CVE-2017-12897/ISO CLNS: Use ND_TTEST() for the bounds checks in isoclns_print().

This fixes a buffer over-read discovered by Kamil Frankowicz. Don't pass the remaining caplen - that's too hard to get right, and we were getting it wrong in at least one case; just use ND_TTEST(). Add a test using the capture file supplied by the reporter(s).
author: Guy Harris <guy@alum.mit.edu> 2017-02-03 12:24:14 -0800
committer: Denis Ovsienko <denis@ovsienko.info> 2017-09-13 12:25:44 +0100
commit: 1dcd10aceabbc03bf571ea32b892c522cbe923de (patch)
tree: 1e61e30743230d5c70faadb92c552e0636c04f39 /print-ether.c
parent: f76e7feb41a4327d2b0978449bbdafe98d4a3771 (diff)
download: tcpdump-1dcd10aceabbc03bf571ea32b892c522cbe923de.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/print-ether.c b/print-ether.c
index 57c07ce9..33a135e0 100644
--- a/print-ether.c
+++ b/print-ether.c
@@ -367,7 +367,7 @@ ethertype_print(netdissect_options *ndo,
 			ND_PRINT((ndo, " [|osi]"));
 			return (1);
 		}
-		isoclns_print(ndo, p + 1, length - 1, caplen - 1);
+		isoclns_print(ndo, p + 1, length - 1);
 		return(1);
 
 	case ETHERTYPE_PPPOED:
author	Guy Harris <guy@alum.mit.edu>	2017-02-03 12:24:14 -0800
committer	Denis Ovsienko <denis@ovsienko.info>	2017-09-13 12:25:44 +0100
commit	1dcd10aceabbc03bf571ea32b892c522cbe923de (patch)
tree	1e61e30743230d5c70faadb92c552e0636c04f39 /print-ether.c
parent	f76e7feb41a4327d2b0978449bbdafe98d4a3771 (diff)
download	tcpdump-1dcd10aceabbc03bf571ea32b892c522cbe923de.tar.gz