package/tcpdump/0002-fix-CVE-2014-8767.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

From https://bugzilla.redhat.com/show_bug.cgi?id=1165160

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

--- tcpdump-tcpdump-4.6/print-olsr.c	2014-10-23 14:07:12.000000000 +0700
+++ tcpdump-4.6.2/print-olsr.c	2014-11-21 14:56:18.205542679 +0700
@@ -234,6 +234,13 @@
     ND_PRINT((ndo, "\n\t      neighbor\n\t\t"));
     neighbor = 1;
 
+    u_int caplength;
+
+    /* Checking length of available data before print */
+    caplength = (ndo->ndo_snapend >= msg_data) ? ndo->ndo_snapend - msg_data : 0;
+    if (hello_len > caplength)
+        hello_len = caplength;
+
     while (hello_len >= sizeof(struct in_addr)) {
 
         /* print 4 neighbors per line */