Skip to content
Permalink
Browse files

CVE-2017-13000/IEEE 802.15.4: Fix bug introduced by previous fix.

We've already advanced the pointer past the PAN ID, if present; it now
points to the address, so don't add 2 to it.

This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.

Add a test using the capture file supplied by the reporter(s).
  • Loading branch information...
guyharris authored and infrastation committed Feb 21, 2017
1 parent 9be4e0b commit a7e5f58f402e6919ec444a57946bade7dfd6b184
Showing with 3 additions and 1 deletion.
  1. +1 −1 print-802_15_4.c
  2. +1 −0 tests/802_15_4-data.out
  3. BIN tests/802_15_4-data.pcap
  4. +1 −0 tests/TESTLIST
@@ -141,7 +141,7 @@ ieee802_15_4_if_print(netdissect_options *ndo,
return hdrlen;
}
if (ndo->ndo_vflag)
ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p + 2)));
ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p)));
p += 8;
caplen -= 8;
hdrlen += 8;
@@ -0,0 +1 @@
IEEE 802.15.4 Data packet seq 01 ab4d:10:05:00:81:00:01:00:01 < [|802.15.4]
BIN +78 Bytes tests/802_15_4-data.pcap
Binary file not shown.
@@ -488,6 +488,7 @@ pimv2-oobr-3 pimv2-oobr-3.pcap pimv2-oobr-3.out -vvv -e
pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
802_15_4-oobr-1 802_15_4-oobr-1.pcap 802_15_4-oobr-1.out -vvv -e
802_15_4-oobr-2 802_15_4-oobr-2.pcap 802_15_4-oobr-2.out -vvv -e
802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e

# RTP tests
# fuzzed pcap

0 comments on commit a7e5f58

Please sign in to comment.
You can’t perform that action at this time.