Dear all, While working on the HMAC security mechanism, we have found an off-by-two error in the packet parser which could cause babeld to read two octets after the end of the read buffer. The overflow is not believed to be exploitable -- a maliciously crafted packet will merely cause two octets of garbage to be parsed as part of a TLV.
The fix is commit 8cbc75 in master, 9c01e1 in branch unicast. If you have time, I'd appreciate it if you could double-check; I'll make a bugfix release next week. -- Juliusz _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
