]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f069d0) | patch
CVE-2017-13039/IKEv1: Do more bounds checking.
authorGuy Harris <[email protected]>
Mon, 12 Jun 2017 04:06:55 +0000 (21:06 -0700)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commit3373d020dd238d1e9e2a2e0ddc25a5d7be244b01
tree33bfc8d58c77436c9f2d217a43c61abb88e9ed09tree
parent3f069d0e2ef3e39b7ae11503fb6286635ee07353commit | diff
CVE-2017-13039/IKEv1: Do more bounds checking.

Have ikev1_attrmap_print() and ikev1_attr_print() do full bounds
checking, and return null on a bounds overflow.  Have their callers
check for a null return.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
print-isakmp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/isakmpv1-attr-oobr.out [new file with mode: 0644] blob
tests/isakmpv1-attr-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector