tcpreplay/debian/patches/enforce-maxpacket.patch

Subject: tcprewrite: Handle frames of 65535 octets size
ID: CVE-2016-6160
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: Mon Jun 29 17:08:24 2015 +0200
Bug-Debian: https://bugs.debian.org/829350
Last-Update: 2016-07-06

diff --git a/src/defines.h.in b/src/defines.h.in
index 3a1bf1e..5468d14 100644
--- a/src/defines.h.in
+++ b/src/defines.h.in
@@ -104,7 +104,7 @@ typedef struct tcpr_speed_s tcpr_speed_t;
 #define DEFAULT_MTU 1500        /* Max Transmission Unit of standard ethernet
                                  * don't forget *frames* are MTU + L2 header! */
 
-#define MAXPACKET 65535         /* was 16436 linux loopback, but maybe something is bigger then 
+#define MAXPACKET 65549         /* was 16436 linux loopback, but maybe something is bigger then 
                                    linux loopback */
 
 #define MAX_SNAPLEN 65535       /* tell libpcap to capture the entire packet */
diff --git a/src/tcprewrite.c b/src/tcprewrite.c
index 90a6f2e..9c32a5e 100644
--- a/src/tcprewrite.c
+++ b/src/tcprewrite.c
@@ -253,6 +253,8 @@ rewrite_packets(tcpedit_t *tcpedit, pcap_t *pin, pcap_dumper_t *pout)
         packetnum++;
         dbgx(2, "packet " COUNTER_SPEC " caplen %d", packetnum, pkthdr.caplen);
 
+        if (pkthdr.caplen > MAXPACKET)
+            errx(-1, "Frame too big, caplen %d exceeds %d", pkthdr.caplen, MAXPACKET);
         /* 
          * copy over the packet so we can pad it out if necessary and
          * because pcap_next() returns a const ptr