Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
tcpdump
tcpdump-CVE-2018-16227.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tcpdump-CVE-2018-16227.patch of Package tcpdump
From 4846b3c5d0a850e860baf4f07340495d29837d09 Mon Sep 17 00:00:00 2001 From: Denis Ovsienko <denis@ovsienko.info> Date: Wed, 29 Aug 2018 00:38:40 +0100 Subject: [PATCH] (for 4.9.3) CVE-2018-16227/IEEE 802.11: add a missing bounds check ieee802_11_print() tried to access the Mesh Flags subfield of the Mesh Control field to find the size of the latter and increment the expected 802.11 header length before checking it is fully present in the input buffer. Add an intermediate bounds check to make it safe. This fixes a buffer over-read discovered by Ryan Ackroyd. Add a test using the capture file supplied by the reporter(s). --- print-802_11.c | 4 ++++ tests/TESTLIST | 3 +++ tests/ieee802.11_meshhdr-oobr.out | 1 + tests/ieee802.11_meshhdr-oobr.pcap | Bin 0 -> 867 bytes 4 files changed, 8 insertions(+) create mode 100644 tests/ieee802.11_meshhdr-oobr.out create mode 100644 tests/ieee802.11_meshhdr-oobr.pcap diff --git a/print-802_11.c b/print-802_11.c index 7c65941ae..50a3e9f59 100644 --- a/print-802_11.c +++ b/print-802_11.c @@ -2058,6 +2058,10 @@ ieee802_11_print(netdissect_options *ndo, hdrlen = roundup2(hdrlen, 4); if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA && DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { + if (caplen < hdrlen + 1) { + ND_PRINT((ndo, "%s", tstr)); + return hdrlen; + } meshdrlen = extract_mesh_header_length(p+hdrlen); hdrlen += meshdrlen; } else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor