File tcpdump-CVE-2018-14469.patch of Package tcpdump.22834
From 396e94ff55a80d554b1fe46bf107db1e91008d6c Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 8 Oct 2017 11:36:55 +0200
Subject: [PATCH] (for 4.9.3) CVE-2018-14469/ISAKMP: Add a missing bounds check
In ikev1_n_print() check bounds before trying to fetch the replay detection
status.
This fixes a buffer over-read discovered by Bhargava Shastry.
Add a test using the capture file supplied by the reporter(s).
---
print-isakmp.c | 1 +
tests/TESTLIST | 1 +
tests/isakmp-ikev1_n_print-oobr.out | 8 ++++++++
tests/isakmp-ikev1_n_print-oobr.pcap | Bin 0 -> 376 bytes
4 files changed, 10 insertions(+)
create mode 100644 tests/isakmp-ikev1_n_print-oobr.out
create mode 100644 tests/isakmp-ikev1_n_print-oobr.pcap
diff --git a/print-isakmp.c b/print-isakmp.c
index 04374b0b3..951c8a741 100644
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -1769,6 +1769,7 @@ ikev1_n_print(netdissect_options *ndo, u_char tpay _U_,
}
case IPSECDOI_NTYPE_REPLAY_STATUS:
ND_PRINT((ndo," status=("));
+ ND_TCHECK_32BITS(cp);
ND_PRINT((ndo,"replay detection %sabled",
EXTRACT_32BITS(cp) ? "en" : "dis"));
ND_PRINT((ndo,")"));