]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 396e94f) | patch
(for 4.9.3) CVE-2018-14461/LDP: Fix a bounds check
authorFrancois-Xavier Le Bail <[email protected]>
Sun, 8 Oct 2017 09:49:24 +0000 (11:49 +0200)
committerFrancois-Xavier Le Bail <[email protected]>
Sun, 18 Aug 2019 18:35:51 +0000 (20:35 +0200)
commitaa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
tree3e01c52d6178dbf1c2cc43c35c32f2daab767737tree
parent396e94ff55a80d554b1fe46bf107db1e91008d6ccommit | diff
(for 4.9.3) CVE-2018-14461/LDP: Fix a bounds check

In ldp_tlv_print(), the FT Session TLV length must be 12, not 8 (RFC3479)

This fixes a buffer over-read discovered by Konrad Rieck and
Bhargava Shastry.

Add a test using the capture file supplied by the reporter(s).

Moreover:
Add and use tstr[].
Add a comment.
print-ldp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/ldp-ldp_tlv_print-oobr.out [new file with mode: 0644] blob
tests/ldp-ldp_tlv_print-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector