Skip to content
Permalink
Browse files Browse the repository at this point in the history
CVE-2017-13000/IEEE 802.15.4: Fix bug introduced two fixes prior.
We've already advanced the pointer past the PAN ID, if present; it now
points to the address, so don't add 2 to it.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
  • Loading branch information
guyharris authored and infrastation committed Sep 13, 2017
1 parent a7e5f58 commit 8512734
Show file tree
Hide file tree
Showing 4 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion print-802_15_4.c
Expand Up @@ -122,7 +122,7 @@ ieee802_15_4_if_print(netdissect_options *ndo,
return hdrlen;
}
if (ndo->ndo_vflag)
ND_PRINT((ndo,"%04x:%04x ", panid, EXTRACT_LE_16BITS(p + 2)));
ND_PRINT((ndo,"%04x:%04x ", panid, EXTRACT_LE_16BITS(p)));
p += 2;
caplen -= 2;
hdrlen += 2;
Expand Down
1 change: 1 addition & 0 deletions tests/802_15_4_beacon.out
@@ -0,0 +1 @@
IEEE 802.15.4 Beacon packet seq cd ffab:cdff < [|802.15.4]
Binary file added tests/802_15_4_beacon.pcap
Binary file not shown.
1 change: 1 addition & 0 deletions tests/TESTLIST
Expand Up @@ -489,6 +489,7 @@ pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
802_15_4-oobr-1 802_15_4-oobr-1.pcap 802_15_4-oobr-1.out -vvv -e
802_15_4-oobr-2 802_15_4-oobr-2.pcap 802_15_4-oobr-2.out -vvv -e
802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e
802_15_4_beacon 802_15_4_beacon.pcap 802_15_4_beacon.out -vvv -e

# RTP tests
# fuzzed pcap
Expand Down

0 comments on commit 8512734

Please sign in to comment.