]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 39582c0) | patch
CVE-2017-13044/HNCP: add DHCPv4-Data bounds checks
authorDenis Ovsienko <[email protected]>
Sat, 29 Jul 2017 20:45:35 +0000 (21:45 +0100)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitc2f6833dddecf2d5fb89c9c898eee9981da342ed
tree9b7935343afd8bf4b457232d9c5bf6c93b3f8efetree
parent39582c04cc5e34054b2936b423072fb9df2ff6efcommit | diff
CVE-2017-13044/HNCP: add DHCPv4-Data bounds checks

dhcpv4_print() in print-hncp.c had the same bug as dhcpv6_print(), apply
a fix along the same lines.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-hncp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/hncp_dhcpv4data-oobr.out [new file with mode: 0644] blob
tests/hncp_dhcpv4data-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector