CVE-2017-5483/SNMP: improve ASN.1 bounds checks

Kamil Frankowicz had found that truncated BE_STR and BE_SEQ ASN.1 elements could lead to an overread, from the source code it looked like other ids could have this problem too. Move the checks introduced in commit 72e501f out of the switch blocks to cover all ids by default. This fixes GH#559 and GH#566.
author: Denis Ovsienko <denis@ovsienko.info> 2017-01-12 13:47:50 +0000
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:41 +0100
commit: eec1624f7be88008f519d92150ee0eb85633518b (patch)
tree: 77656a46eec698c55703affe9be45d6f51c363d8 /tests/snmp-heapoverflow-2.out
parent: c39c1d99ac3b6d5d9519b39da6717180651650d3 (diff)
download: tcpdump-eec1624f7be88008f519d92150ee0eb85633518b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/snmp-heapoverflow-2.out b/tests/snmp-heapoverflow-2.out
new file mode 100644
index 00000000..98789159
--- /dev/null
+++ b/tests/snmp-heapoverflow-2.out
@@ -0,0 +1 @@
+IP 48.48.48.48.12336 > 48.48.48.48.162:  [|snmp]
author	Denis Ovsienko <denis@ovsienko.info>	2017-01-12 13:47:50 +0000
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:41 +0100
commit	eec1624f7be88008f519d92150ee0eb85633518b (patch)
tree	77656a46eec698c55703affe9be45d6f51c363d8 /tests/snmp-heapoverflow-2.out
parent	c39c1d99ac3b6d5d9519b39da6717180651650d3 (diff)
download	tcpdump-eec1624f7be88008f519d92150ee0eb85633518b.tar.gz