Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2017-13019: Clean up PGM option processing.
Add #defines for option lengths or the lengths of the fixed-length part of the option. Sometimes those #defines differ from what was there before; what was there before was wrong, probably because the option lengths given in RFC 3208 were sometimes wrong - some lengths included the length of the option header, some lengths didn't. Don't use "sizeof(uintXX_t)" for sizes in the packet, just use the number of bytes directly. For the options that include an IPv4 or IPv6 address, check the option length against the length of what precedes the address before fetching any of that data. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s), modified so the capture file won't be rejected as an invalid capture.
- Loading branch information