Skip to content

Commit 42073d5

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13004/Juniper: Add a bounds check.
This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add tests using the capture files supplied by the reporter(s).
1 parent a252119 commit 42073d5

File tree

6 files changed

+7
-0
lines changed

6 files changed

+7
-0
lines changed

Diff for: print-juniper.c

+1
Original file line numberDiff line numberDiff line change
@@ -1367,6 +1367,7 @@ juniper_parse_header(netdissect_options *ndo,
13671367
if (ndo->ndo_eflag) ND_PRINT((ndo, ": ")); /* print demarc b/w L2/L3*/
13681368

13691369

1370+
ND_TCHECK_16BITS(p+l2info->cookie_len);
13701371
l2info->proto = EXTRACT_16BITS(p+l2info->cookie_len);
13711372
break;
13721373
}

Diff for: tests/TESTLIST

+2
Original file line numberDiff line numberDiff line change
@@ -493,6 +493,8 @@ pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
493493
802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e
494494
802_15_4_beacon 802_15_4_beacon.pcap 802_15_4_beacon.out -vvv -e
495495
lmpv1_busyloop lmpv1_busyloop.pcap lmpv1_busyloop.out -vvv -e
496+
juniper_atm1 juniper_atm1.pcap juniper_atm1.out -vvv -e
497+
juniper_es juniper_es.pcap juniper_es.out -vvv -e
496498

497499
# RTP tests
498500
# fuzzed pcap

Diff for: tests/juniper_atm1.out

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Out
2+
Juniper PCAP Flags [none]ATM1-PIC, cookie-len 4, cookie 0x30303030: [|juniper_hdr], length 808464432

Diff for: tests/juniper_atm1.pcap

856 Bytes
Binary file not shown.

Diff for: tests/juniper_es.out

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Out
2+
Juniper PCAP Flags [none]ES-PIC, cookie-len 0: [|juniper_hdr], length 808464432

Diff for: tests/juniper_es.pcap

856 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)