tcpdump

mirrors/tcpdump

Fork 0

mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2025-01-08 16:58:46 +08:00

Commit Graph

Author	SHA1	Message	Date
Francois-Xavier Le Bail	f253e11009	Add a sanity check on packet header length The packet length must be <= MAXIMUM_SNAPLEN. Currently, there is no D-Bus printer, thus no need for a bigger length. Now a pachet is valid if: capture length != 0, packet length != 0, capture length <= MAXIMUM_SNAPLEN, packet length <= MAXIMUM_SNAPLEN, packet length >= capture length. Moreover: Fix the packet header lengths of some fuzzed pcap files: If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN. Thus they will be always usable with this new sanity check.	2018-02-07 18:48:49 +01:00
David Cronin	c8544a787c	tok2str-oobr-1: fixed issue where test reading a withdrawn routes of length 1 byte and then would truncate the content as 1 byte is not enough room for the prefix. Now the code will skip the withdrawn routes entirely if it is less then two bytes, which is the minimum needed. The code will no longer print 'Withdrawn Routes: 1 bytes', I feel this no longer makes sense. bgp_mvpn_6_and_7 && bgp_pmsi_tunnel-oobr && bgp_vpn_rt-oobr: All contained illegal prefix lengths in the withdrawn routes section, ie > than 32 for ipv4, so I modified the .pcap files to have legal prefixs so that the BGP wasn't truncated and updated the withdrawn routes in the test.out	2017-11-12 13:01:56 +00:00
Denis Ovsienko	d10a0f980f	CVE-2017-13046/BGP: fix an existing bounds check for PMSI Tunnel This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s).	2017-09-13 12:25:44 +01:00

Author

SHA1

Message

Date

Francois-Xavier Le Bail

f253e11009

Add a sanity check on packet header length

The packet length must be <= MAXIMUM_SNAPLEN.

Currently, there is no D-Bus printer, thus no need for a bigger length.

Now a pachet is valid if:
capture length != 0,
packet length != 0,
capture length <= MAXIMUM_SNAPLEN,
packet length <= MAXIMUM_SNAPLEN,
packet length >= capture length.

Moreover:
Fix the packet header lengths of some fuzzed pcap files:
If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN.
Thus they will be always usable with this new sanity check.

2018-02-07 18:48:49 +01:00

David Cronin

c8544a787c

tok2str-oobr-1: fixed issue where test reading a withdrawn routes of length 1 byte and then would truncate the content as 1 byte is not enough room for the prefix. Now the code will skip the withdrawn routes entirely if it is less then two bytes, which is the minimum needed. The code will no longer print 'Withdrawn Routes: 1 bytes', I feel this no longer makes sense.

bgp_mvpn_6_and_7 && bgp_pmsi_tunnel-oobr && bgp_vpn_rt-oobr: All contained illegal prefix lengths in the withdrawn routes section, ie > than 32 for ipv4, so I modified the .pcap files to have legal prefixs so that the BGP wasn't truncated and updated the withdrawn routes in the test.out

2017-11-12 13:01:56 +00:00

Denis Ovsienko

d10a0f980f

CVE-2017-13046/BGP: fix an existing bounds check for PMSI Tunnel

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).

2017-09-13 12:25:44 +01:00

3 Commits