File tcpdump-CVE-2018-14469.patch of Package tcpdump.22834

From 396e94ff55a80d554b1fe46bf107db1e91008d6c Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 8 Oct 2017 11:36:55 +0200
Subject: [PATCH] (for 4.9.3) CVE-2018-14469/ISAKMP: Add a missing bounds check

In ikev1_n_print() check bounds before trying to fetch the replay detection
status.

This fixes a buffer over-read discovered by Bhargava Shastry.

Add a test using the capture file supplied by the reporter(s).
---
 print-isakmp.c                       |   1 +
 tests/TESTLIST                       |   1 +
 tests/isakmp-ikev1_n_print-oobr.out  |   8 ++++++++
 tests/isakmp-ikev1_n_print-oobr.pcap | Bin 0 -> 376 bytes
 4 files changed, 10 insertions(+)
 create mode 100644 tests/isakmp-ikev1_n_print-oobr.out
 create mode 100644 tests/isakmp-ikev1_n_print-oobr.pcap

diff --git a/print-isakmp.c b/print-isakmp.c
index 04374b0b3..951c8a741 100644
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -1769,6 +1769,7 @@ ikev1_n_print(netdissect_options *ndo, u_char tpay _U_,
 		    }
 		case IPSECDOI_NTYPE_REPLAY_STATUS:
 			ND_PRINT((ndo," status=("));
+			ND_TCHECK_32BITS(cp);
 			ND_PRINT((ndo,"replay detection %sabled",
 				  EXTRACT_32BITS(cp) ? "en" : "dis"));
 			ND_PRINT((ndo,")"));