]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 3310a32) | patch
CVE-2017-13689/IKEv1: Fix addr+subnet length check.
authorGuy Harris <[email protected]>
Thu, 24 Aug 2017 03:45:39 +0000 (20:45 -0700)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commitb79317b08c723acc5490212fc529ece3edf4eb73
treead6979531d20e161b5ab481928370727b9c4cfbdtree
parent3310a325c9768d293dd8b928c2422e44ea7b45becommit | diff
CVE-2017-13689/IKEv1: Fix addr+subnet length check.

An IPv6 address plus subnet mask is 32 bytes, not 20 bytes.
16 bytes of IPv6 address, 16 bytes of subnet mask.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-isakmp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/ikev1_id_ipv6_addr_subnet-oobr.out [new file with mode: 0644] blob
tests/ikev1_id_ipv6_addr_subnet-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector