tcpdump/tests/radius_attr_asan.out
Guy Harris 1bc78d795c CVE-2017-13032/RADIUS: Check whether a byte exists before testing its value.
Reverse the test in a for loop to test the length before testing whether
we have a null byte.

This fixes a buffer over-read discovered by Bhargava Shastry.

Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.

Clean up other length tests while we're at it.
2017-09-13 12:25:44 +01:00

10 lines
687 B
Plaintext

IP (tos 0x64, ttl 249, id 40192, offset 0, flags [+, DF, rsvd], proto UDP (17), length 299, options (unknown 235 [bad length 252]), bad cksum 8000 (->1faa)!)
0.0.86.32.258 > 0.2.250.99.3799: RADIUS, length: 263
Unknown Command (58), id: 0x6a, Authenticator: 0901020ed7ff03edb63a0f00cb0f00cb
NAS-Port Attribute (5), length: 5, Value: ERROR: length 3 != 4
Unknown Attribute (127), length: 4, Value:
NAS-IP-Address Attribute (4), length: 4, Value: ERROR: length 2 != 4
NAS-IP-Address Attribute (4), length: 4, Value: ERROR: length 2 != 4
NAS-IP-Address Attribute (4), length: 4, Value: ERROR: length 2 != 4
Callback-Id Attribute (20), length: 4, Value: .. [|radius]