Skip to content
Permalink
Browse files Browse the repository at this point in the history
CVE-2017-13006/L2TP: Check whether an AVP's content exceeds the AVP l…
…ength.

It's not good enough to check whether all the data specified by the AVP
length was captured - you also have to check whether that length is
large enough for all the required data in the AVP.

This fixes a buffer over-read discovered by Yannick Formaggio.

Add a test using the capture file supplied by the reporter(s).
  • Loading branch information
guyharris authored and infrastation committed Sep 13, 2017
1 parent 4e430c6 commit cc4a739
Show file tree
Hide file tree
Showing 4 changed files with 219 additions and 46 deletions.

0 comments on commit cc4a739

Please sign in to comment.