This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't cause 'tcpdump: pcap_loop: truncated dump file'
ND_PRINT((ndo, "(ni: trunc)"));
goto trunc;
}
+ ND_TCHECK_16BITS(&bp[i+2]);
+ ND_TCHECK_16BITS(&bp[i+4]);
ND_PRINT((ndo, "(ni: ho=0x%04x co=0x%04x)",
EXTRACT_16BITS(&bp[i+2]),
EXTRACT_16BITS(&bp[i+4])));
icmp6_mobileprefix_asan icmp6_mobileprefix_asan.pcap icmp6_mobileprefix_asan.out -v
ip_printroute_asan ip_printroute_asan.pcap ip_printroute_asan.out -v
mobility_opt_asan mobility_opt_asan.pcap mobility_opt_asan.out -v
+mobility_opt_asan_2 mobility_opt_asan_2.pcap mobility_opt_asan_2.out -v
# RTP tests
# fuzzed pcap
--- /dev/null
+IP6 (class 0x50, flowlabel 0x0002c, hlim 0, next-header Mobile IP (old) (62) payload length: 7168) ff:7f0f:40:0:ee00:0:b658:5203 > 205:20:1:b00:0:2200:af01:e000: mobility: BRR(type-0x06: len=0)[|MOBILITY]
projects / tcpdump / commitdiff
