From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Wed, 5 Jun 2019 12:50:13 +0000 (+0200)
Subject: CVE-2017-16808/AoE: Add a missing bounds check.
X-Git-Tag: tcpdump-4.99-bp~762
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/46aead6c5265e8ae376d2cf274fb2b5195cd6b57

CVE-2017-16808/AoE: Add a missing bounds check.

In aoev1_reserve_print() check bounds before trying to print an Ethernet
address.

Updated from a Denis Ovsienko's fix.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
---

diff --git a/print-aoe.c b/print-aoe.c
index cd088671..5acab319 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -328,6 +328,7 @@ aoev1_reserve_print(netdissect_options *ndo,
 		goto invalid;
 	/* addresses */
 	for (i = 0; i < nmacs; i++) {
+		ND_TCHECK_LEN(cp, MAC_ADDR_LEN);
 		ND_PRINT("\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp));
 		cp += MAC_ADDR_LEN;
 	}