From: Denis Ovsienko <denis@ovsienko.info>
Date: Thu, 31 Aug 2017 20:23:07 +0000 (+0100)
Subject: (for 4.9.3) AoE: Add another bounds check.
X-Git-Tag: tcpdump-4.9.3~90
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/05a303c84c1cb4880eef1a4430df357526c79000

(for 4.9.3) AoE: Add another bounds check.

In aoev1_print() check bounds before fetching the Flags octet to prevent
a buffer over-read.

Found by code inspection hence there is no test case at this time.
---

diff --git a/print-aoe.c b/print-aoe.c
index 2c78a55d..fcb75264 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -351,6 +351,7 @@ aoev1_print(netdissect_options *ndo,
 	if (len < AOEV1_COMMON_HDR_LEN)
 		goto invalid;
 	/* Flags */
+	ND_TCHECK2(*cp, 1);
 	flags = *cp & 0x0F;
 	ND_PRINT((ndo, ", Flags: [%s]", bittok2str(aoev1_flag_str, "none", flags)));
 	cp += 1;