The Tcpdump Group git mirrors

]> The Tcpdump Group git mirrors - tcpdump/commit

author	Denis Ovsienko <[email protected]>
	Tue, 28 Aug 2018 23:38:40 +0000 (00:38 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Tue, 27 Aug 2019 09:20:42 +0000 (11:20 +0200)
commit	4846b3c5d0a850e860baf4f07340495d29837d09
tree	00dac4b1745efa9ec3558dede35faa7fa1f9de24	tree
parent	83a412a5275cac973c5841eca3511c766bed778d	commit \| diff

(for 4.9.3) CVE-2018-16227/IEEE 802.11: add a missing bounds check

ieee802_11_print() tried to access the Mesh Flags subfield of the Mesh
Control field to find the size of the latter and increment the expected
802.11 header length before checking it is fully present in the input
buffer. Add an intermediate bounds check to make it safe.

This fixes a buffer over-read discovered by Ryan Ackroyd.

Add a test using the capture file supplied by the reporter(s).

print-802_11.c		diff \| blob \| history
tests/TESTLIST		diff \| blob \| history
tests/ieee802.11_meshhdr-oobr.out	[new file with mode: 0644]	blob
tests/ieee802.11_meshhdr-oobr.pcap	[new file with mode: 0644]	blob

[mirror] the TCPdump network dissector

RSS Atom