Skip to content

Commit 50a44b6

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-12991/BGP: Add missing bounds check.
This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s).
1 parent 99798bd commit 50a44b6

File tree

4 files changed

+99696
-0
lines changed

4 files changed

+99696
-0
lines changed

Diff for: print-bgp.c

+1
Original file line numberDiff line numberDiff line change
@@ -1406,6 +1406,7 @@ bgp_attr_print(netdissect_options *ndo,
14061406
ND_TCHECK(tptr[0]);
14071407
ND_PRINT((ndo, "%s", tok2str(bgp_as_path_segment_open_values,
14081408
"?", tptr[0])));
1409+
ND_TCHECK(tptr[1]);
14091410
for (i = 0; i < tptr[1] * as_size; i += as_size) {
14101411
ND_TCHECK2(tptr[2 + i], as_size);
14111412
ND_PRINT((ndo, "%s ",

Diff for: tests/TESTLIST

+1
Original file line numberDiff line numberDiff line change
@@ -464,6 +464,7 @@ tok2str-oobr-1 tok2str-oobr-1.pcap tok2str-oobr-1.out -vvv -e
464464
tok2str-oobr-2 tok2str-oobr-2.pcap tok2str-oobr-2.out -vvv -e
465465
eigrp-tlv-oobr eigrp-tlv-oobr.pcap eigrp-tlv-oobr.out -vvv -e
466466
zephyr-oobr zephyr-oobr.pcap zephyr-oobr.out -vvv -e
467+
bgp-as-path-oobr bgp-as-path-oobr.pcap bgp-as-path-oobr.out -vvv -e
467468

468469
# RTP tests
469470
# fuzzed pcap

0 commit comments

Comments
 (0)