Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
tcpdump
tcpdump-CVE-2018-16229.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tcpdump-CVE-2018-16229.patch of Package tcpdump
From 211124b972e74f0da66bc8b16f181f78793e2f66 Mon Sep 17 00:00:00 2001 From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> Date: Mon, 21 May 2018 09:25:15 +0200 Subject: [PATCH] (for 4.9.3) CVE-2018-16229/DCCP: Fix printing "Timestamp" and "Timestamp Echo" options Add some comments. Moreover: Put a function definition name at the beginning of the line. (This change was ported from commit 6df4852 in the master branch.) Ryan Ackroyd had independently identified this buffer over-read later by means of fuzzing and provided the packet capture file for the test. --- print-dccp.c | 53 ++++++++++++++++++++++++++++++----- tests/TESTLIST | 1 + tests/dccp_options-oobr.out | 19 +++++++++++++ tests/dccp_options-oobr.pcap | Bin 0 -> 3298 bytes 4 files changed, 66 insertions(+), 7 deletions(-) create mode 100644 tests/dccp_options-oobr.out create mode 100644 tests/dccp_options-oobr.pcap diff --git a/print-dccp.c b/print-dccp.c index 6e2526427..bc3feb7c1 100644 --- a/print-dccp.c +++ b/print-dccp.c @@ -530,7 +530,8 @@ static const struct tok dccp_option_values[] = { { 0, NULL } }; -static int dccp_print_option(netdissect_options *ndo, const u_char *option, u_int hlen) +static int +dccp_print_option(netdissect_options *ndo, const u_char *option, u_int hlen) { uint8_t optlen, i; @@ -623,16 +624,54 @@ static int dccp_print_option(netdissect_options *ndo, const u_char *option, u_in } break; case 41: - if (optlen == 4) + /* + * 13.1. Timestamp Option + * + * +--------+--------+--------+--------+--------+--------+ + * |00101001|00000110| Timestamp Value | + * +--------+--------+--------+--------+--------+--------+ + * Type=41 Length=6 + */ + if (optlen == 6) ND_PRINT((ndo, " %u", EXTRACT_32BITS(option + 2))); else - ND_PRINT((ndo, " optlen != 4")); + ND_PRINT((ndo, " [optlen != 6]")); break; case 42: - if (optlen == 4) + /* + * 13.3. Timestamp Echo Option + * + * +--------+--------+--------+--------+--------+--------+ + * |00101010|00000110| Timestamp Echo | + * +--------+--------+--------+--------+--------+--------+ + * Type=42 Len=6 + * + * +--------+--------+------- ... -------+--------+--------+ + * |00101010|00001000| Timestamp Echo | Elapsed Time | + * +--------+--------+------- ... -------+--------+--------+ + * Type=42 Len=8 (4 bytes) + * + * +--------+--------+------- ... -------+------- ... -------+ + * |00101010|00001010| Timestamp Echo | Elapsed Time | + * +--------+--------+------- ... -------+------- ... -------+ + * Type=42 Len=10 (4 bytes) (4 bytes) + */ + switch (optlen) { + case 6: ND_PRINT((ndo, " %u", EXTRACT_32BITS(option + 2))); - else - ND_PRINT((ndo, " optlen != 4")); + break; + case 8: + ND_PRINT((ndo, " %u", EXTRACT_32BITS(option + 2))); + ND_PRINT((ndo, " (elapsed time %u)", EXTRACT_16BITS(option + 6))); + break; + case 10: + ND_PRINT((ndo, " %u", EXTRACT_32BITS(option + 2))); + ND_PRINT((ndo, " (elapsed time %u)", EXTRACT_32BITS(option + 6))); + break; + default: + ND_PRINT((ndo, " [optlen != 6 or 8 or 10]")); + break; + } break; case 43: if (optlen == 6) @@ -640,7 +679,7 @@ static int dccp_print_option(netdissect_options *ndo, const u_char *option, u_in else if (optlen == 4) ND_PRINT((ndo, " %u", EXTRACT_16BITS(option + 2))); else - ND_PRINT((ndo, " optlen != 4 or 6")); + ND_PRINT((ndo, " [optlen != 4 or 6]")); break; case 44: if (optlen > 2) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor