src/patches/tcpdump-3.8.2-ldp-dos.patch

   1 borrowed from fedora
   2 fix for CAN-2005-1279
   3
   4 --- tcpdump-3.8.2/print-ldp.c.t4        2003-11-16 10:36:27.000000000 +0100
   5 +++ tcpdump-3.8.2/print-ldp.c           2005-04-28 14:17:15.000000000 +0200
   6 @@ -327,7 +327,8 @@
   7                 LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore");
   8
   9          msg_tptr=tptr+sizeof(struct ldp_msg_header);
  10 -        msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */
  11 +       /* Type & Length fields not included */
  12 +        msg_tlen = (msg_len >= (sizeof(struct ldp_msg_header) + 4)) ? (msg_len - sizeof(struct ldp_msg_header) + 4) : 0;
  13
  14          /* did we capture enough for fully decoding the message ? */
  15          if (!TTEST2(*tptr, msg_len))
  16 @@ -372,8 +373,12 @@
  17              print_unknown_data(tptr+sizeof(sizeof(struct ldp_msg_header)),"\n\t  ",
  18                                 msg_len);
  19
  20 -        tptr+=msg_len;
  21 -        tlen-=msg_len;
  22 +        if(!msg_len)
  23 +            break;
  24 +        else {
  25 +            tptr+=msg_len;
  26 +            tlen-=msg_len;
  27 +        }
  28      }
  29      return;
  30  trunc:
  31 --- tcpdump-3.8.2/print-ascii.c.t4      2003-12-29 12:05:10.000000000 +0100
  32 +++ tcpdump-3.8.2/print-ascii.c 2005-04-28 14:05:42.000000000 +0200
  33 @@ -142,6 +142,9 @@
  34         register int nshorts;
  35
  36         nshorts = (u_int) length / sizeof(u_short);
  37 +        if(!nshorts)
  38 +          return;
  39 +
  40         i = 0;
  41         while (--nshorts >= 0) {
  42                 if ((i++ % 8) == 0) {