b8ec7e7489
- Security fix [bsc#1142439, CVE-2019-1010220] * Buffer Over-read in print_prefix which may expose data * Added tcpdump-CVE-2019-1010220.patch - Use %license macro for LICENSE file - Security fix [bsc#1068716, CVE-2017-16808] * Heap-based buffer over-read related to aoe_print and lookup_emem * Added tcpdump-CVE-2017-16808.patch OBS-URL: https://build.opensuse.org/request/show/717917 OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=47
29 lines
1009 B
Diff
29 lines
1009 B
Diff
From 511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 Mon Sep 17 00:00:00 2001
|
|
From: Guy Harris <guy@alum.mit.edu>
|
|
Date: Sat, 1 Jun 2019 14:42:09 -0700
|
|
Subject: [PATCH] If decode_prefix6() returns a negative number, don't print
|
|
buf.
|
|
|
|
If it returns a negative number, it hasn't necessarily filled in buf, so
|
|
just return immediately; this is similar to the IPv4 code path, wherein
|
|
we just return a negative number, and print nothing, on an error.
|
|
|
|
This should fix GitHub issue #763.
|
|
---
|
|
print-hncp.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
Index: tcpdump-4.9.2/print-hncp.c
|
|
===================================================================
|
|
--- tcpdump-4.9.2.orig/print-hncp.c
|
|
+++ tcpdump-4.9.2/print-hncp.c
|
|
@@ -231,6 +231,8 @@ print_prefix(netdissect_options *ndo, co
|
|
plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
|
|
} else {
|
|
plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
|
|
+ if (plenbytes < 0)
|
|
+ return plenbytes;
|
|
}
|
|
|
|
ND_PRINT((ndo, "%s", buf));
|