File 0002-test-case-files-for-CVE-2015-2153-2154-2155.patch of Package tcpdump.2563

From 1a4e86d0a273cc81b3236d9f8a5f47b586fec84c Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Mon, 9 Mar 2015 16:02:54 -0400
Subject: [PATCH 2/3] test case files for CVE-2015-2153,2154,2155 backport of
 patches from tcpdump 4.7 for CVE-2015-2153,2154,2155
 issues

Index: tcpdump-4.4.0/print-forces.c
===================================================================
--- tcpdump-4.4.0.orig/print-forces.c	2013-02-21 04:54:34.000000000 +0100
+++ tcpdump-4.4.0/print-forces.c	2015-03-20 10:51:32.016420873 +0100
@@ -281,7 +281,7 @@ pdatacnt_print(register const u_char * p
 
 			chk_op_type(type, op_msk, ops->op_msk);
 
-			if (ops->print((const u_char *)pdtlv,
+			if (ops->print!=NULL && ops->print((const u_char *)pdtlv,
 					tll + pad + TLV_HDRL, op_msk,
 					indent + 2) == -1)
 				return -1;
@@ -503,7 +503,9 @@ int otlv_print(const struct forces_tlv *
 
 	}
 
-	rc = ops->print(dp, tll, ops->op_msk, indent + 1);
+        if(ops->print) {
+          rc = ops->print(dp, tll, ops->op_msk, indent + 1);
+        }
 	return rc;
 
 trunc:
Index: tcpdump-4.4.0/print-isoclns.c
===================================================================
--- tcpdump-4.4.0.orig/print-isoclns.c	2013-02-21 04:54:34.000000000 +0100
+++ tcpdump-4.4.0/print-isoclns.c	2015-03-20 10:52:11.106979859 +0100
@@ -3091,10 +3091,16 @@ osi_print_cksum (const u_int8_t *pptr, u
                     u_int checksum_offset, u_int length)
 {
         u_int16_t calculated_checksum;
-
-        /* do not attempt to verify the checksum if it is zero */
-        if (!checksum) {
-                printf("(unverified)");
+        /* do not attempt to verify the checksum if it is zero,
+         * if the total length is nonsense,
+         * if the offset is nonsense,
+         * or the base pointer is not sane
+         */
+        if (!checksum
+            || length > snaplen
+            || checksum_offset > snaplen
+            || checksum_offset > length) {
+                printf(" (unverified)");
         } else {
                 calculated_checksum = create_osi_cksum(pptr, checksum_offset, length);
                 if (checksum == calculated_checksum) {
Index: tcpdump-4.4.0/print-rpki-rtr.c
===================================================================
--- tcpdump-4.4.0.orig/print-rpki-rtr.c	2013-02-21 04:54:35.000000000 +0100
+++ tcpdump-4.4.0/print-rpki-rtr.c	2015-03-20 10:51:32.017420888 +0100
@@ -184,6 +184,7 @@ rpki_rtr_pdu_print (const u_char *tptr,
     pdu_header = (rpki_rtr_pdu *)tptr;
     pdu_type = pdu_header->pdu_type;
     pdu_len = EXTRACT_32BITS(pdu_header->length);
+    TCHECK2(tptr, pdu_len);
     hexdump = FALSE;
 
     printf("%sRPKI-RTRv%u, %s PDU (%u), length: %u",
@@ -292,6 +293,7 @@ rpki_rtr_pdu_print (const u_char *tptr,
 		tptr += 4;
 		tlen -= 4;
 	    }
+            printf("text_length: %u tlen %u\n", text_length, tlen);
 	    if (text_length && (text_length <= tlen )) {
 		memcpy(buf, tptr, MIN(sizeof(buf)-1, text_length));
 		buf[text_length] = '\0';
@@ -312,6 +314,11 @@ rpki_rtr_pdu_print (const u_char *tptr,
     if (vflag > 1 || (vflag && hexdump)) {
 	print_unknown_data(tptr,"\n\t  ", pdu_len);
     }
+    return;
+
+ trunc:
+    printf("|trunc");
+    return;
 }
 
 void