CVE-2017-12897/ISO CLNS: Use ND_TTEST() for the bounds checks in isoclns_print().

This fixes a buffer over-read discovered by Kamil Frankowicz. Don't pass the remaining caplen - that's too hard to get right, and we were getting it wrong in at least one case; just use ND_TTEST(). Add a test using the capture file supplied by the reporter(s).
author: Guy Harris <guy@alum.mit.edu> 2017-02-03 12:24:14 -0800
committer: Denis Ovsienko <denis@ovsienko.info> 2017-09-13 12:25:44 +0100
commit: 1dcd10aceabbc03bf571ea32b892c522cbe923de (patch)
tree: 1e61e30743230d5c70faadb92c552e0636c04f39 /print-llc.c
parent: f76e7feb41a4327d2b0978449bbdafe98d4a3771 (diff)
download: tcpdump-1dcd10aceabbc03bf571ea32b892c522cbe923de.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/print-llc.c b/print-llc.c
index 6bdf5998..be8886ab 100644
--- a/print-llc.c
+++ b/print-llc.c
@@ -324,7 +324,7 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
 #endif
 	if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
 	    && control == LLC_UI) {
-		isoclns_print(ndo, p, length, caplen);
+		isoclns_print(ndo, p, length);
 		return (hdrlen);
 	}
author	Guy Harris <guy@alum.mit.edu>	2017-02-03 12:24:14 -0800
committer	Denis Ovsienko <denis@ovsienko.info>	2017-09-13 12:25:44 +0100
commit	1dcd10aceabbc03bf571ea32b892c522cbe923de (patch)
tree	1e61e30743230d5c70faadb92c552e0636c04f39 /print-llc.c
parent	f76e7feb41a4327d2b0978449bbdafe98d4a3771 (diff)
download	tcpdump-1dcd10aceabbc03bf571ea32b892c522cbe923de.tar.gz