[Babel-users] Non-exploitable buffer overflow in babeld, fix pushed to master

[Juliusz Chroboczek]

Dear all,

While working on the HMAC security mechanism, we have found an off-by-two
error in the packet parser which could cause babeld to read two octets
after the end of the read buffer.  The overflow is not believed to be
exploitable -- a maliciously crafted packet will merely cause two octets
of garbage to be parsed as part of a TLV.

The fix is commit 8cbc75 in master, 9c01e1 in branch unicast.  If you have
time, I'd appreciate it if you could double-check; I'll make a bugfix
release next week.

-- Juliusz