ppp: use the buffer stack for the de-escaping buffer.
This both saves the buffer for freeing later and saves the packet
pointer and snapend to be restored when packet processing is complete,
even if an exception is thrown with longjmp.
This means that the hex/ASCII printing in pretty_print_packet()
processes the packet data as captured or read from the savefile, rather
than as modified by the PPP printer, so that the bounds checking is
correct.
That fixes CVE-2024-2397, which was caused by an exception being thrown
by the hex/ASCII printer (which should only happen if those routines are
called by a packet printer, not if they're called for the -X/-x/-A
flag), which jumps back to the setjmp() that surrounds the packet
printer. Hilarity^Winfinite looping ensues.
Also, restore ndo->ndo_packetp before calling the hex/ASCII printing
routine, in case nd_pop_all_packet_info() didn't restore it.
(cherry picked from commit
b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2)
projects / tcpdump / commit
