diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-03-21 19:40:51 -0700 |
---|---|---|
committer | Denis Ovsienko <denis@ovsienko.info> | 2017-09-13 12:25:44 +0100 |
commit | 11b426ee05eb62ed103218526f1fa616851c43ce (patch) | |
tree | efd518f59d270ff2a9e09874a1915243fe63ce53 /tests/dhcp6_reconf_asan.out | |
parent | c177cb3800a9a68d79b2812f0ffcb9479abd6eb8 (diff) | |
download | tcpdump-11b426ee05eb62ed103218526f1fa616851c43ce.tar.gz |
CVE-2017-13017/DHCPv6: Add a missing option length check.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
Diffstat (limited to 'tests/dhcp6_reconf_asan.out')
-rw-r--r-- | tests/dhcp6_reconf_asan.out | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/dhcp6_reconf_asan.out b/tests/dhcp6_reconf_asan.out new file mode 100644 index 00000000..3f393734 --- /dev/null +++ b/tests/dhcp6_reconf_asan.out @@ -0,0 +1,2 @@ +IP (tos 0x60, ttl 254, id 21519, offset 0, flags [+, DF, rsvd], proto UDP (17), length 768, options (EOL), bad cksum 9615 (->c6f)!) + 251.73.86.150.514 > 126.172.217.192.546: dhcp6 relay-reply (linkaddr=300:10ed:ff:f01:f:0:7f:7f peeraddr=ffb6:3a64::c1:2300:581c:d00 (reconfigure-message ?) (reconfigure-message ?)) |