File tcpdump-CVE-2018-14463.patch of Package tcpdump.17077
From 3de07c772166b7e8e8bb4b9d1d078f1d901b570b Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 8 Oct 2017 13:28:05 +0200
Subject: [PATCH] (for 4.9.3) CVE-2018-14463/VRRP: Add a missing bounds check
In vrrp_print().
This fixes a buffer over-read discovered by Bhargava Shastry.
Add a test using the capture file supplied by the reporter(s).
---
print-vrrp.c | 4 +++-
tests/TESTLIST | 1 +
tests/vrrp-vrrp_print-oobr.out | 6 ++++++
tests/vrrp-vrrp_print-oobr.pcap | Bin 0 -> 3877 bytes
4 files changed, 10 insertions(+), 1 deletion(-)
create mode 100644 tests/vrrp-vrrp_print-oobr.out
create mode 100644 tests/vrrp-vrrp_print-oobr.pcap
diff --git a/print-vrrp.c b/print-vrrp.c
index d8ba42650..d6114e57b 100644
--- a/print-vrrp.c
+++ b/print-vrrp.c
@@ -142,9 +142,11 @@ vrrp_print(netdissect_options *ndo,
vec[0].ptr = bp;
vec[0].len = len;
- if (in_cksum(vec, 1))
+ if (in_cksum(vec, 1)) {
+ ND_TCHECK_16BITS(&bp[6]);
ND_PRINT((ndo, ", (bad vrrp cksum %x)",
EXTRACT_16BITS(&bp[6])));
+ }
}
if (version == 3 && ND_TTEST2(bp[0], len)) {