sFlow: Add a test capture file

This capture file triggered a buffer over-read with the 4.9.2 release
fixed in the 4.9.3 release.

The problem was fixed in master branch by commit
09822d484b0f26d197a1ea8fdf81ca6e0d698634.

Update the output of the test accordingly.

Update from b35eb4c1630d2e40a9e25dd873c572e1aec43910
in 4.9 branch.

diff --git a/tests/TESTLIST b/tests/TESTLIST
index c895f5be0d9cfa6c0b7a930f9d4683da2a24d504..43c8a4e135b9784be4a0ea993c2adb24109310f5 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -743,3 +743,6 @@ arista-ether-ev          arista_ether.pcap        arista_ether-ev.out      -ev
 
 # TIPC length field test
 huge-tipc-messages     huge-tipc-messages.pcap huge-tipc-messages.out
+
+# CVE-2018-10105 bad packets from Luis Rocha
+sflow_print-segv sflow_print-segv.pcap sflow_print-segv.out -v

diff --git a/tests/sflow_print-segv.out b/tests/sflow_print-segv.out
new file mode 100644 (file)
index 0000000..a392c44
--- /dev/null
+++ b/tests/sflow_print-segv.out
@@ -0,0 +1,2 @@
+    1  17:04:53.834750 IP (tos 0x0, ttl 64, id 60790, offset 0, flags [none], proto UDP (17), length 896, bad cksum 72f3 (->72f7)!)
+    10.0.0.250.3895 > 10.1.2.5.6343: sFlowv5 [length 8 < 28] (invalid)

diff --git a/tests/sflow_print-segv.pcap b/tests/sflow_print-segv.pcap
new file mode 100644 (file)
index 0000000..60b2869
Binary files /dev/null and b/tests/sflow_print-segv.pcap differ