Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
tcpdump.17078
tcpdump-CVE-2018-14467.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tcpdump-CVE-2018-14467.patch of Package tcpdump.17078
From e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9 Mon Sep 17 00:00:00 2001 From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> Date: Sun, 8 Oct 2017 13:38:50 +0200 Subject: [PATCH] (for 4.9.3) CVE-2018-14467/BGP: Fix BGP_CAPCODE_MP. Add a bounds check and a comment to bgp_capabilities_print(). This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s). --- print-bgp.c | 2 ++ tests/TESTLIST | 1 + tests/bgp-bgp_capabilities_print-oobr-2.out | 26 +++++++++++++++++++ tests/bgp-bgp_capabilities_print-oobr-2.pcap | Bin 0 -> 274 bytes 4 files changed, 29 insertions(+) create mode 100644 tests/bgp-bgp_capabilities_print-oobr-2.out create mode 100644 tests/bgp-bgp_capabilities_print-oobr-2.pcap diff --git a/print-bgp.c b/print-bgp.c index 1438915a4..71bb5a76e 100644 --- a/print-bgp.c +++ b/print-bgp.c @@ -2342,6 +2342,8 @@ bgp_capabilities_print(netdissect_options *ndo, ND_TCHECK2(opt[i+2], cap_len); switch (cap_type) { case BGP_CAPCODE_MP: + /* AFI (16 bits), Reserved (8 bits), SAFI (8 bits) */ + ND_TCHECK_8BITS(opt + i + 5); ND_PRINT((ndo, "\n\t\tAFI %s (%u), SAFI %s (%u)", tok2str(af_values, "Unknown", EXTRACT_16BITS(opt+i+2)),
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor