mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-23 19:19:20 -05:00
514c2f4806
* gnu/packages/patches/tcpdump-CVE-2017-11541.patch, gnu/packages/patches/tcpdump-CVE-2017-11542.patch gnu/packages/patches/tcpdump-CVE-2017-11543.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/admin.scm (tcpdump)[source]: Use them.
47 lines
1.4 KiB
Diff
47 lines
1.4 KiB
Diff
Fix CVE-2017-11541
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
|
|
|
|
From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001
|
|
From: Guy Harris <guy@alum.mit.edu>
|
|
Date: Tue, 7 Feb 2017 11:40:36 -0800
|
|
Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before
|
|
checking for a NUL terminator.
|
|
|
|
safeputs() doesn't do packet bounds checking of its own; it assumes that
|
|
the caller has checked the availability in the packet data of all maxlen
|
|
bytes of data. This means we should check that we're within the
|
|
specified limit before looking at the byte.
|
|
|
|
This fixes a buffer over-read discovered by Kamil Frankowicz.
|
|
|
|
Add a test using the capture file supplied by the reporter(s).
|
|
---
|
|
tests/TESTLIST | 1 +
|
|
tests/hoobr_safeputs.out | 2 ++
|
|
tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes
|
|
util-print.c | 2 +-
|
|
4 files changed, 4 insertions(+), 1 deletion(-)
|
|
create mode 100644 tests/hoobr_safeputs.out
|
|
create mode 100644 tests/hoobr_safeputs.pcap
|
|
|
|
diff --git a/util-print.c b/util-print.c
|
|
index 394e7d59..ec3e8de8 100644
|
|
--- a/util-print.c
|
|
+++ b/util-print.c
|
|
@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo,
|
|
{
|
|
u_int idx = 0;
|
|
|
|
- while (*s && idx < maxlen) {
|
|
+ while (idx < maxlen && *s) {
|
|
safeputchar(ndo, *s);
|
|
idx++;
|
|
s++;
|
|
--
|
|
2.14.1
|
|
|