Skip to content

Commit

Permalink
proto_lldp: fix pointer increment in LLDP_TLV_SYSTEM_CAP case
Browse files Browse the repository at this point in the history
Fixed a typo wherein a pointer was incremented by sizeof(uint32_t) after
reading sizeof(uint16_t) and before reading another sizeof(uint16_t). In
essence a potential out of bounds memory access (read) due to improper
increment of pointer

Signed-off-by: Nathaniel Ferguson <[email protected]>
Signed-off-by: Tobias Klauser <[email protected]>
  • Loading branch information
nathaniellives authored and tklauser committed May 4, 2020
1 parent a8c3c53 commit 3e69db4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion proto_lldp.c
Original file line number Diff line number Diff line change
Expand Up @@ -356,7 +356,7 @@ static void lldp(struct pkt_buff *pkt)
goto out_invalid;

sys_cap = EXTRACT_16BIT(tlv_info_str);
tlv_info_str += sizeof(uint32_t);
tlv_info_str += sizeof(uint16_t);
en_cap = EXTRACT_16BIT(tlv_info_str);

tprintf(" (");
Expand Down

0 comments on commit 3e69db4

Please sign in to comment.