Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
tcpdump
tcpdump-CVE-2018-14470.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tcpdump-CVE-2018-14470.patch of Package tcpdump
From 12f66f69f7bf1ec1266ddbee90a7616cbf33696b Mon Sep 17 00:00:00 2001 From: Denis Ovsienko <denis@ovsienko.info> Date: Tue, 12 Sep 2017 10:59:16 +0100 Subject: [PATCH] (for 4.9.3) CVE-2018-14470/Babel: fix an existing length check In babel_print_v2() the non-verbose branch for an Update TLV compared the TLV Length against 1 instead of 10 (probably a typo), put it right. This fixes a buffer over-read discovered by Henri Salo from Nixu Corporation. Add a test using the capture file supplied by the reporter(s). --- print-babel.c | 2 +- tests/TESTLIST | 1 + tests/babel_update_oobr.out | 66 +++++++++++++++++++++++++++++++++++ tests/babel_update_oobr.pcap | Bin 0 -> 9888 bytes 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 tests/babel_update_oobr.out create mode 100644 tests/babel_update_oobr.pcap diff --git a/print-babel.c b/print-babel.c index f8741d7bf..1a31f2a3c 100644 --- a/print-babel.c +++ b/print-babel.c @@ -480,7 +480,7 @@ babel_print_v2(netdissect_options *ndo, case MESSAGE_UPDATE: { if (!ndo->ndo_vflag) { ND_PRINT((ndo, " update")); - if(len < 1) + if(len < 10) ND_PRINT((ndo, "/truncated")); else ND_PRINT((ndo, "%s%s%s",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor