489848b1fa
Fixes: CVE-2014-8767 - denial of service in verbose mode using malformed OLSR payload OLSR payload CVE-2014-8768 - denial of service in verbose mode using malformed Geonet payload CVE-2014-8769 - unreliable output using malformed AOVD payload Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
20 lines
563 B
Diff
20 lines
563 B
Diff
From https://bugzilla.redhat.com/show_bug.cgi?id=1165161
|
|
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
|
|
--- tcpdump-tcpdump_4.5/print-geonet.c 2014-02-17 05:58:41.000000000 +0700
|
|
+++ print-geonet.c 2014-11-21 10:06:58.590217933 +0700
|
|
@@ -237,6 +237,12 @@
|
|
printf("Malformed (small) ");
|
|
}
|
|
|
|
+ /* Checking length before print */
|
|
+ u_int caplength;
|
|
+ caplength = (ndo->ndo_snapend >= bp) ? ndo->ndo_snapend - bp : 0;
|
|
+ if (length > caplength)
|
|
+ length = caplength;
|
|
+
|
|
/* Print user data part */
|
|
if (ndo->ndo_vflag)
|
|
default_print(bp, length);
|