From aa1a18ae17509f67feccf03066c61f3266a44ece Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Sun, 4 Aug 2019 01:46:22 -0500
Subject: user/tcpdump: patch for CVE-2017-16808 (#149)

---
 user/tcpdump/APKBUILD             |  6 +++++-
 user/tcpdump/CVE-2017-16808.patch | 26 ++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 user/tcpdump/CVE-2017-16808.patch

diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD
index 7adeefa35..d273d4acc 100644
--- a/user/tcpdump/APKBUILD
+++ b/user/tcpdump/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Dan Theisen <djt@hxx.in>
 pkgname=tcpdump
 pkgver=4.9.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A tool for network monitoring and data acquisition"
 url="http://www.tcpdump.org"
 arch="all"
@@ -11,12 +11,15 @@ depends=""
 makedepends="libpcap-dev openssl-dev perl"
 subpackages="$pkgname-doc"
 source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
+	CVE-2017-16808.patch
 	CVE-2018-19519.patch
 	"
 
 # secfixes:
 #   4.9.2-r1:
 #     - CVE-2018-19519
+#   4.9.2-r2:
+#     - CVE-2017-16808
 
 build () {
 	cd "$builddir"
@@ -42,4 +45,5 @@ package() {
 }
 
 sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b  tcpdump-4.9.2.tar.gz
+d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4  CVE-2017-16808.patch
 eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e  CVE-2018-19519.patch"
diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch
new file mode 100644
index 000000000..6b41aad8c
--- /dev/null
+++ b/user/tcpdump/CVE-2017-16808.patch
@@ -0,0 +1,26 @@
+From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Thu, 31 Aug 2017 21:15:37 +0100
+Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
+
+In aoev1_reserve_print() check bounds before trying to print an Ethernet
+address.
+
+This fixes a buffer over-read discovered by Bhargava Shastry,
+SecT/TU Berlin.
+---
+ print-aoe.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/print-aoe.c b/print-aoe.c
+index 97e93df2e..2c78a55d3 100644
+--- a/print-aoe.c
++++ b/print-aoe.c
+@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
+ 		goto invalid;
+ 	/* addresses */
+ 	for (i = 0; i < nmacs; i++) {
++		ND_TCHECK2(*cp, ETHER_ADDR_LEN);
+ 		ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
+ 		cp += ETHER_ADDR_LEN;
+ 	}
-- 
cgit v1.2.3-70-g09d2