From 39bf9a556d721ee33c9e534de77ecd99e8e5bd04 Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Mon, 12 Aug 2019 10:41:04 +0900
Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.

In aoev1_reserve_print() check bounds before trying to print an Ethernet
address.

Updated from a Denis Ovsienko's fix.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

https://github.com/the-tcpdump-group/tcpdump/commit/28f610026d901660dd370862b62ec328727446a2?diff=split

Change-Id: I8d6cbde6e93809124a16fc94d3707ec64bf4417e
---
 print-aoe.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/print-aoe.c b/print-aoe.c
index 97e93df..32fa48f 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
 		goto invalid;
 	/* addresses */
 	for (i = 0; i < nmacs; i++) {
+		ND_TCHECK2(cp, ETHER_ADDR_LEN);
 		ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
 		cp += ETHER_ADDR_LEN;
 	}
-- 
2.7.4