]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 0cb1b8a) | patch
CVE-2017-13689/IKEv1: Fix addr+subnet length check.
authorGuy Harris <[email protected]>
Thu, 24 Aug 2017 03:45:39 +0000 (20:45 -0700)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commit061e7371a944588f231cb1b66d6fb070b646e376
tree7cc83035719725b3ed7a4dca54bc532400a613fdtree
parent0cb1b8a434b599b8d636db029aadb757c24e39d6commit | diff
CVE-2017-13689/IKEv1: Fix addr+subnet length check.

An IPv6 address plus subnet mask is 32 bytes, not 20 bytes.
16 bytes of IPv6 address, 16 bytes of subnet mask.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-isakmp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/ikev1_id_ipv6_addr_subnet-oobr.out [new file with mode: 0644] blob
tests/ikev1_id_ipv6_addr_subnet-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector