2 changed files with 5 additions and 131 deletions
--- a/backport-CVE-2018-16301.patch
+++ b/backport-CVE-2018-16301.patch
@ -1,105 +0,0 @@
 From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001
 From: Guy Harris <gharris@sonic.net>
 Date: Wed, 30 Sep 2020 11:37:30 -0700
 Subject: [PATCH] Handle very large -f files by rejecting them.
 _read(), on Windows, has a 32-bit size argument and a 32-bit return
 value, so reject -f files that have more than 2^31-1 characters.
 Add some #defines so that, on Windows, we use _fstati64 to get the size
 of that file, to handle large files.
 Don't assume that our definition for ssize_t is the same size as size_t;
 by the time we want to print the return value of the read, we know it'll
 fit into an int, so just cast it to int and print it with %d.
 (cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77)
 ---
 netdissect-stdinc.h | 16 +++++++++++++++-
 tcpdump.c           | 15 ++++++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)
 diff --git a/netdissect-stdinc.h b/netdissect-stdinc.h
 index 8282c5846..9941c2a16 100644
 --- a/netdissect-stdinc.h
 +++ b/netdissect-stdinc.h
@@ -149,10 +149,17 @@
 #ifdef _MSC_VER
 #define stat _stat
 #define open _open
 -#define fstat _fstat
 #define read _read
 #define close _close
 #define O_RDONLY _O_RDONLY
 +
 +/*
 + * We define our_fstat64 as _fstati64, and define our_statb as
 + * struct _stati64, so we get 64-bit file sizes.
 + */
 +#define our_fstat _fstati64
 +#define our_statb struct _stati64
 +
 #endif  /* _MSC_VER */
 /*
@@ -211,6 +218,13 @@ typedef char* caddr_t;
 #include <arpa/inet.h>
 +/*
 + * We should have large file support enabled, if it's available,
 + * so just use fstat as our_fstat and struct stat as our_statb.
 + */
 +#define our_fstat fstat
 +#define our_statb struct stat
 +
 #endif /* _WIN32 */
 #ifndef HAVE___ATTRIBUTE__
 diff --git a/tcpdump.c b/tcpdump.c
 index 043bda1d7..8f27ba2a4 100644
 --- a/tcpdump.c
 +++ b/tcpdump.c
@@ -108,6 +108,7 @@ The Regents of the University of California.  All rights reserved.\n";
 #endif /* HAVE_CAP_NG_H */
 #endif /* HAVE_LIBCAP_NG */
 +#include "netdissect-stdinc.h"
 #include "netdissect.h"
 #include "interface.h"
 #include "addrtoname.h"
@@ -861,15 +862,22 @@ read_infile(char *fname)
 {
 	register int i, fd, cc;
 	register char *cp;
 -	struct stat buf;
 +	our_statb buf;
 	fd = open(fname, O_RDONLY|O_BINARY);
 	if (fd < 0)
 		error("can't open %s: %s", fname, pcap_strerror(errno));
 -	if (fstat(fd, &buf) < 0)
 +	if (our_fstat(fd, &buf) < 0)
 		error("can't stat %s: %s", fname, pcap_strerror(errno));
 +	/*
 +	 * Reject files whose size doesn't fit into an int; a filter
 +	 * *that* large will probably be too big.
 +	 */
 +	if (buf.st_size > INT_MAX)
 +		error("%s is too large", fname);
 +
 	cp = malloc((u_int)buf.st_size + 1);
 	if (cp == NULL)
 		error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
@@ -878,7 +886,8 @@ read_infile(char *fname)
 	if (cc < 0)
 		error("read %s: %s", fname, pcap_strerror(errno));
 	if (cc != buf.st_size)
 -		error("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
 +		error("short read %s (%d != %d)", fname, (int) cc,
 +		    (int)buf.st_size);
 	close(fd);
 	/* replace "# comment" with spaces */
--- a/tcpdump.spec
+++ b/tcpdump.spec
@ -1,7 +1,7 @@
 Name:           tcpdump
 Epoch:          14
 Version:        4.9.3
-Release:        8
+Release:        5 
 Summary:        A network traffic monitoring tool
 License:        BSD with advertising
 URL:            http://www.tcpdump.org
@ -20,10 +20,9 @@ Patch0009:      0009-Change-n-flag-to-nn-in-TESTonce.patch
 Patch0011:      0011-Evp-cipher-buffers.patch
 Patch0012:      0012-Add-printing-support-for-vsockmon-devices.patch
 Patch0013:	CVE-2020-8037.patch
 Patch0014:      backport-CVE-2018-16301.patch
 Requires(pre):  shadow-utils
-BuildRequires:  automake openssl-devel libpcap-devel git-core gcc chrpath
+BuildRequires:  automake openssl-devel libpcap-devel git-core gcc
 %define tcpslice_dir tcpslice-1.2a3
@ -70,8 +69,6 @@ popd
 install -m755 tcpdump ${RPM_BUILD_ROOT}%{_sbindir}
 install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8
 chrpath -d %{buildroot}%{_sbindir}/tcpdump
 # fix section numbers
 sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \
 	${RPM_BUILD_ROOT}%{_mandir}/man8/*
@ -82,9 +79,6 @@ sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \
 	-d / tcpdump 2> /dev/null
 exit 0
 %check
 make check
 %files
 %doc README.md CHANGES CREDITS
 %license LICENSE
@ -96,26 +90,11 @@ make check
 %{_mandir}/man8/tcpdump.8*
 %changelog
-* Wed Nov 08 2023 xingwei <xingwei14@h-partners.com> - 14:4.9.3-8
+* Mon Dec 21 2020 wangxp006 <wangxp006@163.com> - 4.9.3-5
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:remove rpath
 * Wed Sep 07 2022 gaihuiying <eaglegai@163.com> - 14:4.9.3-7
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:enable check
 * Wed Aug 17 2022 gaihuiying <eaglegai@163.com> - 14:4.9.3-6
 - Type:CVE
- ID:CVE-2018-16301
+- ID:CVE-2020-8037
 - SUG:NA
- DESC:fix CVE-2018-16301
+- DESC:fix CVE-2020-8037
 * Fri May 21 2021 gaihuiying <gaihuiying1@huawei.com> - 4.9.3-5
 - DESC:rebuild 4.9.3-5
 * Mon Dec 21 2020 wangxp006 <wangxp006@163.com> - 4.9.3-4
 - Type:CVE