]> The Tcpdump Group git mirrors - tcpdump/commit
CVE-2017-13007/PKTAP: Pass a properly updated struct pcap_pkthdr to the sub-dissector.
authorGuy Harris <[email protected]>
Mon, 6 Mar 2017 04:21:48 +0000 (20:21 -0800)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitca336198e8bebccc18502de27672fdbd6eb34856
treebbe918f6b617e9bab0ce1e7c40bd9f53c4224740
parentcc4a7391c616be7a64ed65742ef9ed3f106eb165
CVE-2017-13007/PKTAP: Pass a properly updated struct pcap_pkthdr to the sub-dissector.

The sub-dissector expects that the length and captured length will
reflect the actual remaining data in the packet, not the raw amount
including the PKTAP header; pass an updated header, just as we do for
PPI.

This fixes a buffer over-read discovered by Yannick Formaggio.

Add a test using the capture file supplied by the reporter(s).
print-pktap.c
tests/TESTLIST
tests/pktap-heap-overflow.out [new file with mode: 0644]
tests/pktap-heap-overflow.pcap [new file with mode: 0644]