CVE-2017-5205/Clean up parsing of IKEv2 Security Associations.
The payload of a Security Association has a sequence of proposal
substructures; the Last Substruc field should only be 0 (for the last
proposal substructure) or 2 (if there's another proposal substructure
after the current one). If it's neither, don't try to dissect the next
item as a payload with the Last Substruc field's value as a payload
type.
The payload of a proposal substructure has a sequence of transform
substructures; the Last Substruc field should only be 0 (for the last
transform substructure) or 3 (if there's another transform substructure
after the current one). If it's neither, don't try to dissect the next
item as a payload with the Last Substruc field's value as a payload
type.
That keeps us from trying to, for example, dissect a bogus substructure
as an encrypted payload item and passing a null pointer as the struct
isakmp structure pointer.
projects / tcpdump / commit
