]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8fb9f54)
CVE-2017-13000/IEEE 802.15.4: Fix bug introduced by previous fix.
authorGuy Harris <[email protected]>
Tue, 21 Feb 2017 21:40:19 +0000 (13:40 -0800)
committerDenis Ovsienko <[email protected]>
Sun, 3 Sep 2017 23:08:58 +0000 (00:08 +0100)
We've already advanced the pointer past the PAN ID, if present; it now
points to the address, so don't add 2 to it.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).

print-802_15_4.c patch | blob | history
tests/802_15_4-data.out [new file with mode: 0644] patch | blob
tests/802_15_4-data.pcap [new file with mode: 0644] patch | blob
tests/TESTLIST patch | blob | history

diff --git a/print-802_15_4.c b/print-802_15_4.c
index a43d0333cac59e79096f36bef9d8ee6b712c90fc..a7817eb5afda6ccc658492b304b164d04e2a0493 100644 (file)
--- a/print-802_15_4.c
+++ b/print-802_15_4.c
@@ -141,7 +141,7 @@ ieee802_15_4_if_print(netdissect_options *ndo,
                        return hdrlen;
                }
                if (ndo->ndo_vflag)
-                       ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p + 2)));
+                       ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p)));
                p += 8;
                caplen -= 8;
                hdrlen += 8;
diff --git a/tests/802_15_4-data.out b/tests/802_15_4-data.out
new file mode 100644 (file)
index 0000000..0e64675
--- /dev/null
+++ b/tests/802_15_4-data.out
@@ -0,0 +1 @@
+IEEE 802.15.4 Data packet seq 01 ab4d:10:05:00:81:00:01:00:01 < [|802.15.4]
diff --git a/tests/802_15_4-data.pcap b/tests/802_15_4-data.pcap
new file mode 100644 (file)
index 0000000..4a32784
Binary files /dev/null and b/tests/802_15_4-data.pcap differ
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 7de31967765dd8fe6d1386ed8e864d9e0a16b309..d51aa21c3aaf0456bf567cc9c2cf52007ea6098e 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -485,6 +485,7 @@ pimv2-oobr-3                pimv2-oobr-3.pcap               pimv2-oobr-3.out                -vvv -e
 pimv2-oobr-4           pimv2-oobr-4.pcap               pimv2-oobr-4.out                -vvv -e
 802_15_4-oobr-1                802_15_4-oobr-1.pcap            802_15_4-oobr-1.out     -vvv -e
 802_15_4-oobr-2                802_15_4-oobr-2.pcap            802_15_4-oobr-2.out     -vvv -e
+802_15_4-data          802_15_4-data.pcap              802_15_4-data.out       -vvv -e
 
 # RTP tests
 # fuzzed pcap
[mirror] the TCPdump network dissector