From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Tue, 29 Oct 2019 15:54:13 +0000 (+0100)
Subject: sFlow: Add a test capture file
X-Git-Tag: tcpdump-4.99-bp~617
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/c5a34f01b4d03a0c24f9abb57f0db45c502aceb5

sFlow: Add a test capture file

This capture file triggered a buffer over-read with the 4.9.2 release
fixed in the 4.9.3 release.

The problem was fixed in master branch by commit
09822d484b0f26d197a1ea8fdf81ca6e0d698634.

Update the output of the test accordingly.

Update from b35eb4c1630d2e40a9e25dd873c572e1aec43910
in 4.9 branch.
---

diff --git a/tests/TESTLIST b/tests/TESTLIST
index c895f5be..43c8a4e1 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -743,3 +743,6 @@ arista-ether-ev          arista_ether.pcap        arista_ether-ev.out      -ev
 
 # TIPC length field test
 huge-tipc-messages	huge-tipc-messages.pcap	huge-tipc-messages.out
+
+# CVE-2018-10105 bad packets from Luis Rocha
+sflow_print-segv sflow_print-segv.pcap sflow_print-segv.out -v
diff --git a/tests/sflow_print-segv.out b/tests/sflow_print-segv.out
new file mode 100644
index 00000000..a392c442
--- /dev/null
+++ b/tests/sflow_print-segv.out
@@ -0,0 +1,2 @@
+    1  17:04:53.834750 IP (tos 0x0, ttl 64, id 60790, offset 0, flags [none], proto UDP (17), length 896, bad cksum 72f3 (->72f7)!)
+    10.0.0.250.3895 > 10.1.2.5.6343: sFlowv5 [length 8 < 28] (invalid)
diff --git a/tests/sflow_print-segv.pcap b/tests/sflow_print-segv.pcap
new file mode 100644
index 00000000..60b2869e
Binary files /dev/null and b/tests/sflow_print-segv.pcap differ