File wireshark-0103-CVE-2024-8250.patch of Package wireshark.35707

From 66dcd56f1eae615697b6588ac4778a61a5576391 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sun, 28 Jul 2024 08:24:20 -0400
Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash
 table

We could change this table to an autoreset wmem_map as well.

Fix #19943
---
 epan/dissectors/packet-ntlmssp.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Index: wireshark-3.6.24/epan/dissectors/packet-ntlmssp.c
===================================================================
--- wireshark-3.6.24.orig/epan/dissectors/packet-ntlmssp.c
+++ wireshark-3.6.24/epan/dissectors/packet-ntlmssp.c
@@ -2343,7 +2343,9 @@ decrypt_data_payload(tvbuff_t *tvb, int
       decrypted_payloads = g_slist_prepend(decrypted_payloads,
                                            packet_ntlmssp_info->decrypted_payload);
       if (key != NULL) {
-        g_hash_table_insert(hash_packet, key, packet_ntlmssp_info);
+        guint8 *perm_key = g_new(guint8, NTLMSSP_KEY_LEN);
+        memcpy(perm_key, key, NTLMSSP_KEY_LEN);
+        g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info);
       }
 
       /* Do the decryption of the payload */
@@ -2801,7 +2803,7 @@ header_hash(gconstpointer pointer)
 static gboolean
 header_equal(gconstpointer pointer1, gconstpointer pointer2)
 {
-  if (!memcmp(pointer1, pointer2, 16)) {
+  if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) {
     return TRUE;
   }
   else {
@@ -2812,7 +2814,7 @@ header_equal(gconstpointer pointer1, gco
 static void
 ntlmssp_init_protocol(void)
 {
-  hash_packet = g_hash_table_new(header_hash, header_equal);
+  hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL);
 }
 
 static void