tcpdump/tcpdump-CVE-2017-16808.patch
Tomáš Chvátal b8ec7e7489 Accepting request 717917 from home:pmonrealgonzalez:branches:network:utilities
- Security fix [bsc#1142439, CVE-2019-1010220]
  * Buffer Over-read in print_prefix which may expose data
  * Added tcpdump-CVE-2019-1010220.patch

- Use %license macro for LICENSE file

- Security fix [bsc#1068716, CVE-2017-16808]
  * Heap-based buffer over-read related to aoe_print and lookup_emem
  * Added tcpdump-CVE-2017-16808.patch

OBS-URL: https://build.opensuse.org/request/show/717917
OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=47
2019-07-23 14:11:18 +00:00

27 lines
822 B
Diff

From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <denis@ovsienko.info>
Date: Thu, 31 Aug 2017 21:15:37 +0100
Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
In aoev1_reserve_print() check bounds before trying to print an Ethernet
address.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
---
print-aoe.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/print-aoe.c b/print-aoe.c
index 97e93df2e..2c78a55d3 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
goto invalid;
/* addresses */
for (i = 0; i < nmacs; i++) {
+ ND_TCHECK2(*cp, ETHER_ADDR_LEN);
ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
cp += ETHER_ADDR_LEN;
}