Skip to content
Permalink
Browse files Browse the repository at this point in the history
CVE-2017-12999/IS-IS: Add a missing length check.
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add tests using the capture files supplied by the reporter(s).
  • Loading branch information
guyharris authored and infrastation committed Sep 13, 2017
1 parent 777edc5 commit 3b32029
Show file tree
Hide file tree
Showing 6 changed files with 49,916 additions and 0 deletions.
1 change: 1 addition & 0 deletions print-isoclns.c
Expand Up @@ -2532,6 +2532,7 @@ isis_print(netdissect_options *ndo,
ND_TCHECK2(*tptr, 1);
alen = *tptr++;
while (tmp && alen < tmp) {
ND_TCHECK2(*tptr, alen);
ND_PRINT((ndo, "\n\t Area address (length: %u): %s",
alen,
isonsap_string(ndo, tptr, alen)));
Expand Down
2 changes: 2 additions & 0 deletions tests/TESTLIST
Expand Up @@ -476,6 +476,8 @@ isakmp-no-none-np isakmp-no-none-np.pcap isakmp-no-none-np.out -vvv -e
telnet-iac-check-oobr telnet-iac-check-oobr.pcap telnet-iac-check-oobr.out -vvv -e
resp_4_infiniteloop resp_4_infiniteloop.pcap resp_4_infiniteloop.out -vvv -e
dns_fwdptr dns_fwdptr.pcap dns_fwdptr.out -vvv -e
isis-areaaddr-oobr-1 isis-areaaddr-oobr-1.pcap isis-areaaddr-oobr-1.out -vvv -e
isis-areaaddr-oobr-2 isis-areaaddr-oobr-2.pcap isis-areaaddr-oobr-2.out -vvv -e

# RTP tests
# fuzzed pcap
Expand Down

0 comments on commit 3b32029

Please sign in to comment.