Please sign in to comment.
CVE-2017-13002/AODV: Add some missing bounds checks.
In aodv_extension() do a bounds check on the extension header before we look at it. This fixes a buffer over-read discovered by Kamil Frankowicz. Add a test using the capture file supplied by the reporter(s). While we're at it, add the RFC number, and check the validity of the length for the Hello extension.
- Loading branch information...
Showing with 11 additions and 1 deletion.
|@@ -0,0 +1,2 @@|
|IP 220.127.116.11.654 > 18.104.22.168.12336: aodv rrep 12308 prefix 16 hops 48|
|dst 22.214.171.124 dseq 808464432 src 126.96.36.199 808464432 ms [|hello]|