Skip to content

Commit 979dcef

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-12998/IS-IS: Check for 2 bytes if we're going to fetch 2 bytes.
Probably a copy-and-pasteo. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s).
1 parent 3b32029 commit 979dcef

File tree

4 files changed

+10896
-1
lines changed

4 files changed

+10896
-1
lines changed

Diff for: print-isoclns.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -2038,7 +2038,7 @@ isis_print_extd_ip_reach(netdissect_options *ndo,
20382038
}
20392039
processed++;
20402040
} else if (afi == AF_INET6) {
2041-
if (!ND_TTEST2(*tptr, 1)) /* fetch status & prefix_len byte */
2041+
if (!ND_TTEST2(*tptr, 2)) /* fetch status & prefix_len byte */
20422042
return (0);
20432043
status_byte=*(tptr++);
20442044
bit_length=*(tptr++);

Diff for: tests/TESTLIST

+1
Original file line numberDiff line numberDiff line change
@@ -478,6 +478,7 @@ resp_4_infiniteloop resp_4_infiniteloop.pcap resp_4_infiniteloop.out -vvv -e
478478
dns_fwdptr dns_fwdptr.pcap dns_fwdptr.out -vvv -e
479479
isis-areaaddr-oobr-1 isis-areaaddr-oobr-1.pcap isis-areaaddr-oobr-1.out -vvv -e
480480
isis-areaaddr-oobr-2 isis-areaaddr-oobr-2.pcap isis-areaaddr-oobr-2.out -vvv -e
481+
isis-extd-ipreach-oobr isis-extd-ipreach-oobr.pcap isis-extd-ipreach-oobr.out -vvv -e
481482

482483
# RTP tests
483484
# fuzzed pcap

0 commit comments

Comments
 (0)