pool/tcpdump
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 297857 from home:AndreasStieger:branches:network:utilities

Browse Source 
- fix a DoS vulnerability in print-wb.c
  CVE-2015-3138 [boo#927637] adding CVE-2015-3138.patch

OBS-URL: https://build.opensuse.org/request/show/297857
OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=27
This commit is contained in:
Andreas Stieger 2015-04-17 20:19:44 +00:00 committed by Git OBS Bridge
parent 392452ab1c
commit 5213689914
3 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2015-3138.patch Normal file
View File

@ -0,0 +1,41 @@
From 3ed82f4ed0095768529afc22b923c8f7171fff70 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <denis@ovsienko.info>
Date: Wed, 25 Mar 2015 22:35:12 +0000
Subject: [PATCH] whiteboard: fixup a few reversed tests (GH #446)
This is a follow-up to commit 3a3ec26.
---
print-wb.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/print-wb.c b/print-wb.c
index 3e3b064..4fa5e38 100644
--- a/print-wb.c
+++ b/print-wb.c
@@ -201,7 +201,7 @@ wb_id(netdissect_options *ndo,
len -= sizeof(*io) * nid;
io = (struct id_off *)(id + 1);
cp = (char *)(io + nid);
- if (!ND_TTEST2(cp, len)) {
+ if (ND_TTEST2(cp, len)) {
ND_PRINT((ndo, "\""));
fn_print(ndo, (u_char *)cp, (u_char *)cp + len);
ND_PRINT((ndo, "\""));
@@ -266,7 +266,7 @@ wb_prep(netdissect_options *ndo,
}
n = EXTRACT_32BITS(&prep->pp_n);
ps = (const struct pgstate *)(prep + 1);
- while (--n >= 0 && !ND_TTEST(*ps)) {
+ while (--n >= 0 && ND_TTEST(*ps)) {
const struct id_off *io, *ie;
char c = '<';
@@ -275,7 +275,7 @@ wb_prep(netdissect_options *ndo,
ipaddr_string(ndo, &ps->page.p_sid),
EXTRACT_32BITS(&ps->page.p_uid)));
io = (struct id_off *)(ps + 1);
- for (ie = io + ps->nid; io < ie && !ND_TTEST(*io); ++io) {
+ for (ie = io + ps->nid; io < ie && ND_TTEST(*io); ++io) {
ND_PRINT((ndo, "%c%s:%u", c, ipaddr_string(ndo, &io->id),
EXTRACT_32BITS(&io->off)));
c = ',';

6
tcpdump.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Apr 17 20:00:24 UTC 2015 - astieger@suse.com
- fix a DoS vulnerability in print-wb.c
CVE-2015-3138 [boo#927637] adding CVE-2015-3138.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 13 09:54:11 UTC 2015 - vcizek@suse.com Fri Mar 13 09:54:11 UTC 2015 - vcizek@suse.com

2
tcpdump.spec
View File

@ -30,6 +30,7 @@ Source: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz
Source1: tcpdump-qeth Source1: tcpdump-qeth
Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
Patch0: CVE-2015-3138.patch
BuildRequires: libpcap-devel >= %{min_libpcap_version} BuildRequires: libpcap-devel >= %{min_libpcap_version}
BuildRequires: libsmi-devel BuildRequires: libsmi-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
@ -42,6 +43,7 @@ ethernet. It can be used to debug specific network problems.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing" export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing"