]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 83c64fc) | patch
CVE-2017-13054/LLDP: add a missing length check
authorDenis Ovsienko <[email protected]>
Wed, 9 Aug 2017 23:01:55 +0000 (00:01 +0100)
committerDenis Ovsienko <[email protected]>
Wed, 13 Sep 2017 11:25:44 +0000 (12:25 +0100)
commite6511cc1a950fe1566b2236329d6b4bd0826cc7a
treed0b62fae41a9fae52afb1d8caaeeede275262cb7tree
parent83c64fce3a5226b080e535f5131a8a318f30e79bcommit | diff
CVE-2017-13054/LLDP: add a missing length check

In lldp_private_8023_print() the case block for subtype 4 (Maximum Frame
Size TLV, IEEE 802.3bc-2009 Section 79.3.4) did not include the length
check and could over-read the input buffer, put it right.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
print-lldp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/lldp_8023_mtu-oobr.out [new file with mode: 0644] blob
tests/lldp_8023_mtu-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector