The Tcpdump Group git mirrors

]> The Tcpdump Group git mirrors - tcpdump/commit

author	Denis Ovsienko <[email protected]>
	Thu, 23 Aug 2018 22:32:07 +0000 (23:32 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Tue, 27 Aug 2019 09:20:42 +0000 (11:20 +0200)
commit	83a412a5275cac973c5841eca3511c766bed778d
tree	232011ef1abf9de36b3c544363dc0cb5a72ae267	tree
parent	13d52e9c0e7caf7e6325b0051bc90a49968be67f	commit \| diff

(for 4.9.3) CVE-2018-16228/HNCP: make buffer access safer

print_prefix() has a buffer and does not initialize it. It may call
decode_prefix6(), which also does not initialize the buffer on invalid
input. When that happens, make sure to return from print_prefix() before
trying to print the [still uninitialized] buffer.

This fixes a buffer over-read discovered by Wang Junjie of 360 ESG
Codesafe Team.

Add a test using the capture file supplied by the reporter(s).

print-hncp.c		diff \| blob \| history
tests/TESTLIST		diff \| blob \| history
tests/hncp_prefix-oobr.out	[new file with mode: 0644]	blob
tests/hncp_prefix-oobr.pcapng	[new file with mode: 0644]	blob

[mirror] the TCPdump network dissector

RSS Atom