diff options
| author | Guy Harris <guy@alum.mit.edu> | 2017-02-04 03:13:18 -0800 |
|---|---|---|
| committer | Denis Ovsienko <denis@ovsienko.info> | 2017-09-13 12:25:44 +0100 |
| commit | 66df248b49095c261138b5a5e34d341a6bf9ac7f (patch) | |
| tree | 0a3d2c754c3a71eb69dbbffe2baeddbcbd8024e9 /tests/ipv6-next-header-oobr-2.pcap | |
| parent | 0318fa8b61bd6c837641129d585f1a73c652b1e0 (diff) | |
| download | tcpdump-66df248b49095c261138b5a5e34d341a6bf9ac7f.tar.gz | |
CVE-2017-12985/IPv6: Check for print routines returning -1 when running past the end.
rt6_print(), ah_print(), and esp_print() return -1 if they run up
against the end of the packet while dissecting; if that happens, stop
dissecting, don't try to fetch the next header value, because 1) *it*
might be past the end of the packet and 2) we won't be using it in any
case, as we'll be exiting the loop.
Also, change mobility_print() to return -1 if it runs up against the
end of the packet, and stop dissecting if it does so.
This fixes a buffer over-read discovered by Brian 'geeknik' Carpenter.
Add tests using the capture files supplied by the reporter(s).
Diffstat (limited to 'tests/ipv6-next-header-oobr-2.pcap')
| -rw-r--r-- | tests/ipv6-next-header-oobr-2.pcap | bin | 0 -> 88 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/tests/ipv6-next-header-oobr-2.pcap b/tests/ipv6-next-header-oobr-2.pcap Binary files differnew file mode 100644 index 00000000..1be5729b --- /dev/null +++ b/tests/ipv6-next-header-oobr-2.pcap |