]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: de981e6) | patch
CVE-2017-12902/Zephyr: Fix bounds checking.
authorGuy Harris <[email protected]>
Sun, 5 Feb 2017 02:38:47 +0000 (18:38 -0800)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitd17507ffa3e9742199b02a66aa940e79ababfa30
tree79b10010665b07821eead667bf641c00ccb81a36tree
parentde981e6070d168b58ec1bb0713ded77ed4ad87f4commit | diff
CVE-2017-12902/Zephyr: Fix bounds checking.

Use ND_TTEST() rather than comparing against ndo->ndo_snapend ourselves;
it's easy to get the tests wrong.

Check for running out of packet data before checking for running out of
captured data, and distinguish between running out of packet data (which
might just mean "no more strings") and running out of captured data
(which means "truncated").

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
print-zephyr.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/zephyr-oobr.out [new file with mode: 0644] blob
tests/zephyr-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector