This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
Clean up some whitespace in tests/TESTLIST while we're at it.
dp = (const struct ip6_frag *)bp;
ip6 = (const struct ip6_hdr *)bp2;
- ND_TCHECK(dp->ip6f_offlg);
+ ND_TCHECK(*dp);
if (ndo->ndo_vflag) {
ND_PRINT((ndo, "frag (0x%08x:%d|%ld)",
lldp_mgmt_addr_tlv_asan lldp_mgmt_addr_tlv_asan.pcap lldp_mgmt_addr_tlv_asan.out -v
bootp_asan bootp_asan.pcap bootp_asan.out -v
ppp_ccp_config_deflate_option_asan ppp_ccp_config_deflate_option_asan.pcap ppp_ccp_config_deflate_option_asan.out -v
-pim_header_asan pim_header_asan.pcap pim_header_asan.out -v
-pim_header_asan-2 pim_header_asan-2.pcap pim_header_asan-2.out -v
-pim_header_asan-3 pim_header_asan-3.pcap pim_header_asan-3.out -v
+pim_header_asan pim_header_asan.pcap pim_header_asan.out -v
+pim_header_asan-2 pim_header_asan-2.pcap pim_header_asan-2.out -v
+pim_header_asan-3 pim_header_asan-3.pcap pim_header_asan-3.out -v
+ip6_frag_asan ip6_frag_asan.pcap ip6_frag_asan.out -v
# RTP tests
# fuzzed pcap
--- /dev/null
+IP6 (class 0x51, flowlabel 0xb2100, hlim 16, next-header Fragment (44) payload length: 27136) 452:22:19:0:41a:e4ff:10ff:484d > 2243:80:1400:100:19:ffff:ffff:fffb: [|frag]
projects / tcpdump / commitdiff
