Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify DIO prefix info lengths in RPL-Classic #1589

Merged
merged 1 commit into from Jun 4, 2021

Conversation

nvt
Copy link
Member

@nvt nvt commented Jun 4, 2021

By sending a DIO with a too large length in the prefix info option, it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. In this PR, we insert a validation check that discards the DIO if this value is too large.

@nvt nvt force-pushed the rpl-prefix-info-len branch 2 times, most recently from c4810fa to 4fffab0 Compare June 4, 2021 15:34
@joakimeriksson joakimeriksson merged commit 7c2d686 into contiki-ng:develop Jun 4, 2021
17 checks passed
@sei-vsarvepalli
Copy link

Hello @joakimeriksson and @nvt

Thank you for a critical update and release.

Are these in any way related to the bugs reported by Forescout?
https://www.kb.cert.org/vuls/id/815128

Were there any CVE's to identify the vulnerabilities so they can be tracked?

Thanks
Vijay
CERT/CC

@joakimeriksson
Copy link
Member

Yes, some of the fixes in the release do fix some of the reported bugs. We have started to publish some of the CVEs here in our repo also. Take a look at the security section.

@nvt nvt deleted the rpl-prefix-info-len branch May 3, 2022 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants