mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-12-18 06:14:06 +08:00
b20e1639db
Add bounds checks, do a common check to make sure we captured the entire subTLV, add checks to make sure the subTLV fits within the TLV. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add tests using the capture files supplied by the reporter(s), modified so the capture files won't be rejected as an invalid capture. Update existing tests for changes to IS-IS dissector.
24 lines
864 B
Plaintext
24 lines
864 B
Plaintext
UI 22! IS-IS, length 469869187
|
|
L2 Lan IIH, hlen: 27, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 224 (224)
|
|
source-id: fed0.f90f.58af, holding time: 34047s, Flags: [unknown circuit type 0x00]
|
|
lan-id: 0100.0088.a201.1c, Priority: 65, PDU length: 4096
|
|
unknown TLV #0, length: 12
|
|
0x0000: 0722 0583 1b01 0010 019d e000
|
|
unknown TLV #254, length: 0
|
|
Prefix Neighbors TLV #5, length: 146
|
|
Metric Block, Default Metric: 32, Internal
|
|
Expense Metric: 0, Internal
|
|
Error Metric: 0, Internal
|
|
Address: 88.99ff.ffff.7fb5.0000/76
|
|
Address: isonsap_string: illegal length/948
|
|
Address: 95/8
|
|
Address: 02/8
|
|
Address: 02/8
|
|
Address: 02/8
|
|
Address: 90/8
|
|
Multi-Topology Capability TLV #144, length: 144
|
|
O: 1, RES: 1, MTID(s): 0
|
|
unknown subTLV #107, length: 0
|
|
unknown subTLV #0, length: 208
|
|
[|isis] [|isis]
|