tcpdump/tests/isis-seg-fault-2-v.out
Guy Harris b20e1639db CVE-2017-13026/IS-IS: Clean up processing of subTLVs.
Add bounds checks, do a common check to make sure we captured the entire
subTLV, add checks to make sure the subTLV fits within the TLV.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add tests using the capture files supplied by the reporter(s), modified
so the capture files won't be rejected as an invalid capture.

Update existing tests for changes to IS-IS dissector.
2017-09-13 12:25:44 +01:00

111 lines
4.8 KiB
Plaintext

IS-IS, length 1497
L1 Lan IIH, hlen: 27, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 3 (0)
source-id: 3333.3333.3333, holding time: 10s, Flags: [unknown circuit type 0x21]
lan-id: 3333.5a33.3333.02, Priority: 64, PDU length: 1497
Multi-Topology Capability TLV #144, length: 1
O: 1, RES: 4, MTID(s): 3073
unknown subTLV #4, length: 3
unknown subTLV #132, length: 4
unknown subTLV #55, length: 3
unknown subTLV #6, length: 6
unknown subTLV #8, length: 191
unknown subTLV #0, length: 0
unknown subTLV #0, length: 0
unknown subTLV #0, length: 0
unknown subTLV #0, length: 0
unknown subTLV #0, length: 0
unknown subTLV #0, length: 37
[|isis]
Area address(es) TLV #1, length: 4
Area address (length: 3): 49.000a
IPv4 Interface address(es) TLV #132, length: 4
IPv4 interface address: 10.0.10.0
unknown TLV #55, length: 3
0x0000: 0000 00
IS Neighbor(s) TLV #6, length: 6
SNPA: c201.2998.cc53
Padding TLV #8, length: 191
unknown TLV #0, length: 0
unknown TLV #0, length: 0
unknown TLV #0, length: 0
unknown TLV #0, length: 0
unknown TLV #0, length: 0
unknown TLV #0, length: 37
0x0000: 0000 0000 0000 0025 0000 0000 0000 0000
0x0010: 0000 0002 0000 0000 0000 0000 0000 0000
0x0020: 0000 7300 1e
unknown TLV #0, length: 0
unknown TLV #0, length: 170
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x00a0: aaaa aaaa aaaa aaaa aaaa
unknown TLV #170, length: 170
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x00a0: aaaa aaaa aaaa aaaa aaaa
unknown TLV #170, length: 170
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x00a0: aaaa aaaa aaaa aaaa aaaa
unknown TLV #170, length: 170
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x00a0: aaaa aaaa aaaa aaaa aaaa
unknown TLV #170, length: 170
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x00a0: aaaa aaaa aaaa aaaa aaaa
unknown TLV #170, length: 170
0x0000: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0010: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0020: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0030: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0040: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0050: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0060: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0070: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0080: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x0090: aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
0x00a0: aaaa aaaa aaaa aaaa aaaa
unknown TLV #170, length: 170 [|isis]