Skip to content

Commit

Permalink
CVE-2017-12991/BGP: Add missing bounds check.
Browse files Browse the repository at this point in the history 
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
  • Loading branch information
@guyharris @infrastation
guyharris authored and infrastation committed Sep 13, 2017
1 parent 99798bd commit 50a44b6
Show file tree
Hide file tree
Showing 4 changed files with 99,696 additions and 0 deletions.
1 change: 1 addition & 0 deletions print-bgp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1406,6 +1406,7 @@ bgp_attr_print(netdissect_options *ndo,
ND_TCHECK(tptr[0]);
ND_PRINT((ndo, "%s", tok2str(bgp_as_path_segment_open_values,
"?", tptr[0])));
ND_TCHECK(tptr[1]);
for (i = 0; i < tptr[1] * as_size; i += as_size) {
ND_TCHECK2(tptr[2 + i], as_size);
ND_PRINT((ndo, "%s ",
Expand Down
1 change: 1 addition & 0 deletions tests/TESTLIST
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,7 @@ tok2str-oobr-1 tok2str-oobr-1.pcap tok2str-oobr-1.out -vvv -e
tok2str-oobr-2 tok2str-oobr-2.pcap tok2str-oobr-2.out -vvv -e
eigrp-tlv-oobr eigrp-tlv-oobr.pcap eigrp-tlv-oobr.out -vvv -e
zephyr-oobr zephyr-oobr.pcap zephyr-oobr.out -vvv -e
bgp-as-path-oobr bgp-as-path-oobr.pcap bgp-as-path-oobr.out -vvv -e

# RTP tests
# fuzzed pcap
Expand Down
Loading

0 comments on commit 50a44b6

Please sign in to comment.