Overview

File tcpdump-CVE-2018-14462.patch of Package tcpdump.19046

From 1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 8 Oct 2017 12:06:56 +0200
Subject: [PATCH] (for 4.9.3) CVE-2018-14462/ICMP: Add a missing bounds check

In icmp_print().

This fixes a buffer over-read discovered by Bhargava Shastry.

Add two tests using the capture files supplied by the reporter(s).
---
 print-icmp.c                      |   1 +
 tests/TESTLIST                    |   2 ++
 tests/icmp-icmp_print-oobr-1.out  |   7 +++++++
 tests/icmp-icmp_print-oobr-1.pcap | Bin 0 -> 1208 bytes
 tests/icmp-icmp_print-oobr-2.out  |   5 +++++
 tests/icmp-icmp_print-oobr-2.pcap | Bin 0 -> 2514 bytes
 6 files changed, 15 insertions(+)
 create mode 100644 tests/icmp-icmp_print-oobr-1.out
 create mode 100644 tests/icmp-icmp_print-oobr-1.pcap
 create mode 100644 tests/icmp-icmp_print-oobr-2.out
 create mode 100644 tests/icmp-icmp_print-oobr-2.pcap

Index: tcpdump-4.9.2/print-icmp.c
===================================================================
--- tcpdump-4.9.2.orig/print-icmp.c
+++ tcpdump-4.9.2/print-icmp.c
@@ -564,6 +564,7 @@ icmp_print(netdissect_options *ndo, cons
 			vec[0].len = plen;
 			sum = in_cksum(vec, 1);
 			if (sum != 0) {
+				ND_TCHECK_16BITS(&dp->icmp_cksum);
 				icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum);
 				ND_PRINT((ndo, " (wrong icmp cksum %x (->%x)!)",
 					     icmp_sum,
openSUSE Build Service is sponsored by
Places