Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
CVE-2017-13026/IS-IS: Clean up processing of subTLVs.
Add bounds checks, do a common check to make sure we captured the entire subTLV, add checks to make sure the subTLV fits within the TLV. This fixes a buffer over-read discovered by Bhargava Shastry, SecT/TU Berlin. Add tests using the capture files supplied by the reporter(s), modified so the capture files won't be rejected as an invalid capture. Update existing tests for changes to IS-IS dissector.
- Loading branch information
1 parent
2e1f6d9
commit b20e163
Showing
13 changed files
with
145 additions
and
246 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| UI 22! IS-IS, length 469869187 | ||
| L2 Lan IIH, hlen: 27, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 224 (224) | ||
| source-id: fed0.f90f.58af, holding time: 34047s, Flags: [unknown circuit type 0x00] | ||
| lan-id: 0100.0088.a201.1c, Priority: 65, PDU length: 4096 | ||
| unknown TLV #0, length: 12 | ||
| 0x0000: 0722 0583 1b01 0010 0505 0505 | ||
| Area address(es) TLV #1, length: 157 | ||
| IS Reachability TLV #2, length: 2 | ||
| bogus virtual flag 0x02 | ||
| IS Reachability TLV #2, length: 2 | ||
| bogus virtual flag 0x02 | ||
| IS Reachability TLV #2, length: 2 | ||
| bogus virtual flag 0x90 | ||
| Multi-Topology Capability TLV #144, length: 144 | ||
| O: 1, RES: 1, MTID(s): 144 | ||
| unknown subTLV #144, length: 2 | ||
| unknown subTLV #2, length: 0 | ||
| unknown subTLV #16, length: 1 | ||
| unknown subTLV #224, length: 0 | ||
| unknown subTLV #59, length: 0 | ||
| unknown subTLV #5, length: 166 | ||
| [|isis] [|isis] |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| UI 22! IS-IS, length 469869187 | ||
| L2 Lan IIH, hlen: 27, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 224 (224) | ||
| source-id: fed0.f90f.58af, holding time: 34047s, Flags: [unknown circuit type 0x00] | ||
| lan-id: 0100.0088.a201.1c, Priority: 65, PDU length: 4096 | ||
| unknown TLV #0, length: 12 | ||
| 0x0000: 0722 0583 1b01 0010 019d e000 | ||
| unknown TLV #254, length: 0 | ||
| Prefix Neighbors TLV #5, length: 146 | ||
| Metric Block, Default Metric: 32, Internal | ||
| Expense Metric: 0, Internal | ||
| Error Metric: 0, Internal | ||
| Address: 88.99ff.ffff.7fb5.0000/76 | ||
| Address: isonsap_string: illegal length/948 | ||
| Address: 95/8 | ||
| Address: 02/8 | ||
| Address: 02/8 | ||
| Address: 02/8 | ||
| Address: 90/8 | ||
| Multi-Topology Capability TLV #144, length: 144 | ||
| O: 1, RES: 1, MTID(s): 0 | ||
| unknown subTLV #107, length: 0 | ||
| unknown subTLV #0, length: 208 | ||
| [|isis] [|isis] |
Binary file not shown.
Oops, something went wrong.