CVE-2016-7933/Add some bounds checks.

Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.

diff --git a/print-ppp.c b/print-ppp.c
index ba5352bbb3993cccb5d3859e73914545b7d60ace..ee8239c779250bfa7ba84c9984d6143af24ea19c 100644 (file)
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -1681,6 +1681,11 @@ ppp_hdlc_if_print(netdissect_options *ndo,
                return (chdlc_if_print(ndo, h, p));
 
        default:
+               if (caplen < 4) {
+                       ND_PRINT((ndo, "[|ppp]"));
+                       return (caplen);
+               }
+
                if (ndo->ndo_eflag)
                        ND_PRINT((ndo, "%02x %02x %d ", p[0], p[1], length));
                p += 2;

diff --git a/tests/TESTLIST b/tests/TESTLIST
index 31042589e46ac1301ccadc17739d72f02d06e45f..4f13b62ec0f6dcee42c5d055b0a58b6a49685493 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -372,3 +372,4 @@ heap-overflow-1     heap-overflow-1.pcap            heap-overflow-1.out     -t -v -n
 heap-overflow-2        heap-overflow-2.pcap            heap-overflow-2.out     -t -v -n
 heapoverflow-atalk_print       heapoverflow-atalk_print.pcap   heapoverflow-atalk_print.out    -t -v -n
 heapoverflow-EXTRACT_16BITS    heapoverflow-EXTRACT_16BITS.pcap        heapoverflow-EXTRACT_16BITS.out -t -v -n
+heapoverflow-ppp_hdlc_if_print heapoverflow-ppp_hdlc_if_print.pcap     heapoverflow-ppp_hdlc_if_print.out      -t -v -n

diff --git a/tests/heapoverflow-ppp_hdlc_if_print.out b/tests/heapoverflow-ppp_hdlc_if_print.out
new file mode 100644 (file)
index 0000000..39cef42
--- /dev/null
+++ b/tests/heapoverflow-ppp_hdlc_if_print.out
@@ -0,0 +1 @@
+[|ppp]

diff --git a/tests/heapoverflow-ppp_hdlc_if_print.pcap b/tests/heapoverflow-ppp_hdlc_if_print.pcap
new file mode 100644 (file)
index 0000000..769a605
Binary files /dev/null and b/tests/heapoverflow-ppp_hdlc_if_print.pcap differ