diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-03-22 14:09:28 -0700 |
---|---|---|
committer | Denis Ovsienko <denis@ovsienko.info> | 2017-09-13 12:25:44 +0100 |
commit | 5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc (patch) | |
tree | 61c4957fb95780b4e54532dc0b04d9c18ea2c46c /tests/heapoverflow-in_checksum.out | |
parent | 7029d15f148ef24bb7c6668bc640f5470d085e5a (diff) | |
download | tcpdump-5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc.tar.gz |
CVE-2017-13030/PIM: Redo bounds checks and add length checks.
Use ND_TCHECK macros to do bounds checking, and add length checks before
the bounds checks.
Add a bounds check that the review process found was missing.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
Update one test output file to reflect the changes.
Diffstat (limited to 'tests/heapoverflow-in_checksum.out')
-rw-r--r-- | tests/heapoverflow-in_checksum.out | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/heapoverflow-in_checksum.out b/tests/heapoverflow-in_checksum.out index fffc6920..aa59acb0 100644 --- a/tests/heapoverflow-in_checksum.out +++ b/tests/heapoverflow-in_checksum.out @@ -1,3 +1,4 @@ IP (tos 0x30, ttl 48, id 12336, offset 0, flags [DF], proto PIM (103), length 12336, bad cksum 3030 (->2947)!) 48.48.48.48 > 48.48.48.48: PIMv2, length 12316 - Hello, RFC2117-encoding, cksum 0x3030 (unverified)[|pim] + Hello, RFC2117-encoding, cksum 0x3030 (unverified) + Unknown Option (12336), length 12336, Value: [|pim] |