]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 7563552) | patch
CVE-2017-13043/BGP: fix decoding of MVPN route types 6 and 7
authorDenis Ovsienko <[email protected]>
Thu, 3 Aug 2017 23:08:23 +0000 (00:08 +0100)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commit89dd93b636d479d82dd15115d6ddf7dfdebd735a
tree6f554d61dde38bac58eb51f41a2abd471ddc4533tree
parent75635529a8b4a6a29abda47b13ef7dfb2c18a3f3commit | diff
CVE-2017-13043/BGP: fix decoding of MVPN route types 6 and 7

RFC 6514 Section 4.6 defines the structure for Shared Tree Join (6) and
Source Tree Join (7) multicast VPN route types. decode_multicast_vpn()
didn't implement the Source AS field of that structure properly, adjust
the offsets to put it right.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-bgp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/bgp_mvpn_6_and_7.out [new file with mode: 0644] blob
tests/bgp_mvpn_6_and_7.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector