]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: c6e0531) | patch
CVE-2017-12893/SMB/CIFS: Add a bounds check in name_len().
authorGuy Harris <[email protected]>
Sat, 4 Feb 2017 00:56:57 +0000 (16:56 -0800)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commit6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45
tree286d10fcbad1f40ac4163fd6bef48e74e6a96adctree
parentc6e0531b5def26ecf912e8de6ade86cbdaed3751commit | diff
CVE-2017-12893/SMB/CIFS: Add a bounds check in name_len().

After we advance the pointer by the length value in the buffer, make
sure it points to something in the captured data.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
smbutil.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/nbns-valgrind.out [new file with mode: 0644] blob
tests/nbns-valgrind.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector