From 68add83a26bd018b5395c5e3692a066180413862 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 15 Mar 2007 12:20:46 +0000 Subject: [PATCH] - fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218) - spec cleanup (#226481) Resolves: #232349 #226481 --- tcpdump-3.9.5-80211.patch | 17 +++++++++++++++++ tcpdump.spec | 20 ++++++++++++++------ 2 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 tcpdump-3.9.5-80211.patch diff --git a/tcpdump-3.9.5-80211.patch b/tcpdump-3.9.5-80211.patch new file mode 100644 index 0000000..20ecb17 --- /dev/null +++ b/tcpdump-3.9.5-80211.patch @@ -0,0 +1,17 @@ +Index: tcpdump/print-802_11.c +=================================================================== +RCS file: /tcpdump/master/tcpdump/print-802_11.c,v +retrieving revision 1.42 +retrieving revision 1.43 +diff -u -r1.42 -r1.43 +--- tcpdump/print-802_11.c 13 Jun 2006 22:25:30 -0000 1.42 ++++ tcpdump/print-802_11.c 1 Feb 2007 02:18:18 -0000 1.43 +@@ -264,7 +264,7 @@ + + if (pbody->tim.length <= 3) + break; +- if (pbody->rates.length > sizeof pbody->tim.bitmap) ++ if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap) + return; + if (!TTEST2(*(p + offset), pbody->tim.length - 3)) + return; diff --git a/tcpdump.spec b/tcpdump.spec index 7e78b4a..82413ce 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 Version: 3.9.5 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD URL: http://www.tcpdump.org Group: Applications/Internet @@ -18,6 +18,7 @@ Patch3: tcpdump-3.9.4-ring-buffers.patch Patch4: tcpdump-3.9.5-nolocalpcap.patch Patch5: tcpdump-3.6.2-tcpslice-time.patch Patch6: tcpslice-CVS.20010207-bpf.patch +Patch7: tcpdump-3.9.5-80211.patch %define tcpslice_dir tcpslice @@ -38,11 +39,14 @@ Install tcpdump if you need a program to monitor network traffic. %patch4 -p1 -b .nolocalpcap %patch5 -p1 -b .tcpslicetime %patch6 -p0 -b .bpf +%patch7 -p1 -b .80211 + +find . -name '*.c' -o -name '*.h' | xargs chmod 644 %build pushd %tcpslice_dir %configure -make +make %{?_smp_mflags} popd %configure --with-user=tcpdump @@ -80,6 +84,10 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Thu Mar 15 2007 Miroslav Lichvar - 14:3.9.5-3 +- fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218) +- spec cleanup (#226481) + * Tue Dec 12 2006 Miroslav Lichvar - 14:3.9.5-2 - use tcpdump user, fix scriptlet (#219268) @@ -313,12 +321,12 @@ exit 0 * Sat Apr 14 2001 Pekka Savola - fix building of tcpslice on glibc 2.2.2 (time.h) -- disable /etc/init.d requirement and fix %post scripts in arpwatch +- disable /etc/init.d requirement and fix %%post scripts in arpwatch * Wed Feb 14 2001 Harald Hoyer - glibc sys/time -> time include patch -* Wed Feb 7 2001 Trond Eivind Glomsrød +* Wed Feb 7 2001 Trond Eivind Glomsrød - Add space to this check * Wed Feb 07 2001 Harald Hoyer @@ -328,7 +336,7 @@ exit 0 - update to 3.6.2, 0.6.2 and new CVS of tcpslice. - i18n'ize arpwatch init script -* Fri Feb 2 2001 Trond Eivind Glomsrød +* Fri Feb 2 2001 Trond Eivind Glomsrød - i18nize initscript * Mon Jan 29 2001 Harald Hoyer @@ -490,7 +498,7 @@ exit 0 * Tue Oct 21 1997 Erik Troan - updated to release 3.4a5 -- uses a buildroot and %attr +- uses a buildroot and %%attr * Thu Jul 17 1997 Erik Troan - built against glibc