]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 15af5b6) | patch
CVE-2017-12996/PIMv2: Make sure PIM TLVs have the right length.
authorGuy Harris <[email protected]>
Mon, 13 Feb 2017 19:31:25 +0000 (11:31 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commite4c2af0efb8464fdf25d8066b9944d5a9eb285cd
tree206fad49c17a2bc3c16e9589ec8ccf4d5ffa06a4tree
parent15af5b613ee8b262cdc5903a5f5fbb7d5b882c78commit | diff
CVE-2017-12996/PIMv2: Make sure PIM TLVs have the right length.

We do bounds checks based on the TLV length, so if the TLV's length is
too short, and we don't check for that, we could end up fetching data
past the end of the TLV - including past the length of the captured data
in the packet.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add tests using the capture files supplied by the reporter(s).
print-pim.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/pimv2-oobr-1.out [new file with mode: 0644] blob
tests/pimv2-oobr-1.pcap [new file with mode: 0644] blob
tests/pimv2-oobr-2.out [new file with mode: 0644] blob
tests/pimv2-oobr-2.pcap [new file with mode: 0644] blob
tests/pimv2-oobr-3.out [new file with mode: 0644] blob
tests/pimv2-oobr-3.pcap [new file with mode: 0644] blob
tests/pimv2-oobr-4.out [new file with mode: 0644] blob
tests/pimv2-oobr-4.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector