mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-28 04:25:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
39582c04cc
tcpdump/tests/hncp_dhcpv6data-oobr.out
Denis Ovsienko 39582c04cc CVE-2017-13042/HNCP: add DHCPv6-Data bounds checks 
hncp_print_rec() validates each HNCP TLV to be within the declared as
well as the on-the-wire packet space. However, dhcpv6_print() in the same
file didn't do the same for the DHCPv6 options within the HNCP
DHCPv6-Data TLV value, which could cause an out-of-bounds read when
decoding an invalid packet. Add missing checks to dhcpv6_print().

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
2017-09-13 12:25:44 +01:00

8 lines
284 B
Plaintext
Raw Blame History

IP6 (flowlabel 0x01cc3, hlim 234, next-header UDP (17) payload length: 11025) 400::e4ff:ffff:adf9:8900:0.1646 > 62:9de3:ff47:ebec:8206:ff00:ad:ff00.8231: hncp (11017)
Future use: type=16384 (5)
DHCPv6-Data (25)
Unknown (4)
Unknown (4)
SNTP-servers (61956) (invalid)
[|hncp]
Reference in New Issue View Git Blame Copy Permalink