Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2017-12895/ICMP: Check the availability of data before checksummi…
…ng it. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add tests using the capture files supplied by the reporter(s).
- Loading branch information
1 parent
730fc35
commit 2b62d1d
Showing
10 changed files
with
42 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Out 00:16:3e:27:78:a2 ethertype IPv4 (0x0800), length 204: truncated-ip - 13723 bytes missing! (tos 0x72,ECT(0), ttl 64, id 9472, offset 0, flags [none], proto ICMP (1), length 13911, bad cksum 67ea (->8c0c)!) | ||
62.220.31.247 > 62.225.245.115: ICMP 62.220.31.247 udp port 1027 unreachable, length 13891 | ||
(tos 0xa0, ttl 114, id 30054, offset 0, flags [none], proto UDP (17), length 13728, bad cksum 3f1f (->a1f)!) | ||
62.225.245.115.9109 > 62.220.31.247.1027: [bad udp cksum 0xdfe7 -> 0xdb95!] UDP, length 132 | ||
MPLS extension v0 packet not supported |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
IP (0x0021), length 244: truncated-ip - 32768 bytes missing! (tos 0x0, ttl 254, id 59168, offset 0, flags [DF], proto ICMP (1), length 33008, bad cksum 7ade (->fabd)!) | ||
10.4.0.34 > 12.4.4.4: ICMP time exceeded in-transit, length 32988 | ||
(tos 0x0, ttl 1, id 42321, offset 0, flags [none], proto UDP (17), length 40) | ||
12.4.4.4.42315 > 12.1.1.1.33440: [bad udp cksum 0x1000 -> 0xbad0!] UDP, length 12 | ||
MPLS extension v2 | ||
Extended Payload Object (2), Class-Type: 14, length 80 | ||
0x0000: 0000 000f 0001 0000 0a0a 0a0a 3f54 6869 | ||
0x0010: 732d 6973 2d74 6865 2d6e 616d 652d 6f66 | ||
0x0020: 2d74 6865 2d49 6e74 6572 6661 6365 2d74 | ||
0x0030: 6861 742d 7765 2d61 7265 2d6c 6f6f 6b69 | ||
0x0040: 6e67 2d66 6f72 2d5b 3a2d 295d[|icmp] |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 337: truncated-ip - 4096 bytes missing! (tos 0x0, ttl 64, id 30662, offset 0, flags [DF], proto ICMP (1), length 4419, bad cksum cdf9 (->bdf9)!) | ||
97.242.24.11 > 97.242.24.11: ICMP 97.242.24.11 udp port 162 unreachable, length 4399 | ||
(tos 0x0, ttl 128, id 30661, offset 0, flags [DF], proto UDP (17), length 295) | ||
97.242.24.11.60377 > 97.242.24.11.162: [udp sum ok] { SNMPv1 C="trap" { Trap(251) .1.3.6.1.4.1.3830.1.1.2.2.1 97.242.24.11 enterpriseSpecific s=52 61498489 .1.3.6.1.4.1.3830.1.1.2.1.1.1=3 .1.3.6.1.4.1.3830.1.1.2.1.1.2=2 .1.3.6.1.4.1.3830.1.1.2.1.1.3="%SMSA-E-POLLERR, Polling the SMSC was not successful." .1.3.6.1.4.1.3830.1.1.2.1.1.4="OPCOM" .1.3.6.1.4.1.3830.1.1.2.1.1.5="28-OCT-2010 20:42:14.67" .1.3.6.1.4.1.3830.1.1.2.1.1.6="SMRL51" } } | ||
MPLS extension v0 packet not supported |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
IP (0x0021), length 172: truncated-ip - 8192 bytes missing! (tos 0xc0, ttl 251, id 5047, offset 0, flags [none], proto ICMP (1), length 8360, bad cksum 7edb (->5edb)!) | ||
10.0.12.2 > 10.0.12.1: ICMP time exceeded in-transit, length 8340 | ||
(tos 0x0, ttl 1, id 2574, offset 0, flags [none], proto UDP (17), length 28) | ||
10.0.12.1.49215 > 10.255.255.4.33435: [udp sum ok] UDP, length 0 | ||
MPLS extension v2 | ||
MPLS Stack Entry Object (1), Class-Type: 1, length 8 | ||
label 16, exp 0, [S], ttl 1[|icmp] |
Binary file not shown.