diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2017-03-16 20:41:23 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-03-16 22:10:55 +0100 |
| commit | 62bf2bfd53885fbd62a8e9345c7f3d7a4d619342 (patch) | |
| tree | 8d73aebbeb0d4f620d8f4d3941f0a9b66e7a8646 | |
| parent | a411212d22cb84b92201b5a02ef8b860b0a17280 (diff) | |
| download | buildroot-62bf2bfd53885fbd62a8e9345c7f3d7a4d619342.tar.gz buildroot-62bf2bfd53885fbd62a8e9345c7f3d7a4d619342.zip | |
tcpreplay: patch security issue
Add upstream patch for CVE-2017-6429: Buffer overflow when reading crafted
pcap file with large packets.
https://github.com/appneta/tcpreplay/issues/278
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| -rw-r--r-- | package/tcpreplay/0001-278-fail-if-capture-has-a-packet-that-is-too-large-2.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/package/tcpreplay/0001-278-fail-if-capture-has-a-packet-that-is-too-large-2.patch b/package/tcpreplay/0001-278-fail-if-capture-has-a-packet-that-is-too-large-2.patch new file mode 100644 index 0000000000..233b6d959f --- /dev/null +++ b/package/tcpreplay/0001-278-fail-if-capture-has-a-packet-that-is-too-large-2.patch @@ -0,0 +1,44 @@ +From d689d14dbcd768c028eab2fb378d849e543dcfe9 Mon Sep 17 00:00:00 2001 +From: Fred Klassen <fklassen@appneta.com> +Date: Sun, 26 Feb 2017 20:45:59 -0800 +Subject: [PATCH] #278 fail if capture has a packet that is too large (#286) + +* #278 fail if capture has a packet that is too large + +[baruch: remove the CHANGELOG update] +Signed-off-by: Baruch Siach <baruch@tkos.co.il> +--- +Upstream status: upstream commit d689d14db + +diff --git a/src/tcpcapinfo.c b/src/tcpcapinfo.c +index 775f1625b00f..96928820fe94 100644 +--- a/src/tcpcapinfo.c ++++ b/src/tcpcapinfo.c +@@ -281,6 +281,15 @@ main(int argc, char *argv[]) + caplen = pcap_ph.caplen; + } + ++ if (caplentoobig) { ++ printf("\n\nCapture file appears to be damaged or corrupt.\n" ++ "Contains packet of size %u, bigger than snap length %u\n", ++ caplen, pcap_fh.snaplen); ++ ++ close(fd); ++ break; ++ } ++ + /* check to make sure timestamps don't go backwards */ + if (last_sec > 0 && last_usec > 0) { + if ((pcap_ph.ts.tv_sec == last_sec) ? +@@ -306,7 +315,7 @@ main(int argc, char *argv[]) + } + + close(fd); +- continue; ++ break; + } + + /* print the frame checksum */ +-- +2.11.0 + |
