CVE-2017-16808/AoE: Add a missing bounds check.

In aoev1_reserve_print() check bounds before trying to print an Ethernet address. Updated from a Denis Ovsienko's fix. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin.
author: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2019-06-05 14:50:13 +0200
committer: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2019-06-05 16:20:21 +0200
commit: 46aead6c5265e8ae376d2cf274fb2b5195cd6b57 (patch)
tree: 7bc38b8a875e74d05f81c93ce5abddf9fd892b3c /print-aoe.c
parent: 511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 (diff)
download: tcpdump-46aead6c5265e8ae376d2cf274fb2b5195cd6b57.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/print-aoe.c b/print-aoe.c
index cd088671..5acab319 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -328,6 +328,7 @@ aoev1_reserve_print(netdissect_options *ndo,
 		goto invalid;
 	/* addresses */
 	for (i = 0; i < nmacs; i++) {
+		ND_TCHECK_LEN(cp, MAC_ADDR_LEN);
 		ND_PRINT("\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp));
 		cp += MAC_ADDR_LEN;
 	}
author	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2019-06-05 14:50:13 +0200
committer	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2019-06-05 16:20:21 +0200
commit	46aead6c5265e8ae376d2cf274fb2b5195cd6b57 (patch)
tree	7bc38b8a875e74d05f81c93ce5abddf9fd892b3c /print-aoe.c
parent	511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 (diff)
download	tcpdump-46aead6c5265e8ae376d2cf274fb2b5195cd6b57.tar.gz