Skip to content

Commit 3b32029

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-12999/IS-IS: Add a missing length check.
This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add tests using the capture files supplied by the reporter(s).
1 parent 777edc5 commit 3b32029

6 files changed

+49916
-0
lines changed

Diff for: print-isoclns.c

+1
Original file line numberDiff line numberDiff line change
@@ -2532,6 +2532,7 @@ isis_print(netdissect_options *ndo,
25322532
ND_TCHECK2(*tptr, 1);
25332533
alen = *tptr++;
25342534
while (tmp && alen < tmp) {
2535+
ND_TCHECK2(*tptr, alen);
25352536
ND_PRINT((ndo, "\n\t Area address (length: %u): %s",
25362537
alen,
25372538
isonsap_string(ndo, tptr, alen)));

Diff for: tests/TESTLIST

+2
Original file line numberDiff line numberDiff line change
@@ -476,6 +476,8 @@ isakmp-no-none-np isakmp-no-none-np.pcap isakmp-no-none-np.out -vvv -e
476476
telnet-iac-check-oobr telnet-iac-check-oobr.pcap telnet-iac-check-oobr.out -vvv -e
477477
resp_4_infiniteloop resp_4_infiniteloop.pcap resp_4_infiniteloop.out -vvv -e
478478
dns_fwdptr dns_fwdptr.pcap dns_fwdptr.out -vvv -e
479+
isis-areaaddr-oobr-1 isis-areaaddr-oobr-1.pcap isis-areaaddr-oobr-1.out -vvv -e
480+
isis-areaaddr-oobr-2 isis-areaaddr-oobr-2.pcap isis-areaaddr-oobr-2.out -vvv -e
479481

480482
# RTP tests
481483
# fuzzed pcap

0 commit comments

Comments
 (0)