Please sign in to comment.
CVE-2017-13009/IPv6 mobility: Add a bounds check.
This fixes a buffer over-read discovered by Brian 'geeknik' Carpenter. Add a test using the capture file supplied by the reporter(s). While we're at it: Add a comment giving the RFC for IPv6 mobility headers. Clean up some bounds checks to make it clearer what they're checking, by matching the subsequent EXTRACT_ calls or memcpy. For the binding update, if none of the flag bits are set, don't check the individual flag bits.
- Loading branch information...
Showing with 22 additions and 17 deletions.
|@@ -0,0 +1 @@|
|IP6 3030:3030:3030:3030:3030:3030:3030:3030 > 3030:3030:3030:3030:3030:3030:3030:3030: mobility: BA status=48[|MOBILITY]|