tcpdump/lldp-infinite-loop-2.pcap at 6f531302736fa22264dce423234deeb4d5a4fed6

mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-24 02:23:27 +08:00

Guy Harris 34cec721d3 CVE-2017-12997/LLDP: Don't use an 8-bit loop counter.

If you have a

	for (i = 0; i < N; i++)

loop, you'd better make sure that i is big enough to hold N - not N-1,
N.

The TLV length here is 9 bits long, not 8 bits long, so an 8-bit loop
counter will overflow and you can loop infinitely.

This fixes an infinite loop discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add tests using the capture files supplied by the reporter(s).

Clean up the output a bit while we're at it.

2017-09-13 12:25:44 +01:00

2.1 KiB

Raw History

View Raw

2.1 KiB Raw History

2.1 KiB

Raw History