CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP length.

It's not good enough to check whether all the data specified by the AVP length was captured - you also have to check whether that length is large enough for all the required data in the AVP. This fixes a buffer over-read discovered by Yannick Formaggio. Add a test using the capture file supplied by the reporter(s).
author: Guy Harris <guy@alum.mit.edu> 2017-03-05 19:56:20 -0800
committer: Denis Ovsienko <denis@ovsienko.info> 2017-09-13 12:25:44 +0100
commit: cc4a7391c616be7a64ed65742ef9ed3f106eb165 (patch)
tree: 44202b5dfe534a2f8c6bee1e9478ba39c94b0612 /tests/l2tp-avp-overflow.pcap
parent: 4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2 (diff)
download: tcpdump-cc4a7391c616be7a64ed65742ef9ed3f106eb165.tar.gz
1 files changed, 0 insertions, 0 deletions
diff --git a/tests/l2tp-avp-overflow.pcap b/tests/l2tp-avp-overflow.pcap
new file mode 100644
index 00000000..5a6c4067
--- /dev/null
+++ b/tests/l2tp-avp-overflow.pcap
author	Guy Harris <guy@alum.mit.edu>	2017-03-05 19:56:20 -0800
committer	Denis Ovsienko <denis@ovsienko.info>	2017-09-13 12:25:44 +0100
commit	cc4a7391c616be7a64ed65742ef9ed3f106eb165 (patch)
tree	44202b5dfe534a2f8c6bee1e9478ba39c94b0612 /tests/l2tp-avp-overflow.pcap
parent	4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2 (diff)
download	tcpdump-cc4a7391c616be7a64ed65742ef9ed3f106eb165.tar.gz