]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d515b4b) | patch
CVE-2017-13049/Rx: add a missing bounds check for Ubik
authorDenis Ovsienko <[email protected]>
Fri, 4 Aug 2017 16:15:07 +0000 (17:15 +0100)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitaa0858100096a3490edf93034a80e66a4d61aad5
tree65778eaa41d957baa670808b79edae52fe4a9511tree
parentd515b4b4a300479cdf1a6e0d1bb95bc1f9fee514commit | diff
CVE-2017-13049/Rx: add a missing bounds check for Ubik

One of the case blocks in ubik_print() didn't check bounds before
fetching 32 bits of packet data and could overread past the captured
packet data by that amount.

This fixes a buffer over-read discovered by Henri Salo from Nixu
Corporation.

Add a test using the capture file supplied by the reporter(s).
print-rx.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/rx_ubik-oobr.out [new file with mode: 0644] blob
tests/rx_ubik-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector