Skip to content

Commit a7e5f58

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13000/IEEE 802.15.4: Fix bug introduced by previous fix.
We've already advanced the pointer past the PAN ID, if present; it now points to the address, so don't add 2 to it. This fixes a buffer over-read discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s).
1 parent 9be4e0b commit a7e5f58

File tree

4 files changed

+3
-1
lines changed

4 files changed

+3
-1
lines changed

Diff for: print-802_15_4.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ ieee802_15_4_if_print(netdissect_options *ndo,
141141
return hdrlen;
142142
}
143143
if (ndo->ndo_vflag)
144-
ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p + 2)));
144+
ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(ndo, p)));
145145
p += 8;
146146
caplen -= 8;
147147
hdrlen += 8;

Diff for: tests/802_15_4-data.out

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
IEEE 802.15.4 Data packet seq 01 ab4d:10:05:00:81:00:01:00:01 < [|802.15.4]

Diff for: tests/802_15_4-data.pcap

78 Bytes
Binary file not shown.

Diff for: tests/TESTLIST

+1
Original file line numberDiff line numberDiff line change
@@ -488,6 +488,7 @@ pimv2-oobr-3 pimv2-oobr-3.pcap pimv2-oobr-3.out -vvv -e
488488
pimv2-oobr-4 pimv2-oobr-4.pcap pimv2-oobr-4.out -vvv -e
489489
802_15_4-oobr-1 802_15_4-oobr-1.pcap 802_15_4-oobr-1.out -vvv -e
490490
802_15_4-oobr-2 802_15_4-oobr-2.pcap 802_15_4-oobr-2.out -vvv -e
491+
802_15_4-data 802_15_4-data.pcap 802_15_4-data.out -vvv -e
491492

492493
# RTP tests
493494
# fuzzed pcap

0 commit comments

Comments
 (0)