• Juliusz Chroboczek's avatar
    Fix (non-exploitable) buffer-overflow in packet parser. · 8cbc75db
    Juliusz Chroboczek authored
    The check for a TLV going beyond the end of the packet was off by two.
    A malformed packet could possibly cause babeld to read two octets beyond
    the end of the read buffer.
    
    While technically a buffer overflow, this is most probably not
    exploitable, since it is a read-only overflow.  At worst, it would
    cause two octets of garbage to be parsed and treated as valid data.
    8cbc75db
message.c 73.4 KB