diff options
| author | Jan Pavlinec <jan.pavlinec@nic.cz> | 2020-11-25 02:04:00 +0100 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2020-11-25 05:49:09 +0100 |
| commit | 5bb3cc749ee0d08d82acda3c084ff759f3829a91 (patch) | |
| tree | 81a658fe9a01986b3b37b55fbcc8ea0c8e49f19e /package | |
| parent | 0c87304d2be2b21788f116a3ecbd4a2ba33bfd4d (diff) | |
| download | upstream-5bb3cc749ee0d08d82acda3c084ff759f3829a91.tar.gz upstream-5bb3cc749ee0d08d82acda3c084ff759f3829a91.tar.bz2 upstream-5bb3cc749ee0d08d82acda3c084ff759f3829a91.zip | |
tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037. This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package')
| -rw-r--r-- | package/network/utils/tcpdump/Makefile | 2 | ||||
| -rw-r--r-- | package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch | 47 |
2 files changed, 48 insertions, 1 deletions
diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile index 09b0b03766..3e4d9d2d73 100644 --- a/package/network/utils/tcpdump/Makefile +++ b/package/network/utils/tcpdump/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpdump PKG_VERSION:=4.9.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.us.tcpdump.org/release/ \ diff --git a/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch b/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch new file mode 100644 index 0000000000..281854777d --- /dev/null +++ b/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch @@ -0,0 +1,47 @@ +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1368,19 +1368,29 @@ trunc: + } + + #ifndef TCPDUMP_MINI ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1389,10 +1399,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; |