]> The Tcpdump Group git mirrors - tcpdump/commit
CVE-2017-13040/MPTCP: Clean up printing DSS suboption.
authorGuy Harris <[email protected]>
Mon, 12 Jun 2017 22:04:18 +0000 (15:04 -0700)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commit2d02497b02b040bd885825dba9230f86a8ffce0e
tree6e9d004f695c82bb928a17a539454bbbc5e99d27
parent3373d020dd238d1e9e2a2e0ddc25a5d7be244b01
CVE-2017-13040/MPTCP: Clean up printing DSS suboption.

Do the length checking inline; that means we print stuff up to the point
at which we run out of option data.

First check to make sure we have at least 4 bytes of option, so we have
flags to check.

This fixes a buffer over-read discovered by Kim Gwan Yeong.

Add a test using the capture file supplied by the reporter(s).
print-mptcp.c
tests/TESTLIST
tests/mptcp-dss-oobr.out [new file with mode: 0644]
tests/mptcp-dss-oobr.pcap [new file with mode: 0644]