diff options
| author | Leo Famulari <leo@famulari.name> | 2017-09-05 12:56:00 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-09-05 14:53:50 -0400 |
| commit | 514c2f480643c3481498b4a3ad32d6e6351260ff (patch) | |
| tree | 616d91dbd396aee3c397eeb3268c08da7229a122 /gnu/packages/patches/tcpdump-CVE-2017-11541.patch | |
| parent | 0cae36b5e5bd88eefea30b122acd41290a966980 (diff) | |
gnu: tcpdump: Fix CVE-2017-[11541,11542,11543].
* gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
gnu/packages/patches/tcpdump-CVE-2017-11542.patch
gnu/packages/patches/tcpdump-CVE-2017-11543.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/admin.scm (tcpdump)[source]: Use them.
Diffstat (limited to 'gnu/packages/patches/tcpdump-CVE-2017-11541.patch')
| -rw-r--r-- | gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch new file mode 100644 index 0000000000..a9fc632dc2 --- /dev/null +++ b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch @@ -0,0 +1,47 @@ +Fix CVE-2017-11541 + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 + +Patch copied from upstream source repository: + +https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 + +From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001 +From: Guy Harris <guy@alum.mit.edu> +Date: Tue, 7 Feb 2017 11:40:36 -0800 +Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before + checking for a NUL terminator. + +safeputs() doesn't do packet bounds checking of its own; it assumes that +the caller has checked the availability in the packet data of all maxlen +bytes of data. This means we should check that we're within the +specified limit before looking at the byte. + +This fixes a buffer over-read discovered by Kamil Frankowicz. + +Add a test using the capture file supplied by the reporter(s). +--- + tests/TESTLIST | 1 + + tests/hoobr_safeputs.out | 2 ++ + tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes + util-print.c | 2 +- + 4 files changed, 4 insertions(+), 1 deletion(-) + create mode 100644 tests/hoobr_safeputs.out + create mode 100644 tests/hoobr_safeputs.pcap + +diff --git a/util-print.c b/util-print.c +index 394e7d59..ec3e8de8 100644 +--- a/util-print.c ++++ b/util-print.c +@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo, + { + u_int idx = 0; + +- while (*s && idx < maxlen) { ++ while (idx < maxlen && *s) { + safeputchar(ndo, *s); + idx++; + s++; +-- +2.14.1 + |