CVE-2017-12996/PIMv2: Make sure PIM TLVs have the right length.

We do bounds checks based on the TLV length, so if the TLV's length is too short, and we don't check for that, we could end up fetching data past the end of the TLV - including past the length of the captured data in the packet. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add tests using the capture files supplied by the reporter(s).
author: Guy Harris <guy@alum.mit.edu> 2017-02-13 11:31:25 -0800
committer: Denis Ovsienko <denis@ovsienko.info> 2017-09-13 12:25:44 +0100
commit: 6fca58f5f9c96749a575f52e20598ad43f5bdf30 (patch)
tree: 7ee8f6b1227ace140c885e77bd2cf7ee5de6e9a4 /tests/pimv2-oobr-2.pcap
parent: 34cec721d39c76be1e0a600829a7b17bdfb832b6 (diff)
download: tcpdump-6fca58f5f9c96749a575f52e20598ad43f5bdf30.tar.gz
1 files changed, 0 insertions, 0 deletions
diff --git a/tests/pimv2-oobr-2.pcap b/tests/pimv2-oobr-2.pcap
new file mode 100644
index 00000000..320a277d
--- /dev/null
+++ b/tests/pimv2-oobr-2.pcap
author	Guy Harris <guy@alum.mit.edu>	2017-02-13 11:31:25 -0800
committer	Denis Ovsienko <denis@ovsienko.info>	2017-09-13 12:25:44 +0100
commit	6fca58f5f9c96749a575f52e20598ad43f5bdf30 (patch)
tree	7ee8f6b1227ace140c885e77bd2cf7ee5de6e9a4 /tests/pimv2-oobr-2.pcap
parent	34cec721d39c76be1e0a600829a7b17bdfb832b6 (diff)
download	tcpdump-6fca58f5f9c96749a575f52e20598ad43f5bdf30.tar.gz