]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: a9507ac) | patch
CVE-2017-13007/PKTAP: Pass a properly updated struct pcap_pkthdr to the sub-dissector.
authorGuy Harris <[email protected]>
Mon, 6 Mar 2017 04:21:48 +0000 (20:21 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commit2428ac8d0c50c8a586dbc1ed2159b1d12a7820e5
tree8c15167fdd9088d2d046e99c8abc729ffd9b1720tree
parenta9507aca19720bd129f05eee2b410a6605473734commit | diff
CVE-2017-13007/PKTAP: Pass a properly updated struct pcap_pkthdr to the sub-dissector.

The sub-dissector expects that the length and captured length will
reflect the actual remaining data in the packet, not the raw amount
including the PKTAP header; pass an updated header, just as we do for
PPI.

This fixes a buffer over-read discovered by Yannick Formaggio.

Add a test using the capture file supplied by the reporter(s).
print-pktap.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/pktap-heap-overflow.out [new file with mode: 0644] blob
tests/pktap-heap-overflow.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector