URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9ff932bf5ea554f9e94ee1364284aff9eb3fd619
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
9ff932b by Peter Wu (peter@xxxxxxxxxxxxx):
ber: avoid deep recursion for constructed strings
Bound the recursion depth to avoid a stack overflow while parsing a
deeply nested constructed string.
Call chain before this patch:
- dissect_ber_octet_string
- dissect_ber_constrained_octet_string
- reassemble_octet_string (called for constructed types)
- dissect_ber_octet_string *recursion*
After this patch, the reassemble_octet_string will throw if the maximum
recursion depth is reached.
Bug: 11822
Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
Reviewed-on: https://code.wireshark.org/review/14108
Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from e395633 vwr: fix heap-based buffer overflow
adds 9ff932b ber: avoid deep recursion for constructed strings
Summary of changes:
epan/dissectors/packet-ber.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)