diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-03-21 22:02:41 -0700 |
---|---|---|
committer | Denis Ovsienko <denis@ovsienko.info> | 2017-09-13 12:25:44 +0100 |
commit | c5dd7bef5e54da5996dc4713284aa6266ae75b75 (patch) | |
tree | f62e131da907d24ba3f4ad6a8bb0cd62e20a0802 /print-vtp.c | |
parent | 4601c685e7fd19c3724d5e499c69b8d3ec49933e (diff) | |
download | tcpdump-c5dd7bef5e54da5996dc4713284aa6266ae75b75.tar.gz |
CVE-2017-13020/VTP: Add some missing bounds checks.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
Diffstat (limited to 'print-vtp.c')
-rw-r--r-- | print-vtp.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/print-vtp.c b/print-vtp.c index 285beb96..18c1356e 100644 --- a/print-vtp.c +++ b/print-vtp.c @@ -223,6 +223,7 @@ vtp_print (netdissect_options *ndo, * */ + ND_TCHECK_32BITS(tptr); ND_PRINT((ndo, ", Config Rev %x", EXTRACT_32BITS(tptr))); /* @@ -243,6 +244,7 @@ vtp_print (netdissect_options *ndo, tptr += 4; while (tptr < (pptr+length)) { + ND_TCHECK_8BITS(tptr); len = *tptr; if (len == 0) break; |