From 4018db3cdac1d0eef1ad039d1a9120fa79e04b58 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 8 Jul 2019 14:16:34 +0000 Subject: main/tcpflow: backport fix for CVE-2018-18409 and remove unused patch ref #10426 --- main/tcpflow/APKBUILD | 16 ++- main/tcpflow/CVE-2018-18409.patch | 183 ++++++++++++++++++++++++++ main/tcpflow/configure-missing-m4-files.patch | 15 --- 3 files changed, 194 insertions(+), 20 deletions(-) create mode 100644 main/tcpflow/CVE-2018-18409.patch delete mode 100644 main/tcpflow/configure-missing-m4-files.patch diff --git a/main/tcpflow/APKBUILD b/main/tcpflow/APKBUILD index 6192210b93f..c678ae2d7c3 100644 --- a/main/tcpflow/APKBUILD +++ b/main/tcpflow/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa pkgname=tcpflow pkgver=1.5.0 -pkgrel=0 +pkgrel=1 pkgdesc="A Tool for monitoring, capturing and storing TCP connections flows" url="https://github.com/simsong/tcpflow" arch="all" @@ -11,13 +11,19 @@ depends="" makedepends="libpcap-dev zlib-dev boost-dev openssl-dev autoconf automake" install="" subpackages="$pkgname-doc" -source="https://fossies.org/linux/misc/$pkgname-$pkgver.tar.gz - configure-missing-m4-files.patch" +source="https://github.com/simsong/tcpflow/archive/tcpflow-$pkgver.tar.gz + CVE-2018-18409.patch + " -builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 1.5.2-r1: +# - CVE-2018-18409 + +builddir="$srcdir"/tcpflow-$pkgver prepare() { cd "$builddir" + default_prepare sed -i 's/test-pdfs.sh//' tests/Makefile.am autoreconf -fsiv } @@ -44,4 +50,4 @@ package() { } sha512sums="eaf518e5e4d95ea9587542cec16a65a8e1518b54e6c23d84355ce11780c99758346db364ba502f90d938e54b01a1e32807d69ed35afb1e5e378a9a009c5609f5 tcpflow-1.5.0.tar.gz -79f6255ca9f94c8ce94b4f2c9736e5ff0c1b307492a7af6d16ea3a14915df144c3322a5410cc31bcc28d6eddc1dd02b08d77f891ecbdd7f2ca99f0b9f9228b15 configure-missing-m4-files.patch" +104ffc29954da657d52881491ed8f3102123f8ed36fbd8f435ffa24d05fe2ef7c34d84b16477c1408bac935497499d8550fec81ffaa84b9b783d09f4b6bab428 CVE-2018-18409.patch" diff --git a/main/tcpflow/CVE-2018-18409.patch b/main/tcpflow/CVE-2018-18409.patch new file mode 100644 index 00000000000..fb324de7040 --- /dev/null +++ b/main/tcpflow/CVE-2018-18409.patch @@ -0,0 +1,183 @@ +From 89c04b4fb0e46b3c4f1388686e83966e531cbea9 Mon Sep 17 00:00:00 2001 +From: "Simson L. Garfinkel" +Date: Sat, 20 Oct 2018 07:31:32 -0400 +Subject: [PATCH] fixed theoretical stack overflow identified in #195) + +--- + src/iptree.h | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/src/iptree.h b/src/iptree.h +index 6332e8e..6abf25b 100644 +--- a/src/iptree.h ++++ b/src/iptree.h +@@ -241,8 +241,10 @@ private:; + return (addr[i / 8]) & (1<<((7-i)&7)); + } + /* set the ith bit to 1 */ +- static void setbit(uint8_t *addr,size_t i){ +- addr[i / 8] |= (1<<((7-i)&7)); ++ static void setbit(uint8_t *addr,size_t addr, size_t i){ ++ if ( i/8 < addr) { ++ addr[i / 8] |= (1<<((7-i)&7)); ++ } + } + + virtual ~iptreet(){} // required per compiler warnings +@@ -388,7 +390,8 @@ private:; + uint8_t addr1[ADDRBYTES]; + + memset(addr0,0,sizeof(addr0)); memcpy(addr0,addr,(depth+7)/8); +- memset(addr1,0,sizeof(addr1)); memcpy(addr1,addr,(depth+7)/8); setbit(addr1,depth); ++ memset(addr1,0,sizeof(addr1)); memcpy(addr1,addr,(depth+7)/8); ++ setbit(addr1,sizeof(addr1),depth); + + if(ptr->ptr0) get_histogram(depth+1,addr0,ptr->ptr0,histogram); + if(ptr->ptr1) get_histogram(depth+1,addr1,ptr->ptr1,histogram); +@@ -527,8 +530,10 @@ class ip2tree:public iptreet { + /* de-interleave a pair of addresses */ + static void un_pair(uint8_t *addr1,uint8_t *addr2,size_t addr12len,size_t *depth1,size_t *depth2,const uint8_t *addr,size_t addrlen,size_t depth){ + for(size_t i=0;i::bit(addr,i*2)) iptreet::setbit(addr1,i); +- if(iptreet::bit(addr,i*2+1)) iptreet::setbit(addr2,i); ++ if(iptreet::bit(addr,i*2)) ++ iptreet::setbit(addr1,sizeof(addr1),i); ++ if(iptreet::bit(addr,i*2+1)) ++ iptreet::setbit(addr2,sizeof(addr2),i); + } + *depth1 = (depth+1)/2; + *depth2 = (depth)/2; +@@ -563,8 +568,10 @@ class ip2tree:public iptreet { + memset(addr,0,sizeof(addr)); + /* Interleave on the bit by bit level */ + for(size_t i=0;i::bit(addr1,i)) iptreet::setbit(addr,i*2); +- if(iptreet::bit(addr2,i)) iptreet::setbit(addr,i*2+1); ++ if(iptreet::bit(addr1,i)) ++ iptreet::setbit(addr,sizeof(addr),i*2); ++ if(iptreet::bit(addr2,i)) ++ iptreet::setbit(addr,sizeof(addr),i*2+1); + } + add(addr,addrlen*2,val); /* Add it */ + } +From f4097c7c99ebb7b54d93a426016840072946c410 Mon Sep 17 00:00:00 2001 +From: "Simson L. Garfinkel" +Date: Wed, 21 Nov 2018 17:57:12 -0600 +Subject: [PATCH] fixed sizeof(addr1) and sizeof(addr2) error in un_pair + +--- + src/iptree.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/iptree.h b/src/iptree.h +index 2c717db..0ddfa14 100644 +--- a/src/iptree.h ++++ b/src/iptree.h +@@ -530,9 +530,9 @@ class ip2tree:public iptreet { + static void un_pair(uint8_t *addr1,uint8_t *addr2,size_t addr12len,size_t *depth1,size_t *depth2,const uint8_t *addr,size_t addrlen,size_t depth){ + for(size_t i=0;i::bit(addr,i*2)) +- iptreet::setbit(addr1,sizeof(addr1),i); ++ iptreet::setbit(addr1, addr12len, i); + if(iptreet::bit(addr,i*2+1)) +- iptreet::setbit(addr2,sizeof(addr2),i); ++ iptreet::setbit(addr2, addr12len, i); + } + *depth1 = (depth+1)/2; + *depth2 = (depth)/2; +From 0e96c3578a79c41eab1e597ccd38e1c612b47810 Mon Sep 17 00:00:00 2001 +From: "Simson L. Garfinkel" +Date: Sun, 18 Nov 2018 16:29:57 -0500 +Subject: [PATCH] updated to 1.5.1; added -Wno-address-of-packed-member; fixed + compile errors accidentally introduced. + +--- + ChangeLog | 4 ++++ + configure.ac | 7 ++++++- + src/iptree.h | 4 ++-- + src/tcpflow.cpp | 10 ++++++++++ + 4 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index b0682c1..860ec23 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,7 @@ ++2018-11-18 Simson Garfinkel ++ * updated for pcap_findalldevs ++ * added -Wno-address-of-packed-member to avoid error ++ + 2017-07-12 Simson Garfinkel + * updated to work with Fedora 26 compilers + * Found bug in sbuf.cpp +diff --git a/configure.ac b/configure.ac +index fc48b63..866417e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -7,7 +7,7 @@ + # and http://www.openismus.com/documents/linux/automake/automake.shtml + + AC_PREREQ(2.57) +-AC_INIT(TCPFLOW, 1.5.0, simsong@acm.org) ++AC_INIT(TCPFLOW, 1.5.1, simsong@acm.org) + AC_CONFIG_MACRO_DIR([m4]) + + AC_CONFIG_FILES([Makefile src/Makefile tests/Makefile doc/Makefile]) +@@ -70,6 +70,10 @@ case $host in + LDFLAGS="$LDFLAGS --static" + mingw="yes" + ;; ++ ++ *) ++ CXXFLAGS="$CXXFLAGS -Wno-address-of-packed-member" ++ ;; + esac + + if test x"${mingw}" == "xno" ; then +@@ -348,6 +352,7 @@ located.]) + Mmissing_library="$Mmissing_library libpcap " + ]) + fi ++AC_CHECK_FUNCS([pcap_findalldevs]) + + dnl set with_wifi to 0 if you do not want it + AC_ARG_ENABLE([wifi], +diff --git a/src/iptree.h b/src/iptree.h +index 6abf25b..5732dbc 100644 +--- a/src/iptree.h ++++ b/src/iptree.h +@@ -241,8 +241,8 @@ private:; + return (addr[i / 8]) & (1<<((7-i)&7)); + } + /* set the ith bit to 1 */ +- static void setbit(uint8_t *addr,size_t addr, size_t i){ +- if ( i/8 < addr) { ++ static void setbit(uint8_t *addr,size_t addrlen, size_t i){ ++ if ( i/8 < addrlen) { + addr[i / 8] |= (1<<((7-i)&7)); + } + } +diff --git a/src/tcpflow.cpp b/src/tcpflow.cpp +index d85dff6..004107f 100644 +--- a/src/tcpflow.cpp ++++ b/src/tcpflow.cpp +@@ -461,9 +461,19 @@ static int process_infile(tcpdemux &demux,const std::string &expression,const ch + } else { + /* if the user didn't specify a device, try to find a reasonable one */ + if (device == NULL){ ++#ifdef HAVE_PCAP_FINDALLDEVS ++ char errbuf[PCAP_ERRBUF_SIZE]; ++ pcap_if_t *alldevs = 0; ++ if (pcap_findalldevs(&alldevs,errbuf)){ ++ die("%s", errbuf); ++ } ++ device=strdup(alldevs[0].name); ++ pcap_freealldevs(alldevs); ++#else + if ((device = pcap_lookupdev(error)) == NULL){ + die("%s", error); + } ++#endif + } + + /* make sure we can open the device */ diff --git a/main/tcpflow/configure-missing-m4-files.patch b/main/tcpflow/configure-missing-m4-files.patch deleted file mode 100644 index f0f7b4b1b37..00000000000 --- a/main/tcpflow/configure-missing-m4-files.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index cdaa5da..b11d9cf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -221,8 +221,8 @@ AC_CHECK_FUNCS([MD5_Init EVP_get_digestbyname]) - ################################################################ - ## Includes - --m4_include([src/dfxml/src/dfxml_configure.m4]) --m4_include([src/be13_api/be13_configure.m4]) -+#m4_include([src/dfxml/src/dfxml_configure.m4]) -+#m4_include([src/be13_api/be13_configure.m4]) - - ################################################################ - # PTHREAD support -- cgit v1.2.3