Guy Harris cbddb98484 CVE-2017-13002/AODV: Add some missing bounds checks. ...

In aodv_extension() do a bounds check on the extension header before we
look at it.

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).

While we're at it, add the RFC number, and check the validity of the
length for the Hello extension.

2017-09-13 12:25:44 +01:00

122 B

Raw History

View Raw