From 32af00b05a6ef573d0b340f97b54c13eb9509dc7 Mon Sep 17 00:00:00 2001
From: Pedro Monreal
Date: Thu, 6 Dec 2018 12:18:38 +0100
Subject: [PATCH] CVE-2018-19519 buffer overread. Initialize buf in
Hello community,
here is the log from the commit of package tcpdump for openSUSE:Factory checked in at 2018-12-11 15:45:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tcpdump (Old)
and /work/SRC/openSUSE:Factory/.tcpdump.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tcpdump"
Tue Dec 11 15:45:42 2018 rev:37 rq:655857 version:4.9.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/tcpdump/tcpdump.changes 2017-09-18 19:54:09.085764601 +0200
+++ /work/SRC/openSUSE:Factory/.tcpdump.new.19453/tcpdump.changes 2018-12-11 15:46:16.578309228 +0100
@@ -1,0 +2,7 @@
+Thu Dec 6 11:49:16 UTC 2018 - Pedro Monreal Gonzalez
+
+- Security fix [bsc#1117267, CVE-2018-19519]
+ * Buffer overread in print-hncp.c:print_prefix.
+ * Added patch tcpdump-CVE-2018-19519.patch
+
+-------------------------------------------------------------------
New:
----
tcpdump-CVE-2018-19519.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tcpdump.spec ++++++
--- /var/tmp/diff_new_pack.7l7N34/_old 2018-12-11 15:46:17.186308559 +0100
+++ /var/tmp/diff_new_pack.7l7N34/_new 2018-12-11 15:46:17.190308555 +0100
@@ -1,7 +1,7 @@
#
# spec file for package tcpdump
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -30,6 +30,8 @@
Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test
Patch0: tcpdump-ikev2pI2.patch
+# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
+Patch1: tcpdump-CVE-2018-19519.patch
BuildRequires: libpcap-devel >= %{min_libpcap_version}
BuildRequires: libsmi-devel
BuildRequires: openssl-devel
@@ -43,6 +45,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing"
++++++ tcpdump-CVE-2018-19519.patch ++++++
print-hncp.c:print_prefix.
---
print-hncp.c | 2 ++
1 file changed, 2 insertions(+)
Index: tcpdump-4.9.2/print-hncp.c
===================================================================
--- tcpdump-4.9.2.orig/print-hncp.c
+++ tcpdump-4.9.2/print-hncp.c
@@ -206,6 +206,8 @@ print_prefix(netdissect_options *ndo, co
int plenbytes;
char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")];
+ buf[0] = '\0';
+
if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 &&
is_ipv4_mapped_address(&prefix[1])) {
struct in_addr addr;