c717db..0ddfa14 100644
+--- a/src/iptree.h
++++ b/src/iptree.h
+@@ -530,9 +530,9 @@ class ip2tree:public iptreet<uint64_t,32> {
+ static void un_pair(uint8_t *addr1,uint8_t *addr2,size_t addr12len,size_t *depth1,size_t *depth2,const uint8_t *addr,size_t addrlen,size_t depth){
+ for(size_t i=0;i<addrlen*8/2;i++){
+ if(iptreet<uint64_t,32>::bit(addr,i*2))
+- iptreet<uint64_t,32>::setbit(addr1,sizeof(addr1),i);
++ iptreet<uint64_t,32>::setbit(addr1, addr12len, i);
+ if(iptreet<uint64_t,32>::bit(addr,i*2+1))
+- iptreet<uint64_t,32>::setbit(addr2,sizeof(addr2),i);
++ iptreet<uint64_t,32>::setbit(addr2, addr12len, i);
+ }
+ *depth1 = (depth+1)/2;
+ *depth2 = (depth)/2;
+From 0e96c3578a79c41eab1e597ccd38e1c612b47810 Mon Sep 17 00:00:00 2001
+From: "Simson L. Garfinkel" <simsong@acm.org>
+Date: Sun, 18 Nov 2018 16:29:57 -0500
+Subject: [PATCH] updated to 1.5.1; added -Wno-address-of-packed-member; fixed
+ compile errors accidentally introduced.
+
+---
+ ChangeLog | 4 ++++
+ configure.ac | 7 ++++++-
+ src/iptree.h | 4 ++--
+ src/tcpflow.cpp | 10 ++++++++++
+ 4 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index b0682c1..860ec23 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,7 @@
++2018-11-18 Simson Garfinkel <simsong@acm.org>
++ * updated for pcap_findalldevs
++ * added -Wno-address-of-packed-member to avoid error
++
+ 2017-07-12 Simson Garfinkel <simsong@acm.org>
+ * updated to work with Fedora 26 compilers
+ * Found bug in sbuf.cpp
+diff --git a/configure.ac b/configure.ac
+index fc48b63..866417e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -7,7 +7,7 @@
+ # and http://www.openismus.com/documents/linux/automake/automake.shtml
+
+ AC_PREREQ(2.57)
+-AC_INIT(TCPFLOW, 1.5.0, simsong@acm.org)
++AC_INIT(TCPFLOW, 1.5.1, simsong@acm.org)
+ AC_CONFIG_MACRO_DIR([m4])
+
+ AC_CONFIG_FILES([Makefile src/Makefile tests/Makefile doc/Makefile])
+@@ -70,6 +70,10 @@ case $host in
+ LDFLAGS="$LDFLAGS --static"
+ mingw="yes"
+ ;;
++
++ *)
++ CXXFLAGS="$CXXFLAGS -Wno-address-of-packed-member"
++ ;;
+ esac
+
+ if test x"${mingw}" == "xno" ; then
+@@ -348,6 +352,7 @@ located.])
+ Mmissing_library="$Mmissing_library libpcap "
+ ])
+ fi
++AC_CHECK_FUNCS([pcap_findalldevs])
+
+ dnl set with_wifi to 0 if you do not want it
+ AC_ARG_ENABLE([wifi],
+diff --git a/src/iptree.h b/src/iptree.h
+index 6abf25b..5732dbc 100644
+--- a/src/iptree.h
++++ b/src/iptree.h
+@@ -241,8 +241,8 @@ private:;
+ return (addr[i / 8]) & (1<<((7-i)&7));
+ }
+ /* set the ith bit to 1 */
+- static void setbit(uint8_t *addr,size_t addr, size_t i){
+- if ( i/8 < addr) {
++ static void setbit(uint8_t *addr,size_t addrlen, size_t i){
++ if ( i/8 < addrlen) {
+ addr[i / 8] |= (1<<((7-i)&7));
+ }
+ }
+diff --git a/src/tcpflow.cpp b/src/tcpflow.cpp
+index d85dff6..004107f 100644
+--- a/src/tcpflow.cpp
++++ b/src/tcpflow.cpp
+@@ -461,9 +461,19 @@ static int process_infile(tcpdemux &demux,const std::string &expression,const ch
+ } else {
+ /* if the user didn't specify a device, try to find a reasonable one */
+ if (device == NULL){
++#ifdef HAVE_PCAP_FINDALLDEVS
++ char errbuf[PCAP_ERRBUF_SIZE];
++ pcap_if_t *alldevs = 0;
++ if (pcap_findalldevs(&alldevs,errbuf)){
++ die("%s", errbuf);
++ }
++ device=strdup(alldevs[0].name);
++ pcap_freealldevs(alldevs);
++#else
+ if ((device = pcap_lookupdev(error)) == NULL){
+ die("%s", error);
+ }
++#endif
+ }
+
+ /* make sure we can open the device */