Fix CVE-2017-11541

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541

Patch copied from upstream source repository:

https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280

From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Tue, 7 Feb 2017 11:40:36 -0800
Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before
 checking for a NUL terminator.

safeputs() doesn't do packet bounds checking of its own; it assumes that
the caller has checked the availability in the packet data of all maxlen
bytes of data.  This means we should check that we're within the
specified limit before looking at the byte.

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).
---
 tests/TESTLIST            |   1 +
 tests/hoobr_safeputs.out  |   2 ++
 tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes
 util-print.c              |   2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 tests/hoobr_safeputs.out
 create mode 100644 tests/hoobr_safeputs.pcap

diff --git a/util-print.c b/util-print.c
index 394e7d59..ec3e8de8 100644
--- a/util-print.c
+++ b/util-print.c
@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo,
 {
 	u_int idx = 0;
 
-	while (*s && idx < maxlen) {
+	while (idx < maxlen && *s) {
 		safeputchar(ndo, *s);
 		idx++;
 		s++;
-- 
2.14.1