]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f5ba2b) | patch
CVE-2017-12894/In lookup_bytestring(), take the length of the byte string into account.
authorGuy Harris <[email protected]>
Sat, 4 Feb 2017 02:54:00 +0000 (18:54 -0800)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commit730fc35968c5433b9e2a829779057f4f9495dc51
treedce4d3d4a9169a1698bf0269584806c508cdf990tree
parent6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45commit | diff
CVE-2017-12894/In lookup_bytestring(), take the length of the byte string into account.

Otherwise, if, in our search of the hash table, we come across a byte
string that's shorter than the string we're looking for, we'll search
past the end of the string in the hash table.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
addrtoname.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/arp-oobr.out [new file with mode: 0644] blob
tests/arp-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector