]> The Tcpdump Group git mirrors - tcpdump/commit
CVE-2017-13049/Rx: add a missing bounds check for Ubik
authorDenis Ovsienko <[email protected]>
Fri, 4 Aug 2017 16:15:07 +0000 (17:15 +0100)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
commitf9812af2e4111c12a62355ea3dfdfa58f1cab6a9
tree75cd1b3ecfb5da133962a177b1d0b752660272db
parent89dd93b636d479d82dd15115d6ddf7dfdebd735a
CVE-2017-13049/Rx: add a missing bounds check for Ubik

One of the case blocks in ubik_print() didn't check bounds before
fetching 32 bits of packet data and could overread past the captured
packet data by that amount.

This fixes a buffer over-read discovered by Henri Salo from Nixu
Corporation.

Add a test using the capture file supplied by the reporter(s).
print-rx.c
tests/TESTLIST
tests/rx_ubik-oobr.out [new file with mode: 0644]
tests/rx_ubik-oobr.pcap [new file with mode: 0644]