]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d10a0f9) | patch
CVE-2017-13043/BGP: fix decoding of MVPN route types 6 and 7
authorDenis Ovsienko <[email protected]>
Thu, 3 Aug 2017 23:08:23 +0000 (00:08 +0100)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitd515b4b4a300479cdf1a6e0d1bb95bc1f9fee514
tree8aafaab7ee4a8e92c092ace73763778c3fe1cc3atree
parentd10a0f980fe8f9407ab1ffbd612641433ebe175ecommit | diff
CVE-2017-13043/BGP: fix decoding of MVPN route types 6 and 7

RFC 6514 Section 4.6 defines the structure for Shared Tree Join (6) and
Source Tree Join (7) multicast VPN route types. decode_multicast_vpn()
didn't implement the Source AS field of that structure properly, adjust
the offsets to put it right.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-bgp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/bgp_mvpn_6_and_7.out [new file with mode: 0644] blob
tests/bgp_mvpn_6_and_7.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector