From 72d1f5b571c26699186dffbb8b01174179a011c9 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 25 Mar 2015 16:45:43 +0100
Subject: [PATCH 2/4] Fix for CVE-2015-2153
(cherry picked from 1a4e86d0a273cc81b3236d9f8a5f47b586fec84c)
See: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
---
print-rpki-rtr.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/print-rpki-rtr.c b/print-rpki-rtr.c
index c705c05..8f22189 100644
--- a/print-rpki-rtr.c
+++ b/print-rpki-rtr.c
@@ -184,6 +184,7 @@ rpki_rtr_pdu_print (const u_char *tptr, u_int indent)
pdu_header = (rpki_rtr_pdu *)tptr;
pdu_type = pdu_header->pdu_type;
pdu_len = EXTRACT_32BITS(pdu_header->length);
+ TCHECK2(tptr, pdu_len);
hexdump = FALSE;
printf("%sRPKI-RTRv%u, %s PDU (%u), length: %u",
@@ -292,6 +293,7 @@ rpki_rtr_pdu_print (const u_char *tptr, u_int indent)
tptr += 4;
tlen -= 4;
}
+ printf("text_length: %u tlen %u\n", text_length, tlen);
if (text_length && (text_length <= tlen )) {
memcpy(buf, tptr, MIN(sizeof(buf)-1, text_length));
buf[text_length] = '\0';
@@ -312,6 +314,11 @@ rpki_rtr_pdu_print (const u_char *tptr, u_int indent)
if (vflag > 1 || (vflag && hexdump)) {
print_unknown_data(tptr,"\n\t ", pdu_len);
}
+ return;
+
+ trunc:
+ printf("|trunc");
+ return;
}
void
--
2.3.4