Skip to content
Permalink
Browse files

CVE-2017-11542/PIMv1: Add a bounds check.

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).
  • Loading branch information...
guyharris authored and infrastation committed Feb 7, 2017
1 parent e40c0ca commit bed48062a64fca524156d7684af19f5b4a116fae
Showing with 27 additions and 0 deletions.
  1. +1 −0 print-pim.c
  2. +1 −0 tests/TESTLIST
  3. +25 −0 tests/hoobr_pimv1.out
  4. BIN tests/hoobr_pimv1.pcap
@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,
pimv1_join_prune_print(ndo, &bp[8], len - 8);
break;
}
ND_TCHECK(bp[4]);
if ((bp[4] >> 4) != 1)
ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
return;
@@ -439,6 +439,7 @@ snmp-heapoverflow-2 snmp-heapoverflow-2.pcap snmp-heapoverflow-2.out
isoclns-heapoverflow-2 isoclns-heapoverflow-2.pcap isoclns-heapoverflow-2.out -e -c1
isoclns-heapoverflow-3 isoclns-heapoverflow-3.pcap isoclns-heapoverflow-3.out -e -c1
stp-v4-length-sigsegv stp-v4-length-sigsegv.pcap stp-v4-length-sigsegv.out
hoobr_pimv1 hoobr_pimv1.pcap hoobr_pimv1.out

# RTP tests
# fuzzed pcap
@@ -0,0 +1,25 @@
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
30:30:30:30:30:30 > 30:30:30:30:30:30, ethertype Unknown (0x3030), length 808464432:
0x0000: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
0x0010: 3030 3030 3030 3030 00000000
IP 48.48.48.48 > 48.48.48.48: igmp pimv1 [type 48][|pim]
BIN +3.24 KB tests/hoobr_pimv1.pcap
Binary file not shown.

0 comments on commit bed4806

Please sign in to comment.
You can’t perform that action at this time.