Skip to content
Permalink
Browse files

CVE-2017-13004/Juniper: Add a bounds check.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add tests using the capture files supplied by the reporter(s).
  • Loading branch information...
guyharris authored and infrastation committed Feb 21, 2017
1 parent a252119 commit 42073d54c53a496be40ae84152bbfe2c923ac7bc
@@ -1367,6 +1367,7 @@ juniper_parse_header(netdissect_options *ndo,
if (ndo->ndo_eflag) ND_PRINT((ndo, ": ")); /* print demarc b/w L2/L3*/


ND_TCHECK_16BITS(p+l2info->cookie_len);
l2info->proto = EXTRACT_16BITS(p+l2info->cookie_len);
break;
}
@@ -493,6 +493,8 @@ pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e
802_15_4_beacon 802_15_4_beacon.pcap 802_15_4_beacon.out -vvv -e
lmpv1_busyloop lmpv1_busyloop.pcap lmpv1_busyloop.out -vvv -e
juniper_atm1 juniper_atm1.pcap juniper_atm1.out -vvv -e
juniper_es juniper_es.pcap juniper_es.out -vvv -e

# RTP tests
# fuzzed pcap
@@ -0,0 +1,2 @@
Out
Juniper PCAP Flags [none]ATM1-PIC, cookie-len 4, cookie 0x30303030: [|juniper_hdr], length 808464432
BIN +856 Bytes tests/juniper_atm1.pcap
Binary file not shown.
@@ -0,0 +1,2 @@
Out
Juniper PCAP Flags [none]ES-PIC, cookie-len 0: [|juniper_hdr], length 808464432
BIN +856 Bytes tests/juniper_es.pcap
Binary file not shown.

0 comments on commit 42073d5

Please sign in to comment.
You can’t perform that action at this time.