File tcpdump-CVE-2018-14465.patch of Package tcpdump.17077
From bea2686c296b79609060a104cc139810785b0739 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 8 Oct 2017 13:19:12 +0200
Subject: [PATCH] (for 4.9.3) CVE-2018-14465/RSVP: Add a missing bounds check
In rsvp_obj_print().
This fixes a buffer over-read discovered by Bhargava Shastry.
Add a test using the capture file supplied by the reporter(s).
---
print-rsvp.c | 1 +
tests/TESTLIST | 1 +
tests/rsvp-rsvp_obj_print-oobr.out | 7 +++++++
tests/rsvp-rsvp_obj_print-oobr.pcap | Bin 0 -> 391 bytes
4 files changed, 9 insertions(+)
create mode 100644 tests/rsvp-rsvp_obj_print-oobr.out
create mode 100644 tests/rsvp-rsvp_obj_print-oobr.pcap
diff --git a/print-rsvp.c b/print-rsvp.c
index 256191692..438761ea3 100644
--- a/print-rsvp.c
+++ b/print-rsvp.c
@@ -1555,6 +1555,7 @@ rsvp_obj_print(netdissect_options *ndo,
case RSVP_OBJ_CLASSTYPE_OLD: /* fall through */
switch(rsvp_obj_ctype) {
case RSVP_CTYPE_1:
+ ND_TCHECK_32BITS(obj_tptr);
ND_PRINT((ndo, "%s CT: %u",
ident,
EXTRACT_32BITS(obj_tptr) & 0x7));