master

分支 (7)

标签 (3)

管理

管理

master

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.09

openEuler1.0-base

openEuler1.0

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

wireshark
/
CVE-2019-5719.patch

From b5b02f2a9b8772d8814096f86c60a32889d61f2c Mon Sep 17 00:00:00 2001
From: Jaap Keuter <[email protected]>
Date: Mon, 24 Dec 2018 23:15:26 +0100
Subject: [PATCH] ISAKMP: Fix a crash when no decryption data block is there

Don't try to (re)set parameters in a struct when its pointer
points to NULL.

Bug: 15374
Change-Id: I953e82795990fde5fce2ad6d955781b372a9e405
Signed-off-by: Jaap Keuter <[email protected]>
Reviewed-on: https://code.wireshark.org/review/31189
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <[email protected]>
(cherry picked from commit c9cfae7fecd4bc21b8b4f48328d08e104d47dd52)
Reviewed-on: https://code.wireshark.org/review/31220
Petri-Dish: Michael Mann <[email protected]>
---
 epan/dissectors/packet-isakmp.c | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c
index 8b9ba85db5..e134ca8632 100644
--- a/epan/dissectors/packet-isakmp.c
+++ b/epan/dissectors/packet-isakmp.c
@@ -3741,8 +3741,7 @@ dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_t

 /* Returns the number of bytes consumed by this attribute. */
 static int
-dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr
-)
+dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr)
 {
   guint headerlen, value_len, attr_type;
   proto_item *attr_item;
@@ -3765,22 +3764,22 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
     case IKE_ATTR_ENCRYPTION_ALGORITHM:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d"));
-      decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
+      if (decr) decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
       break;
     case IKE_ATTR_HASH_ALGORITHM:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d"));
-      decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
+      if (decr) decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
       break;
     case IKE_ATTR_AUTHENTICATION_METHOD:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
-      decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
+      if (decr) decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
       break;
     case IKE_ATTR_GROUP_DESCRIPTION:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
       proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
-      decr->group = tvb_get_ntohs(tvb, offset);
+      if (decr) decr->group = tvb_get_ntohs(tvb, offset);
       break;
     case IKE_ATTR_GROUP_TYPE:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
@@ -3814,7 +3813,7 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
     case IKE_ATTR_KEY_LENGTH:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
       proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
-      decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
+      if (decr) decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
       break;
     case IKE_ATTR_FIELD_SIZE:
       proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA);
@@ -3950,12 +3949,14 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro
     offset += 2;

     if (protocol_id == 1 && transform_id == 1) {
-      /* Allow detection of missing IKE transform attributes:
-       * Make sure their values are not carried over from another transform
-       * dissected previously. */
-      decr->ike_encr_alg = 0;
-      decr->ike_encr_keylen = 0;
-      decr->ike_hash_alg = 0;
+      if (decr) {
+        /* Allow detection of missing IKE transform attributes:
+         * Make sure their values are not carried over from another transform
+         * dissected previously. */
+        decr->ike_encr_alg = 0;
+        decr->ike_encr_keylen = 0;
+        decr->ike_hash_alg = 0;
+      }
       while (offset < offset_end) {
         offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr);
       }