CVE-2017-16808/AoE: Add a missing bounds check.submit/tizen/20190812.033456

In aoev1_reserve_print() check bounds before trying to print an Ethernet address. Updated from a Denis Ovsienko's fix. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. https://github.com/the-tcpdump-group/tcpdump/commit/28f610026d901660dd370862b62ec328727446a2?diff=split Change-Id: I8d6cbde6e93809124a16fc94d3707ec64bf4417e
author: Seonah Moon <seonah1.moon@samsung.com> 2019-08-12 10:41:04 +0900
committer: Seonah Moon <seonah1.moon@samsung.com> 2019-08-12 10:49:30 +0900
commit: 39bf9a556d721ee33c9e534de77ecd99e8e5bd04 (patch)
tree: cb1baa8f7f91c2abd45e7bc9953f2fe033e7e67b
parent: 9eed4d1d8fc6506c0c95614e4fed662fa69b21a6 (diff)
download: tcpdump-submit/tizen/20190812.033456.tar.gz
tcpdump-submit/tizen/20190812.033456.tar.bz2
tcpdump-submit/tizen/20190812.033456.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/print-aoe.c b/print-aoe.c
index 97e93df..32fa48f 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
 		goto invalid;
 	/* addresses */
 	for (i = 0; i < nmacs; i++) {
+		ND_TCHECK2(cp, ETHER_ADDR_LEN);
 		ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
 		cp += ETHER_ADDR_LEN;
 	}
author	Seonah Moon <seonah1.moon@samsung.com>	2019-08-12 10:41:04 +0900
committer	Seonah Moon <seonah1.moon@samsung.com>	2019-08-12 10:49:30 +0900
commit	39bf9a556d721ee33c9e534de77ecd99e8e5bd04 (patch)
tree	cb1baa8f7f91c2abd45e7bc9953f2fe033e7e67b
parent	9eed4d1d8fc6506c0c95614e4fed662fa69b21a6 (diff)
download	tcpdump-submit/tizen/20190812.033456.tar.gz tcpdump-submit/tizen/20190812.033456.tar.bz2 tcpdump-submit/tizen/20190812.033456.zip