Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
wireshark.35707
wireshark-0103-CVE-2024-8250.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File wireshark-0103-CVE-2024-8250.patch of Package wireshark.35707
From 66dcd56f1eae615697b6588ac4778a61a5576391 Mon Sep 17 00:00:00 2001 From: John Thacker <johnthacker@gmail.com> Date: Sun, 28 Jul 2024 08:24:20 -0400 Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash table We could change this table to an autoreset wmem_map as well. Fix #19943 --- epan/dissectors/packet-ntlmssp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) Index: wireshark-3.6.24/epan/dissectors/packet-ntlmssp.c =================================================================== --- wireshark-3.6.24.orig/epan/dissectors/packet-ntlmssp.c +++ wireshark-3.6.24/epan/dissectors/packet-ntlmssp.c @@ -2343,7 +2343,9 @@ decrypt_data_payload(tvbuff_t *tvb, int decrypted_payloads = g_slist_prepend(decrypted_payloads, packet_ntlmssp_info->decrypted_payload); if (key != NULL) { - g_hash_table_insert(hash_packet, key, packet_ntlmssp_info); + guint8 *perm_key = g_new(guint8, NTLMSSP_KEY_LEN); + memcpy(perm_key, key, NTLMSSP_KEY_LEN); + g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info); } /* Do the decryption of the payload */ @@ -2801,7 +2803,7 @@ header_hash(gconstpointer pointer) static gboolean header_equal(gconstpointer pointer1, gconstpointer pointer2) { - if (!memcmp(pointer1, pointer2, 16)) { + if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) { return TRUE; } else { @@ -2812,7 +2814,7 @@ header_equal(gconstpointer pointer1, gco static void ntlmssp_init_protocol(void) { - hash_packet = g_hash_table_new(header_hash, header_equal); + hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL); } static void
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor