]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: f8a5350) | patch
CVE-2017-12899/DECnet: Fix bounds checking.
authorGuy Harris <[email protected]>
Fri, 3 Feb 2017 23:52:24 +0000 (15:52 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commite9afd36b99053be900f180e7e85c81ecd1ccf0b6
tree7c4974554f217a7ccfce8f28c31fc41761a65a62tree
parentf8a5350dfb546b1dc30c966b8b83d7341509fc34commit | diff
CVE-2017-12899/DECnet: Fix bounds checking.

If we're skipping over padding before the *real* flags, check whether
the real flags are in the captured data before fetching it.  This fixes
a buffer over-read discovered by Kamil Frankowicz.

Note one place where we don't need to do bounds checking as it's already
been done.

Add a test using the capture file supplied by the reporter(s).
print-decnet.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/decnet-oobr.out [new file with mode: 0644] blob
tests/decnet-oobr.pcap [new file with mode: 0644] blob
[mirror] the TCPdump network dissector