diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-02-04 18:38:47 -0800 |
---|---|---|
committer | Denis Ovsienko <denis@ovsienko.info> | 2017-09-13 12:25:44 +0100 |
commit | d17507ffa3e9742199b02a66aa940e79ababfa30 (patch) | |
tree | 79b10010665b07821eead667bf641c00ccb81a36 /tests/zephyr-oobr.out | |
parent | de981e6070d168b58ec1bb0713ded77ed4ad87f4 (diff) | |
download | tcpdump-d17507ffa3e9742199b02a66aa940e79ababfa30.tar.gz |
CVE-2017-12902/Zephyr: Fix bounds checking.
Use ND_TTEST() rather than comparing against ndo->ndo_snapend ourselves;
it's easy to get the tests wrong.
Check for running out of packet data before checking for running out of
captured data, and distinguish between running out of packet data (which
might just mean "no more strings") and running out of captured data
(which means "truncated").
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add a test using the capture file supplied by the reporter(s).
Diffstat (limited to 'tests/zephyr-oobr.out')
-rw-r--r-- | tests/zephyr-oobr.out | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/zephyr-oobr.out b/tests/zephyr-oobr.out new file mode 100644 index 00000000..7f1ee1df --- /dev/null +++ b/tests/zephyr-oobr.out @@ -0,0 +1,2 @@ +00:16:ca:92:12:01 > 00:15:e8:97:b2:01, ethertype IPv4 (0x0800), length 65535: (tos 0x0, ttl 124, id 16059, offset 0, flags [none], proto UDP (17), length 65521) + 167.155.6.190.2104 > 167.155.9.153.514: [udp sum ok] |