]> git.puffer.fish Git - matthieu/frr.git/commit
projects / matthieu / frr.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7a4429d) | patch
nhrpd: offset value not checked for min size
authorQuentin Young <qlyoung@cumulusnetworks.com>
Thu, 26 Dec 2019 11:58:02 +0000 (06:58 -0500)
committerQuentin Young <qlyoung@cumulusnetworks.com>
Tue, 14 Jan 2020 23:42:12 +0000 (18:42 -0500)
commita7051a1825576a24c85556b623d63851c4b5ebf2
treec58aa9d8df83b321eec54ff7bec11582395a41cetree | snapshot
parent7a4429d1f1fb4d63f1a87232b1bc193178cfbc23commit | diff
nhrpd: offset value not checked for min size

If the extension offset points to a location within the packet header,
we end up with an integer underflow leading to heap buffer read
overflow.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
nhrpd/nhrp_peer.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.