blob: 24849d51876c099edc61a1679de0e2cf11c56402 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
Fix CVE-2017-11542:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
Patch copied from upstream source repository:
https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Tue, 7 Feb 2017 11:10:04 -0800
Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check.
This fixes a buffer over-read discovered by Kamil Frankowicz.
Add a test using the capture file supplied by the reporter(s).
---
print-pim.c | 1 +
tests/TESTLIST | 1 +
tests/hoobr_pimv1.out | 25 +++++++++++++++++++++++++
tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes
4 files changed, 27 insertions(+)
create mode 100644 tests/hoobr_pimv1.out
create mode 100644 tests/hoobr_pimv1.pcap
diff --git a/print-pim.c b/print-pim.c
index 25525953..ed880ae7 100644
--- a/print-pim.c
+++ b/print-pim.c
@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,
pimv1_join_prune_print(ndo, &bp[8], len - 8);
break;
}
+ ND_TCHECK(bp[4]);
if ((bp[4] >> 4) != 1)
ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
return;
|
