]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: da6f1a6) | patch
CVE-2017-13035/Properly handle IS-IS IDs shorter than a system ID (MAC address).
authorGuy Harris <[email protected]>
Thu, 23 Mar 2017 21:37:56 +0000 (14:37 -0700)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commit571a6f33f47e7a2394fa08f925e534135c29cf1e
treef66a8b09902f003d1afb24dffe8e6dd050fe8827tree
parentda6f1a677bfa4476abaeaf9b1afe1c4390f51b41commit | diff
CVE-2017-13035/Properly handle IS-IS IDs shorter than a system ID (MAC address).

Some of them are variable-length, with a field giving the total length,
and therefore they can be shorter than 6 octets.  If one is, don't run
past the end.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
print-isoclns.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/isis_sysid_asan.out [new file with mode: 0644] blob
tests/isis_sysid_asan.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector