tcpdump

mirrors/tcpdump

Fork 0

mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-12-01 05:53:38 +08:00

Commit Graph

Author	SHA1	Message	Date
Denis Ovsienko	3c8a2b0e91	CVE-2017-13048/RSVP: fix decoding of Fast Reroute objects In rsvp_obj_print() the case block for Class-Num 205 (FAST_REROUTE) from RFC 4090 Section 4.1 could over-read accessing the buffer contents before making the bounds check. Rearrange those steps the correct way around. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s).	2017-09-13 12:25:44 +01:00

Author

SHA1

Message

Date

Denis Ovsienko

3c8a2b0e91

CVE-2017-13048/RSVP: fix decoding of Fast Reroute objects

In rsvp_obj_print() the case block for Class-Num 205 (FAST_REROUTE) from
RFC 4090 Section 4.1 could over-read accessing the buffer contents before
making the bounds check. Rearrange those steps the correct way around.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).

2017-09-13 12:25:44 +01:00

1 Commits