]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 4e430c6) | patch
CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP length.
authorGuy Harris <[email protected]>
Mon, 6 Mar 2017 03:56:20 +0000 (19:56 -0800)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitcc4a7391c616be7a64ed65742ef9ed3f106eb165
tree44202b5dfe534a2f8c6bee1e9478ba39c94b0612tree
parent4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2commit | diff
CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP length.

It's not good enough to check whether all the data specified by the AVP
length was captured - you also have to check whether that length is
large enough for all the required data in the AVP.

This fixes a buffer over-read discovered by Yannick Formaggio.

Add a test using the capture file supplied by the reporter(s).
print-l2tp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/l2tp-avp-overflow.out [new file with mode: 0644] blob
tests/l2tp-avp-overflow.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector