Overview

File tcpdump-CVE-2018-14465.patch of Package tcpdump.17077

From bea2686c296b79609060a104cc139810785b0739 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 8 Oct 2017 13:19:12 +0200
Subject: [PATCH] (for 4.9.3) CVE-2018-14465/RSVP: Add a missing bounds check

In rsvp_obj_print().

This fixes a buffer over-read discovered by Bhargava Shastry.

Add a test using the capture file supplied by the reporter(s).
---
 print-rsvp.c                        |   1 +
 tests/TESTLIST                      |   1 +
 tests/rsvp-rsvp_obj_print-oobr.out  |   7 +++++++
 tests/rsvp-rsvp_obj_print-oobr.pcap | Bin 0 -> 391 bytes
 4 files changed, 9 insertions(+)
 create mode 100644 tests/rsvp-rsvp_obj_print-oobr.out
 create mode 100644 tests/rsvp-rsvp_obj_print-oobr.pcap

diff --git a/print-rsvp.c b/print-rsvp.c
index 256191692..438761ea3 100644
--- a/print-rsvp.c
+++ b/print-rsvp.c
@@ -1555,6 +1555,7 @@ rsvp_obj_print(netdissect_options *ndo,
         case RSVP_OBJ_CLASSTYPE_OLD: /* fall through */
             switch(rsvp_obj_ctype) {
             case RSVP_CTYPE_1:
+                ND_TCHECK_32BITS(obj_tptr);
                 ND_PRINT((ndo, "%s  CT: %u",
                        ident,
                        EXTRACT_32BITS(obj_tptr) & 0x7));
openSUSE Build Service is sponsored by
Places