Skip to content

Commit f4b9e24

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13041/ICMP6: Add more bounds checks.
This fixes a buffer over-read discovered by Kim Gwan Yeong. Add a test using the capture file supplied by the reporter(s).
1 parent 4c3aee4 commit f4b9e24

File tree

4 files changed

+4
-0
lines changed

4 files changed

+4
-0
lines changed

Diff for: print-icmp6.c

+2
Original file line numberDiff line numberDiff line change
@@ -1699,6 +1699,7 @@ icmp6_nodeinfo_print(netdissect_options *ndo, u_int icmp6len, const u_char *bp,
16991699

17001700
needcomma = 0;
17011701

1702+
ND_TCHECK2(*dp, sizeof(*ni6));
17021703
ni6 = (const struct icmp6_nodeinfo *)dp;
17031704
ND_PRINT((ndo," node information reply"));
17041705
ND_PRINT((ndo," (")); /*)*/
@@ -1753,6 +1754,7 @@ icmp6_nodeinfo_print(netdissect_options *ndo, u_int icmp6len, const u_char *bp,
17531754
ND_PRINT((ndo,", "));
17541755
ND_PRINT((ndo,"DNS name"));
17551756
cp = (const u_char *)(ni6 + 1) + 4;
1757+
ND_TCHECK(cp[0]);
17561758
if (cp[0] == ep - cp - 1) {
17571759
/* icmp-name-lookup-03, pascal string */
17581760
if (ndo->ndo_vflag)

Diff for: tests/TESTLIST

+1
Original file line numberDiff line numberDiff line change
@@ -560,6 +560,7 @@ mlppp-oobr mlppp-oobr.pcap mlppp-oobr.out
560560

561561
# bad packets from Kim Gwan Yeong
562562
mptcp-dss-oobr mptcp-dss-oobr.pcap mptcp-dss-oobr.out -v
563+
icmp6_nodeinfo_oobr icmp6_nodeinfo_oobr.pcap icmp6_nodeinfo_oobr.out
563564

564565
# RTP tests
565566
# fuzzed pcap

Diff for: tests/icmp6_nodeinfo_oobr.out

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
IP6 a072:7f00:1:7f00:1:e01a:17:6785 > c903::a002:8018:fe30:0:204: ICMP6, who-are-you reply[|icmp6], length 4

Diff for: tests/icmp6_nodeinfo_oobr.pcap

114 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)