We've already advanced the pointer past the PAN ID, if present; it now
points to the address, so don't add 2 to it.
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add a test using the capture file supplied by the reporter(s).
return hdrlen;
}
if (ndo->ndo_vflag)
- ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p + 2)));
+ ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p)));
p += 8;
caplen -= 8;
hdrlen += 8;
--- /dev/null
+IEEE 802.15.4 Data packet seq 01 ab4d:10:05:00:81:00:01:00:01 < [|802.15.4]
pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
802_15_4-oobr-1 802_15_4-oobr-1.pcap 802_15_4-oobr-1.out -vvv -e
802_15_4-oobr-2 802_15_4-oobr-2.pcap 802_15_4-oobr-2.out -vvv -e
+802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e
# RTP tests
# fuzzed pcap