Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
CVE-2017-13050/RPKI-Router: fix a few bugs
The decoder didn't properly check that the PDU length stored in the PDU header is correct. The only check in place was in rpki_rtr_print() and it tested whether the length is zero but that is not sufficient. Make all necessary length and bounds checks, both generic and type-specific, in rpki_rtr_pdu_print() and reduce rpki_rtr_print() to a simple loop. This also fixes a minor bug and PDU type 0 (Serial Notify from RFC 6810 Section 5.2) is valid again. In rpki_rtr_pdu_print() any protocol version was considered version 0, fix it to skip the rest of input if the PDU protocol version is unknown. Ibid, the PDU type 10 (Error Report from RFC 6810 Section 5.10) case block didn't consider the "Length of Error Text" data element mandatory, put it right. Ibid, when printing an encapsulated PDU, give itself (via recursion) respective buffer length to make it possible to tell whether the encapsulated PDU fits. Do not recurse deeper than 2nd level. Update prior RPKI-Router test cases that now stop to decode earlier because of the stricter checks. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add a test using the capture file supplied by the reporter(s).
- Loading branch information
1 parent
289c672
commit 83c64fc
Showing
10 changed files
with
118 additions
and
161 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.