Jon Siwek 392b99b2fa Fix construction of ip6_ah (Authentication Header) record values. ...

Authentication Headers with a Payload Len field set to zero would cause
a crash due to invalid memory allocation because the previous code
assumed Payload Len would always be great enough to contain all
mandatory fields of the header.  This changes it so the length of
the header is explicitly checked before attempting to extract fields
located past the minimum length (8 bytes) of an Authentication Header.

Crashes due to this are only possible when handling script-layer events
ipv6_ext_headers, new_packet, esp_packet, or teredo_*.  Or also when
implementing one of the discarder_check_* family of functions.
Otherwise, Bro correctly parses past such a header.

2012-09-18 16:52:12 -05:00

1.3 KiB

Raw History

View raw