mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-30 21:44:49 +08:00
b20e1639db
Add bounds checks, do a common check to make sure we captured the entire subTLV, add checks to make sure the subTLV fits within the TLV. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add tests using the capture files supplied by the reporter(s), modified so the capture files won't be rejected as an invalid capture. Update existing tests for changes to IS-IS dissector.
111 lines
4.8 KiB
Plaintext
111 lines
4.8 KiB
Plaintext
IS-IS, length 1497
|
|
L1 Lan IIH, hlen: 27, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 3 (0)
|
|
source-id: 3333.3333.3333, holding time: 10s, Flags: [unknown circuit type 0x21]
|
|
lan-id: 3333.5a33.3333.02, Priority: 64, PDU length: 1497
|
|
Multi-Topology Capability TLV #144, length: 1
|
|
O: 1, RES: 4, MTID(s): 3073
|
|
unknown subTLV #4, length: 3
|
|
unknown subTLV #132, length: 4
|
|
unknown subTLV #55, length: 3
|
|
unknown subTLV #6, length: 6
|
|
unknown subTLV #8, length: 191
|
|
unknown subTLV #0, length: 0
|
|
unknown subTLV #0, length: 0
|
|
unknown subTLV #0, length: 0
|
|
unknown subTLV #0, length: 0
|
|
unknown subTLV #0, length: 0
|
|
unknown subTLV #0, length: 37
|
|
[|isis]
|
|
Area address(es) TLV #1, length: 4
|
|
Area address (length: 3): 49.000a
|
|
IPv4 Interface address(es) TLV #132, length: 4
|
|
IPv4 interface address: 10.0.10.0
|
|
unknown TLV #55, length: 3
|
|
0x0000: 0000 00
|
|
IS Neighbor(s) TLV #6, length: 6
|
|
SNPA: c201.2998.cc53
|
|
Padding TLV #8, length: 191
|
|
unknown TLV #0, length: 0
|
|
unknown TLV #0, length: 0
|
|
unknown TLV #0, length: 0
|
|
unknown TLV #0, length: 0
|
|
unknown TLV #0, length: 0
|
|
unknown TLV #0, length: 37
|
|
0x0000: 0000 0000 0000 0025 0000 0000 0000 0000
|
|
0x0010: 0000 0002 0000 0000 0000 0000 0000 0000
|
|
0x0020: 0000 7300 1e
|
|
unknown TLV #0, length: 0
|
|
unknown TLV #0, length: 170
|
|
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x00a0: aaaa aaaa aaaa aaaa aaaa
|
|
unknown TLV #170, length: 170
|
|
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x00a0: aaaa aaaa aaaa aaaa aaaa
|
|
unknown TLV #170, length: 170
|
|
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x00a0: aaaa aaaa aaaa aaaa aaaa
|
|
unknown TLV #170, length: 170
|
|
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x00a0: aaaa aaaa aaaa aaaa aaaa
|
|
unknown TLV #170, length: 170
|
|
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x00a0: aaaa aaaa aaaa aaaa aaaa
|
|
unknown TLV #170, length: 170
|
|
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
|
|
0x00a0: aaaa aaaa aaaa aaaa aaaa
|
|
unknown TLV #170, length: 170 [|isis]
|