CVE-2017-5342/pass correct caplen value to ether_print()

In that function the "length" parameter means off-the-wire length, that
is, the length declared inside the outer header. The "caplen" parameter
means the amount of bytes actually available in the captured packet.

gre_print_0() and the functions modelled after it passed the value of
"length" instead of the value of "caplen", this could make ether_print()
access beyond the memory allocated for the captured packet. Brian
Carpenter had demonstrated this for the OTV case.

Fix the involved functions that call ether_print() to pass the correct
value and leave a comment to dismiss "caplen" later as its value can be
reliably derived from the other ether_print() parameters.

1 files changed, 11 insertions, 0 deletions

diff --git a/tests/otv-heapoverflow-2.out b/tests/otv-heapoverflow-2.out
new file mode 100644
index 00000000..7ea809f6
--- /dev/null
+++ b/tests/otv-heapoverflow-2.out
@@ -0,0 +1,11 @@
+IP 192.168.0.134.47808 > 192.168.0.24.47808: UDP, length 6
+IP 192.168.0.134.47808 > 192.168.0.24.47808: UDP, length 12
+IP 192.168.0.24.47808 > 192.168.0.134.47808: UDP, length 6
+IP 192.168.0.24.47808 > 192.168.0.255.47808: UDP, length 18
+IP 192.168.0.105.47808 > 192.168.0.255.47808: UDP, length 25
+IP 192.168.0.24.47808 > 192.168.0.134.47808: UDP, length 31
+IP 192.168.0.18.47808 > 192.168.0.255.47808: UDP, length 24
+IP 192.168.0.24.40896 > 192.168.0.134.47808: UDP, length 30
+IP 192.168.0.24.47808 > 192.168.0.255.47808: UDP, length 20
+IP 192.168.0.9.37123 > 97.34.1.224.8472: OTV, flags [I] (0x9d), overlay 12124160, instance 4587520
+[|ether]