]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a36c495)
CVE-2016-7930/Add a bounds check.
authorGuy Harris <[email protected]>
Sat, 4 Jul 2015 00:25:39 +0000 (17:25 -0700)
committerFrancois-Xavier Le Bail <[email protected]>
Wed, 18 Jan 2017 08:16:36 +0000 (09:16 +0100)
Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.

print-llc.c patch | blob | history
tests/TESTLIST patch | blob | history
tests/llc-xid-heapoverflow.out [new file with mode: 0644] patch | blob
tests/llc-xid-heapoverflow.pcap [new file with mode: 0644] patch | blob

diff --git a/print-llc.c b/print-llc.c
index bca9b5021150c45b36865f8f2ba9cabed25345be..7f316c2edaf50efb99c832be34b4158a4090cd62 100644 (file)
--- a/print-llc.c
+++ b/print-llc.c
@@ -358,6 +358,12 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
                        length + hdrlen));
 
                if ((control & ~LLC_U_POLL) == LLC_XID) {
+                       if (caplen < 2 || length < 2) {
+                               ND_PRINT((ndo, "[|llc]"));
+                               if (caplen > 0)
+                                       ND_DEFAULTPRINT((const u_char *)p, caplen);
+                               return (hdrlen);
+                       }
                        if (*p == LLC_XID_FI) {
                                ND_PRINT((ndo, ": %02x %02x", p[1], p[2]));
                                return (hdrlen);
diff --git a/tests/TESTLIST b/tests/TESTLIST
index c137e8d5620b2908d1c1c7244634fd73236fe17a..6e4219e8cc2949ba2bf1d28931aa5e4339ded64d 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -387,3 +387,4 @@ tcp-auth-heapoverflow       tcp-auth-heapoverflow.pcap      tcp-auth-heapoverflow.out       -t -v
 atm-oam-heapoverflow   atm-oam-heapoverflow.pcap       atm-oam-heapoverflow.out        -t -v -n
 tcp_header_heapoverflow        tcp_header_heapoverflow.pcap    tcp_header_heapoverflow.out     -t -v -n
 ipcomp-heapoverflow    ipcomp-heapoverflow.pcap        ipcomp-heapoverflow.out -t -v -n
+llc-xid-heapoverflow   llc-xid-heapoverflow.pcap       llc-xid-heapoverflow.out        -t -v -n
diff --git a/tests/llc-xid-heapoverflow.out b/tests/llc-xid-heapoverflow.out
new file mode 100644 (file)
index 0000000..4fcad70
--- /dev/null
+++ b/tests/llc-xid-heapoverflow.out
@@ -0,0 +1 @@
+Unknown DSAP 0x30 Unnumbered, xid, Flags [Poll], length 808464412[|llc]
diff --git a/tests/llc-xid-heapoverflow.pcap b/tests/llc-xid-heapoverflow.pcap
new file mode 100644 (file)
index 0000000..0574501
Binary files /dev/null and b/tests/llc-xid-heapoverflow.pcap differ
[mirror] the TCPdump network dissector