Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
tcpdump
tcpdump-CVE-2019-15166.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tcpdump-CVE-2019-15166.patch of Package tcpdump
From 0b661e0aa61850234b64394585cf577aac570bf4 Mon Sep 17 00:00:00 2001 From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> Date: Tue, 17 Oct 2017 22:40:13 +0200 Subject: [PATCH] (for 4.9.3) LMP: Add some missing bounds checks In lmp_print_data_link_subobjs(), these problems were identified through code review. Moreover: Add and use tstr[]. Update two tests outputs accordingly. --- print-lmp.c | 9 ++++++++- tests/lmp-lmp_print_data_link_subobjs-oobr.out | 6 ++---- tests/lmpv1_busyloop.out | 3 +-- 3 files changed, 11 insertions(+), 7 deletions(-) Index: tcpdump-4.9.2/print-lmp.c =================================================================== --- tcpdump-4.9.2.orig/print-lmp.c +++ tcpdump-4.9.2/print-lmp.c @@ -31,6 +31,8 @@ #include "addrtoname.h" #include "gmpls.h" +static const char tstr[] = " [|LMP]"; + /* * LMP common header * @@ -367,6 +369,7 @@ lmp_print_data_link_subobjs(netdissect_o } bw; while (total_subobj_len > 0 && hexdump == FALSE ) { + ND_TCHECK_16BITS(obj_tptr + offset); subobj_type = EXTRACT_8BITS(obj_tptr+offset); subobj_len = EXTRACT_8BITS(obj_tptr+offset+1); ND_PRINT((ndo, "\n\t Subobject, Type: %s (%u), Length: %u", @@ -389,25 +392,29 @@ lmp_print_data_link_subobjs(netdissect_o } switch(subobj_type) { case INT_SWITCHING_TYPE_SUBOBJ: + ND_TCHECK_8BITS(obj_tptr + offset + 2); ND_PRINT((ndo, "\n\t Switching Type: %s (%u)", tok2str(gmpls_switch_cap_values, "Unknown", EXTRACT_8BITS(obj_tptr+offset+2)), - EXTRACT_8BITS(obj_tptr+offset+2))); + EXTRACT_8BITS(obj_tptr+offset+2))); + ND_TCHECK_8BITS(obj_tptr + offset + 3); ND_PRINT((ndo, "\n\t Encoding Type: %s (%u)", tok2str(gmpls_encoding_values, "Unknown", EXTRACT_8BITS(obj_tptr+offset+3)), - EXTRACT_8BITS(obj_tptr+offset+3))); + EXTRACT_8BITS(obj_tptr+offset+3))); ND_TCHECK_32BITS(obj_tptr + offset + 4); bw.i = EXTRACT_32BITS(obj_tptr+offset+4); ND_PRINT((ndo, "\n\t Min Reservable Bandwidth: %.3f Mbps", bw.f*8/1000000)); + ND_TCHECK_32BITS(obj_tptr + offset + 8); bw.i = EXTRACT_32BITS(obj_tptr+offset+8); ND_PRINT((ndo, "\n\t Max Reservable Bandwidth: %.3f Mbps", bw.f*8/1000000)); break; case WAVELENGTH_SUBOBJ: + ND_TCHECK_32BITS(obj_tptr + offset + 4); ND_PRINT((ndo, "\n\t Wavelength: %u", EXTRACT_32BITS(obj_tptr+offset+4))); break; @@ -1141,7 +1148,7 @@ lmp_print(netdissect_options *ndo, } return; trunc: - ND_PRINT((ndo, "\n\t\t packet exceeded snapshot")); + ND_PRINT((ndo, "%s", tstr)); } /* * Local Variables: Index: tcpdump-4.9.2/tests/lmpv1_busyloop.out =================================================================== --- tcpdump-4.9.2.orig/tests/lmpv1_busyloop.out +++ tcpdump-4.9.2/tests/lmpv1_busyloop.out @@ -38,5 +38,4 @@ 0x01d0: 0200 0200 0002 0002 0000 0200 0200 0002 0x01e0: 0002 0000 0200 0200 0002 0002 0000 0200 0x01f0: 0200 0002 0002 0000 0200 0200 0002 0002 - Unknown Object (0), Class-Type: Unknown (0) Flags: [non-negotiable], length: 512 - packet exceeded snapshot + Unknown Object (0), Class-Type: Unknown (0) Flags: [non-negotiable], length: 512 [|LMP]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor