489848b1fa
Fixes: CVE-2014-8767 - denial of service in verbose mode using malformed OLSR payload OLSR payload CVE-2014-8768 - denial of service in verbose mode using malformed Geonet payload CVE-2014-8769 - unreliable output using malformed AOVD payload Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
21 lines
675 B
Diff
21 lines
675 B
Diff
From https://bugzilla.redhat.com/show_bug.cgi?id=1165160
|
|
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
|
|
--- tcpdump-tcpdump-4.6/print-olsr.c 2014-10-23 14:07:12.000000000 +0700
|
|
+++ tcpdump-4.6.2/print-olsr.c 2014-11-21 14:56:18.205542679 +0700
|
|
@@ -234,6 +234,13 @@
|
|
ND_PRINT((ndo, "\n\t neighbor\n\t\t"));
|
|
neighbor = 1;
|
|
|
|
+ u_int caplength;
|
|
+
|
|
+ /* Checking length of available data before print */
|
|
+ caplength = (ndo->ndo_snapend >= msg_data) ? ndo->ndo_snapend - msg_data : 0;
|
|
+ if (hello_len > caplength)
|
|
+ hello_len = caplength;
|
|
+
|
|
while (hello_len >= sizeof(struct in_addr)) {
|
|
|
|
/* print 4 neighbors per line */
|