Please sign in to comment.
CVE-2017-13029/PPP: Fix a bounds check, and clean up other bounds che…
…cks. For configuration protocol options, use ND_TCHECK() and ND_TCHECK_nBITS() macros, passing them the appropriate pointer argument. This fixes one case where the ND_TCHECK2() call they replace was not checking enough bytes. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s), modified so the capture file won't be rejected as an invalid capture.
- Loading branch information...
Showing with 17 additions and 13 deletions.
|@@ -0,0 +1,3 @@|
|: CCP, Conf-Request (0x01), id 223, length 125685|
|encoded length 15 (=Option(s) length 11)|
|MVRCA Option (0x18), length 5[|ccp]|
BIN +63 Bytes tests/ppp_ccp_config_deflate_option_asan.pcap
Binary file not shown.