Skip to content

Commit 4601c68

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13019: Clean up PGM option processing.
Add #defines for option lengths or the lengths of the fixed-length part of the option. Sometimes those #defines differ from what was there before; what was there before was wrong, probably because the option lengths given in RFC 3208 were sometimes wrong - some lengths included the length of the option header, some lengths didn't. Don't use "sizeof(uintXX_t)" for sizes in the packet, just use the number of bytes directly. For the options that include an IPv4 or IPv6 address, check the option length against the length of what precedes the address before fetching any of that data. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s), modified so the capture file won't be rejected as an invalid capture.
1 parent 26a6799 commit 4601c68

File tree

4 files changed

+133
-80
lines changed

4 files changed

+133
-80
lines changed

0 commit comments

Comments
 (0)