]> The Tcpdump Group git mirrors - tcpdump/commit
CVE-2017-13043/BGP: fix decoding of MVPN route types 6 and 7
authorDenis Ovsienko <[email protected]>
Thu, 3 Aug 2017 23:08:23 +0000 (00:08 +0100)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commitd515b4b4a300479cdf1a6e0d1bb95bc1f9fee514
tree8aafaab7ee4a8e92c092ace73763778c3fe1cc3a
parentd10a0f980fe8f9407ab1ffbd612641433ebe175e
CVE-2017-13043/BGP: fix decoding of MVPN route types 6 and 7

RFC 6514 Section 4.6 defines the structure for Shared Tree Join (6) and
Source Tree Join (7) multicast VPN route types. decode_multicast_vpn()
didn't implement the Source AS field of that structure properly, adjust
the offsets to put it right.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-bgp.c
tests/TESTLIST
tests/bgp_mvpn_6_and_7.out [new file with mode: 0644]
tests/bgp_mvpn_6_and_7.pcap [new file with mode: 0644]