Browse files

CVE-2017-12999/IS-IS: Add a missing length check.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add tests using the capture files supplied by the reporter(s).
  • Loading branch information...
guyharris authored and infrastation committed Feb 13, 2017
1 parent 777edc5 commit 3b32029db354cbc875127869d9b12a9addc75b50
@@ -2532,6 +2532,7 @@ isis_print(netdissect_options *ndo,
ND_TCHECK2(*tptr, 1);
alen = *tptr++;
while (tmp && alen < tmp) {
ND_TCHECK2(*tptr, alen);
ND_PRINT((ndo, "\n\t Area address (length: %u): %s",
isonsap_string(ndo, tptr, alen)));
@@ -476,6 +476,8 @@ isakmp-no-none-np isakmp-no-none-np.pcap isakmp-no-none-np.out -vvv -e
telnet-iac-check-oobr telnet-iac-check-oobr.pcap telnet-iac-check-oobr.out -vvv -e
resp_4_infiniteloop resp_4_infiniteloop.pcap resp_4_infiniteloop.out -vvv -e
dns_fwdptr dns_fwdptr.pcap dns_fwdptr.out -vvv -e
isis-areaaddr-oobr-1 isis-areaaddr-oobr-1.pcap isis-areaaddr-oobr-1.out -vvv -e
isis-areaaddr-oobr-2 isis-areaaddr-oobr-2.pcap isis-areaaddr-oobr-2.out -vvv -e
# RTP tests
# fuzzed pcap
Oops, something went wrong.

0 comments on commit 3b32029

Please sign in to comment.