summaryrefslogtreecommitdiffstats
path: root/package/tcpdump/0003-fix-CVE-2014-8768.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/tcpdump/0003-fix-CVE-2014-8768.patch')
-rw-r--r--package/tcpdump/0003-fix-CVE-2014-8768.patch19
1 files changed, 19 insertions, 0 deletions
diff --git a/package/tcpdump/0003-fix-CVE-2014-8768.patch b/package/tcpdump/0003-fix-CVE-2014-8768.patch
new file mode 100644
index 0000000000..a8b82cf701
--- /dev/null
+++ b/package/tcpdump/0003-fix-CVE-2014-8768.patch
@@ -0,0 +1,19 @@
+From https://bugzilla.redhat.com/show_bug.cgi?id=1165161
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+--- tcpdump-tcpdump_4.5/print-geonet.c 2014-02-17 05:58:41.000000000 +0700
++++ print-geonet.c 2014-11-21 10:06:58.590217933 +0700
+@@ -237,6 +237,12 @@
+ printf("Malformed (small) ");
+ }
+
++ /* Checking length before print */
++ u_int caplength;
++ caplength = (ndo->ndo_snapend >= bp) ? ndo->ndo_snapend - bp : 0;
++ if (length > caplength)
++ length = caplength;
++
+ /* Print user data part */
+ if (ndo->ndo_vflag)
+ default_print(bp, length);
OpenPOWER on IntegriCloud