Skip to content

Commit 8512734

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13000/IEEE 802.15.4: Fix bug introduced two fixes prior.
We've already advanced the pointer past the PAN ID, if present; it now points to the address, so don't add 2 to it. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s).
1 parent a7e5f58 commit 8512734

File tree

4 files changed

+3
-1
lines changed

4 files changed

+3
-1
lines changed

Diff for: print-802_15_4.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ ieee802_15_4_if_print(netdissect_options *ndo,
122122
return hdrlen;
123123
}
124124
if (ndo->ndo_vflag)
125-
ND_PRINT((ndo,"%04x:%04x ", panid, EXTRACT_LE_16BITS(p + 2)));
125+
ND_PRINT((ndo,"%04x:%04x ", panid, EXTRACT_LE_16BITS(p)));
126126
p += 2;
127127
caplen -= 2;
128128
hdrlen += 2;

Diff for: tests/802_15_4_beacon.out

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
IEEE 802.15.4 Beacon packet seq cd ffab:cdff < [|802.15.4]

Diff for: tests/802_15_4_beacon.pcap

79 Bytes
Binary file not shown.

Diff for: tests/TESTLIST

+1
Original file line numberDiff line numberDiff line change
@@ -489,6 +489,7 @@ pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
489489
802_15_4-oobr-1 802_15_4-oobr-1.pcap 802_15_4-oobr-1.out -vvv -e
490490
802_15_4-oobr-2 802_15_4-oobr-2.pcap 802_15_4-oobr-2.out -vvv -e
491491
802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e
492+
802_15_4_beacon 802_15_4_beacon.pcap 802_15_4_beacon.out -vvv -e
492493

493494
# RTP tests
494495
# fuzzed pcap

0 commit comments

Comments
 (0)