38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
Fix CVE-2017-11542:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
|
|
|
|
From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001
|
|
From: Guy Harris <guy@alum.mit.edu>
|
|
Date: Tue, 7 Feb 2017 11:10:04 -0800
|
|
Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check.
|
|
|
|
This fixes a buffer over-read discovered by Kamil Frankowicz.
|
|
|
|
Add a test using the capture file supplied by the reporter(s).
|
|
---
|
|
print-pim.c | 1 +
|
|
tests/TESTLIST | 1 +
|
|
tests/hoobr_pimv1.out | 25 +++++++++++++++++++++++++
|
|
tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes
|
|
4 files changed, 27 insertions(+)
|
|
create mode 100644 tests/hoobr_pimv1.out
|
|
create mode 100644 tests/hoobr_pimv1.pcap
|
|
|
|
diff --git a/print-pim.c b/print-pim.c
|
|
index 25525953..ed880ae7 100644
|
|
--- a/print-pim.c
|
|
+++ b/print-pim.c
|
|
@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,
|
|
pimv1_join_prune_print(ndo, &bp[8], len - 8);
|
|
break;
|
|
}
|
|
+ ND_TCHECK(bp[4]);
|
|
if ((bp[4] >> 4) != 1)
|
|
ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
|
|
return;
|