Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(for 4.9.3) CVE-2018-14880/OSPFv3: Fix a bounds check
Need to test bounds check for the last field of the structure lsa6_hdr. No need to test other fields. Include Security working under the Mozilla SOS program had independently identified this vulnerability in 2018 by means of code audit. Wang Junjie of 360 ESG Codesafe Team had independently identified this vulnerability in 2018 by means of fuzzing and provided the packet capture file for the test.
- Loading branch information
Showing
4 changed files
with
63 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 36) fe80::1 > ff02::5: OSPFv3, Hello, length 36 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router] | ||
Hello Timer 10s, Dead Timer 40s, Interface-ID 0.0.0.5, Priority 1 | ||
Neighbor List: | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 36) fe80::1 > ff02::5: OSPFv3, Hello, length 36 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router] | ||
Hello Timer 10s, Dead Timer 40s, Interface-ID 0.0.0.5, Priority 1 | ||
Neighbor List: | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 36) fe80::1 > ff02::5: OSPFv3, Hello, length 36 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router] | ||
Hello Timer 10s, Dead Timer 40s, Interface-ID 0.0.0.5, Priority 1 | ||
Neighbor List: | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 36) fe80::1 > ff02::5: OSPFv3, Hello, length 36 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router] | ||
Hello Timer 10s, Dead Timer 40s, Interface-ID 0.0.0.5, Priority 1 | ||
Neighbor List: | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 36) fe80::2 > ff02::5: OSPFv3, Hello, length 36 | ||
Router-ID 2.2.2.2, Area 0.0.0.1 | ||
Options [V6, External, Router] | ||
Hello Timer 10s, Dead Timer 40s, Interface-ID 0.0.0.5, Priority 1 | ||
Neighbor List: | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 40) fe80::1 > ff02::5: OSPFv3, Hello, length 40 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router] | ||
Hello Timer 10s, Dead Timer 40s, Interface-ID 0.0.0.5, Priority 1 | ||
Designated Router 1.1.1.1 | ||
Neighbor List: [|ospf3] | ||
IP6 (class 0xe0, flowlabel 0x00100, hlim 1, next-header OSPF (89) payload length: 28) fe80::2 > fe80::1: OSPFv3, Database Description, length 28 | ||
Router-ID 2.2.2.2, Area 0.0.0.1 | ||
Options [V6, External, Router], DD Flags [Init, More, Master], MTU 1500, DD-Sequence 0x00001d46 | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 28) fe80::1 > fe80::2: OSPFv3, Database Description, length 28 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router], DD Flags [Init, More, Master], MTU 1500, DD-Sequence 0x0000242c | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 168) fe80::1 > fe80::2: OSPFv3, Database Description, length 168 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router], DD Flags [More], MTU 1500, DD-Sequence 0x00001d46 [|ospf3] | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 148) fe80::2 > fe80::1: OSPFv3, Database Description, length 148 | ||
Router-ID 2.2.2.2, Area 0.0.0.1 | ||
Options [V6, External, Router], DD Flags [More, Master], MTU 1500, DD-Sequence 0x00001d47 [|ospf3] | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 28) fe80::1 > fe80::2: OSPFv3, Database Description, length 28 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Options [V6, External, Router], DD Flags [none], MTU 1500, DD-Sequence 0x00001d47 | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 100) fe80::2 > fe80::1: OSPFv3, LS-Request, length 100 | ||
Router-ID 2.2.2.2, Area 0.0.0.1 | ||
Advertising Router 1.1.1.1 | ||
Router LSA (1), Area Local Scope, LSA-ID 0.0.0.0 [|ospf3] | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 88) fe80::1 > fe80::2: OSPFv3, LS-Request, length 88 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 | ||
Advertising Router 2.2.2.2 | ||
Router LSA (1), Area Local Scope, LSA-ID 0.0.0.0 [|ospf3] | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 28) fe80::2 > fe80::1: OSPFv3, Database Description, length 28 | ||
Router-ID 2.2.2.2, Area 0.0.0.1 | ||
Options [V6, External, Router], DD Flags [Master], MTU 1500, DD-Sequence 0x00001d48 | ||
IP6 (class 0xe0, hlim 1, next-header OSPF (89) payload length: 288) fe80::1 > fe80:0:ff:ffff:f000::2: OSPFv3, LS-Update, length 288 | ||
Router-ID 1.1.1.1, Area 0.0.0.1 [|ospf3] |
Binary file not shown.