CVE-2017-12902/Zephyr: Fix bounds checking.

Use ND_TTEST() rather than comparing against ndo->ndo_snapend ourselves; it's easy to get the tests wrong. Check for running out of packet data before checking for running out of captured data, and distinguish between running out of packet data (which might just mean "no more strings") and running out of captured data (which means "truncated"). This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s).
author: Guy Harris <guy@alum.mit.edu> 2017-02-04 18:38:47 -0800
committer: Denis Ovsienko <denis@ovsienko.info> 2017-09-13 12:25:44 +0100
commit: d17507ffa3e9742199b02a66aa940e79ababfa30 (patch)
tree: 79b10010665b07821eead667bf641c00ccb81a36 /tests/zephyr-oobr.out
parent: de981e6070d168b58ec1bb0713ded77ed4ad87f4 (diff)
download: tcpdump-d17507ffa3e9742199b02a66aa940e79ababfa30.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/zephyr-oobr.out b/tests/zephyr-oobr.out
new file mode 100644
index 00000000..7f1ee1df
--- /dev/null
+++ b/tests/zephyr-oobr.out
@@ -0,0 +1,2 @@
+00:16:ca:92:12:01 > 00:15:e8:97:b2:01, ethertype IPv4 (0x0800), length 65535: (tos 0x0, ttl 124, id 16059, offset 0, flags [none], proto UDP (17), length 65521)
+    167.155.6.190.2104 > 167.155.9.153.514: [udp sum ok]
author	Guy Harris <guy@alum.mit.edu>	2017-02-04 18:38:47 -0800
committer	Denis Ovsienko <denis@ovsienko.info>	2017-09-13 12:25:44 +0100
commit	d17507ffa3e9742199b02a66aa940e79ababfa30 (patch)
tree	79b10010665b07821eead667bf641c00ccb81a36 /tests/zephyr-oobr.out
parent	de981e6070d168b58ec1bb0713ded77ed4ad87f4 (diff)
download	tcpdump-d17507ffa3e9742199b02a66aa940e79ababfa30.tar.gz