]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 7318b23) | patch
CVE-2017-12994/BGP: Move a test inside a loop.
authorGuy Harris <[email protected]>
Tue, 7 Feb 2017 20:08:07 +0000 (12:08 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commit05fcc56cb3ae78a15040d550f62918154009e14c
tree91454c7f999a5e4f8be12a0026469eb694b44b37tree
parent7318b2369b59ee497a6f5f1b236a2133851a2912commit | diff
CVE-2017-12994/BGP: Move a test inside a loop.

The loop can be executed more than once (that's kinda the whole point of
a loop), so the check has to be made each time through the loop, not
just once before the loop is executed.

Do some additional length checks while we're at it.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
print-bgp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/bgp-aigp-oobr.out [new file with mode: 0644] blob
tests/bgp-aigp-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector