Module Name:	src
Committed By:	drochner
Date:		Fri Jul 20 17:12:37 UTC 2007

Modified Files:
	src/dist/tcpdump: print-bgp.c

Log Message:
Fix a possible integer overflow in buffer length calculation due to
insufficient check of snprintf()'s return value, see gentoo bug #184815.
The exploit provided appearently doesn't trigger the overflow in
NetBSD; this might be due to different error return behavior of snprintf
implementations, or due to the fact that out tcpdump is still 3.8.3
while the bug was reported against 3.9.x. The fix looks correct in any
case.
The exploit caused an endless loop at another place instead, due
to an obvious bug, so fix this too.
Also apply another patch which was applied to the 3.8 branch upstream
but never released: rev. 1.72.2.5, infinite loop protection for ldp and bgp

We should update tcpdump to 3.9.x.


To generate a diff of this commit:
cvs rdiff -r1.5 -r1.6 src/dist/tcpdump/print-bgp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.