CVE-2017-13030/PIM: Redo bounds checks and add length checks.

Use ND_TCHECK macros to do bounds checking, and add length checks before the bounds checks. Add a bounds check that the review process found was missing. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s), modified so the capture file won't be rejected as an invalid capture. Update one test output file to reflect the changes.
author: Guy Harris <guy@alum.mit.edu> 2017-03-22 14:09:28 -0700
committer: Denis Ovsienko <denis@ovsienko.info> 2017-09-13 12:25:44 +0100
commit: 5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc (patch)
tree: 61c4957fb95780b4e54532dc0b04d9c18ea2c46c /tests/heapoverflow-in_checksum.out
parent: 7029d15f148ef24bb7c6668bc640f5470d085e5a (diff)
download: tcpdump-5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/heapoverflow-in_checksum.out b/tests/heapoverflow-in_checksum.out
index fffc6920..aa59acb0 100644
--- a/tests/heapoverflow-in_checksum.out
+++ b/tests/heapoverflow-in_checksum.out
@@ -1,3 +1,4 @@
 IP (tos 0x30, ttl 48, id 12336, offset 0, flags [DF], proto PIM (103), length 12336, bad cksum 3030 (->2947)!)
     48.48.48.48 > 48.48.48.48: PIMv2, length 12316
-	Hello, RFC2117-encoding, cksum 0x3030 (unverified)[|pim]
+	Hello, RFC2117-encoding, cksum 0x3030 (unverified)
+	  Unknown Option (12336), length 12336, Value: [|pim]
author	Guy Harris <guy@alum.mit.edu>	2017-03-22 14:09:28 -0700
committer	Denis Ovsienko <denis@ovsienko.info>	2017-09-13 12:25:44 +0100
commit	5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc (patch)
tree	61c4957fb95780b4e54532dc0b04d9c18ea2c46c /tests/heapoverflow-in_checksum.out
parent	7029d15f148ef24bb7c6668bc640f5470d085e5a (diff)
download	tcpdump-5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc.tar.gz