diff --git a/CVE-2015-3138.patch b/CVE-2015-3138.patch new file mode 100644 index 0000000..0c33f88 --- /dev/null +++ b/CVE-2015-3138.patch @@ -0,0 +1,41 @@ +From 3ed82f4ed0095768529afc22b923c8f7171fff70 Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko +Date: Wed, 25 Mar 2015 22:35:12 +0000 +Subject: [PATCH] whiteboard: fixup a few reversed tests (GH #446) + +This is a follow-up to commit 3a3ec26. +--- + print-wb.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/print-wb.c b/print-wb.c +index 3e3b064..4fa5e38 100644 +--- a/print-wb.c ++++ b/print-wb.c +@@ -201,7 +201,7 @@ wb_id(netdissect_options *ndo, + len -= sizeof(*io) * nid; + io = (struct id_off *)(id + 1); + cp = (char *)(io + nid); +- if (!ND_TTEST2(cp, len)) { ++ if (ND_TTEST2(cp, len)) { + ND_PRINT((ndo, "\"")); + fn_print(ndo, (u_char *)cp, (u_char *)cp + len); + ND_PRINT((ndo, "\"")); +@@ -266,7 +266,7 @@ wb_prep(netdissect_options *ndo, + } + n = EXTRACT_32BITS(&prep->pp_n); + ps = (const struct pgstate *)(prep + 1); +- while (--n >= 0 && !ND_TTEST(*ps)) { ++ while (--n >= 0 && ND_TTEST(*ps)) { + const struct id_off *io, *ie; + char c = '<'; + +@@ -275,7 +275,7 @@ wb_prep(netdissect_options *ndo, + ipaddr_string(ndo, &ps->page.p_sid), + EXTRACT_32BITS(&ps->page.p_uid))); + io = (struct id_off *)(ps + 1); +- for (ie = io + ps->nid; io < ie && !ND_TTEST(*io); ++io) { ++ for (ie = io + ps->nid; io < ie && ND_TTEST(*io); ++io) { + ND_PRINT((ndo, "%c%s:%u", c, ipaddr_string(ndo, &io->id), + EXTRACT_32BITS(&io->off))); + c = ','; diff --git a/tcpdump.changes b/tcpdump.changes index 327deea..443f1ca 100644 --- a/tcpdump.changes +++ b/tcpdump.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 17 20:00:24 UTC 2015 - astieger@suse.com + +- fix a DoS vulnerability in print-wb.c + CVE-2015-3138 [boo#927637] adding CVE-2015-3138.patch + ------------------------------------------------------------------- Fri Mar 13 09:54:11 UTC 2015 - vcizek@suse.com diff --git a/tcpdump.spec b/tcpdump.spec index 97c2044..bac002d 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -30,6 +30,7 @@ Source: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source1: tcpdump-qeth Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring +Patch0: CVE-2015-3138.patch BuildRequires: libpcap-devel >= %{min_libpcap_version} BuildRequires: libsmi-devel BuildRequires: openssl-devel @@ -42,6 +43,7 @@ ethernet. It can be used to debug specific network problems. %prep %setup -q +%patch0 -p1 %build export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing"