mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-24 10:33:28 +08:00
ae83295915
This fixes a buffer over-read discovered by Bhargava Shastry. Add a test using the capture file supplied by the reporter(s), modified so the capture file won't be rejected as an invalid capture. Update another VTP test's .out file for this change. Don't treate a TLV type or length of 0 as invalid; a type of 0 should just be reported as illegal if that type isn't used, and the length is the length of the *value*, not the length of the entire TLV, so if it's zero there won't be an infinite loop. (It's still not *legal*, as the values of all the TLVs we handle are 1 16-bit word long; we added a check for that.) Update some comments while we're at it, to give a new URL for one Cisco page and a non-Cisco URL for another former Cisco page (Cisco's UniverCD pages don't seem to be available any more, and Cisco's robots.txt file didn't allow the Wayback Machine to archive it).
3 lines
169 B
Plaintext
3 lines
169 B
Plaintext
FRF.16 Frag, seq 193, Flags [Begin, End], UI 08! VTPv69, Message Subset advertisement (0x02), length 2126400013
|
|
Domain name: , Seq number: 0, Config Rev fb499603[|vtp]
|