]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d94192) | patch
CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP length.
authorGuy Harris <[email protected]>
Mon, 6 Mar 2017 03:56:20 +0000 (19:56 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commita9507aca19720bd129f05eee2b410a6605473734
treecf446583e7fd259b1dcb2fbbda48299da52f6fcbtree
parent3d94192d9d961a5a304a19a4f012ecf2ca9c4b6fcommit | diff
CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP length.

It's not good enough to check whether all the data specified by the AVP
length was captured - you also have to check whether that length is
large enough for all the required data in the AVP.

This fixes a buffer over-read discovered by Yannick Formaggio.

Add a test using the capture file supplied by the reporter(s).
print-l2tp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/l2tp-avp-overflow.out [new file with mode: 0644] blob
tests/l2tp-avp-overflow.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector