new file mode 100644

@@ -0,0 +1,73 @@

+diff -dupr a/print-pim.c b/print-pim.c

+--- a/print-pim.c	2017-07-22 16:33:48.000000000 -0700

+@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,

+ 			pimv1_join_prune_print(ndo, &bp[8], len - 8);

+ 		break;

+ 	}

++	ND_TCHECK(bp[4]);

+ 	if ((bp[4] >> 4) != 1)

+ 		ND_PRINT((ndo, " [v%d]", bp[4] >> 4));

+ 	return;

+diff -dupr a/print-sl.c b/print-sl.c

+--- a/print-sl.c	2017-07-22 16:33:48.000000000 -0700

+@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo,

+ 	u_int hlen;

+ 

+ 	dir = p[SLX_DIR];

+-	ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O "));

+-

++	switch (dir) {

++ 

++ 	case SLIPDIR_IN:

++ 		ND_PRINT((ndo, "I "));

++ 		break;

++ 

++ 	case SLIPDIR_OUT:

++ 		ND_PRINT((ndo, "O "));

++ 		break;

++ 

++ 	default:

++ 		ND_PRINT((ndo, "Invalid direction %d ", dir));

++ 		dir = -1;

++ 		break;

++ 	}

+ 	if (ndo->ndo_nflag) {

+ 		/* XXX just dump the header */

+ 		register int i;

+@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo,

+ 		 * has restored the IP header copy to IPPROTO_TCP.

+ 		 */

+ 		lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p;

++		ND_PRINT((ndo, "utcp %d: ", lastconn));

++ 		if (dir == -1) {

++ 			/* Direction is bogus, don't use it */

++ 			return;

++ 		}

+ 		hlen = IP_HL(ip);

+ 		hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]);

+ 		lastlen[dir][lastconn] = length - (hlen << 2);

+-		ND_PRINT((ndo, "utcp %d: ", lastconn));

+ 		break;

+ 

+ 	default:

++		if (dir == -1) {

++ 			/* Direction is bogus, don't use it */

++ 			return;

++ 		}

+ 		if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) {

+ 			compressed_sl_print(ndo, &p[SLX_CHDR], ip,

+ 			    length, dir);

+diff -dupr a/util-print.c b/util-print.c

+--- a/util-print.c	2017-07-22 16:33:49.000000000 -0700

+@@ -902,7 +902,7 @@ safeputs(netdissect_options *ndo,

+ {

+ 	u_int idx = 0;

+ 

+-	while (*s && idx < maxlen) {

++	while (idx < maxlen && *s) {

+ 		safeputchar(ndo, *s);

+ 		idx++;

+ 		s++;

@@ -1,7 +1,7 @@

 Summary:	Packet Analyzer

 Name:		tcpdump

 Version:	4.9.1

-Release:	1%{?dist}

+Release:	2%{?dist}

 License:	BSD

 URL:		http://www.tcpdump.org

 Source0:	http://www.tcpdump.org/release/%{name}-%{version}.tar.gz

@@ -11,12 +11,14 @@ Vendor:		VMware, Inc.

 Distribution:	Photon

 BuildRequires: 	libpcap

 Requires:	libpcap

+Patch0:		CVE-2017-11541-CVE-2017-11542-CVE-2017-11543.patch

 %description

 Tcpdump is a common packet analyzer that runs under the command line. 

 It allows the user to display TCP/IP and other packets being 

 transmitted or received over a network to which the computer is attached.

 %prep

 %setup -q

+%patch0 -p1

 %build

 ./configure \

 	--prefix=%{_prefix}

@@ -32,6 +34,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

 %{_sbindir}/*

 %{_mandir}/man1/*

 %changelog

+*   Thu Sep 07 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.9.1-2

+-   Fix for CVE-2017-11541 CVE-2017-11542 CVE-2017-11543

 *   Thu Aug 03 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.9.1-1

 -   Updating version to 4.9.1

 *       Thu Feb 02 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.9.0-1