File tcpdump-CVE-2018-14882.patch of Package tcpdump.22834

From d7505276842e85bfd067fa21cdb32b8a2dc3c5e4 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Fri, 3 Nov 2017 16:32:30 +0100
Subject: [PATCH] (for 4.9.3) CVE-2018-14882/ICMP6 RPL: Add a missing bounds
 check

Moreover:
Add and use *_tstr[] strings.
Update four tests outputs accordingly.
Fix a space.

Wang Junjie of 360 ESG Codesafe Team had independently identified this
vulnerability in 2018 by means of fuzzing and provided the packet capture
file for the test.
---
 print-icmp6.c                     |  29 +++++++++++++++++------------
 tests/TESTLIST                    |   1 +
 tests/icmp6_mobileprefix_asan.out |   2 +-
 tests/icmp6_nodeinfo_oobr.out     |   2 +-
 tests/rpl-19-pickdag.out          |   2 +-
 tests/rpl-19-pickdagvvv.out       |   2 +-
 tests/rpl-dao-oobr.out            |   1 +
 tests/rpl-dao-oobr.pcapng         | Bin 0 -> 264 bytes
 8 files changed, 23 insertions(+), 16 deletions(-)
 create mode 100644 tests/rpl-dao-oobr.out
 create mode 100644 tests/rpl-dao-oobr.pcapng

Index: tcpdump-4.9.2/print-icmp6.c
===================================================================
--- tcpdump-4.9.2.orig/print-icmp6.c
+++ tcpdump-4.9.2/print-icmp6.c
@@ -41,6 +41,10 @@
 #include "udp.h"
 #include "ah.h"
 
+static const char icmp6_tstr[] = "[|icmp6]";
+static const char rpl_tstr[] = " [|rpl]";
+static const char mldv2_tstr[] = " [|mldv2]";
+
 /*	NetBSD: icmp6.h,v 1.13 2000/08/03 16:30:37 itojun Exp 	*/
 /*	$KAME: icmp6.h,v 1.22 2000/08/03 15:25:16 jinmei Exp $	*/
 
@@ -686,7 +690,7 @@ rpl_dio_printopt(netdissect_options *ndo
         }
         return;
 trunc:
-	ND_PRINT((ndo," [|truncated]"));
+	ND_PRINT((ndo, "%s", rpl_tstr));
 	return;
 }
 
@@ -715,7 +719,7 @@ rpl_dio_print(netdissect_options *ndo,
         }
 	return;
 trunc:
-	ND_PRINT((ndo," [|truncated]"));
+	ND_PRINT((ndo, "%s", rpl_tstr));
 	return;
 }
 
@@ -756,7 +760,7 @@ rpl_dao_print(netdissect_options *ndo,
 	return;
 
 trunc:
-	ND_PRINT((ndo," [|truncated]"));
+	ND_PRINT((ndo, "%s", rpl_tstr));
 	return;
 
 tooshort:
@@ -800,7 +804,7 @@ rpl_daoack_print(netdissect_options *ndo
 	return;
 
 trunc:
-	ND_PRINT((ndo," [|dao-truncated]"));
+	ND_PRINT((ndo, "%s", rpl_tstr));
 	return;
 
 tooshort:
@@ -859,7 +863,7 @@ rpl_print(netdissect_options *ndo,
 
 #if 0
 trunc:
-	ND_PRINT((ndo," [|truncated]"));
+	ND_PRINT((ndo, "%s", rpl_tstr));
 	return;
 #endif
 
@@ -1157,7 +1161,7 @@ icmp6_print(netdissect_options *ndo,
                 ND_PRINT((ndo,", length %u", length));
 	return;
 trunc:
-	ND_PRINT((ndo, "[|icmp6]"));
+	ND_PRINT((ndo, "%s", icmp6_tstr));
 }
 
 static const struct udphdr *
@@ -1381,8 +1385,8 @@ icmp6_opt_print(netdissect_options *ndo,
 	}
 	return;
 
- trunc:
-	ND_PRINT((ndo, "[ndp opt]"));
+trunc:
+	ND_PRINT((ndo, "%s", icmp6_tstr));
 	return;
 #undef ECHECK
 }
@@ -1457,7 +1461,7 @@ mldv2_report_print(netdissect_options *n
     }
     return;
 trunc:
-    ND_PRINT((ndo,"[|icmp6]"));
+    ND_PRINT((ndo, "%s", mldv2_tstr));
     return;
 }
 
@@ -1523,7 +1527,7 @@ mldv2_query_print(netdissect_options *nd
     ND_PRINT((ndo,"]"));
     return;
 trunc:
-    ND_PRINT((ndo,"[|icmp6]"));
+    ND_PRINT((ndo, "%s", mldv2_tstr));
     return;
 }
 
@@ -1810,7 +1814,7 @@ icmp6_nodeinfo_print(netdissect_options
 	return;
 
 trunc:
-	ND_PRINT((ndo, "[|icmp6]"));
+	ND_PRINT((ndo, "%s", icmp6_tstr));
 }
 
 static void
@@ -1945,7 +1949,7 @@ icmp6_rrenum_print(netdissect_options *n
 	return;
 
 trunc:
-	ND_PRINT((ndo,"[|icmp6]"));
+	ND_PRINT((ndo, "%s", icmp6_tstr));
 }
 
 /*