URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e1f3c188e7f37d698dfcf4c74892b5ee512f520c
Submitter: Balint Reczey (balint@xxxxxxxxxxxxxxx)
Changed: branch: lts-1.12.1
Repository: wireshark
Commits:
e1f3c18 by Peter Wu (peter@xxxxxxxxxxxxx):
ber: avoid deep recursion for constructed strings
Bound the recursion depth to avoid a stack overflow while parsing a
deeply nested constructed string.
Call chain before this patch:
- dissect_ber_octet_string
- dissect_ber_constrained_octet_string
- reassemble_octet_string (called for constructed types)
- dissect_ber_octet_string *recursion*
After this patch, the reassemble_octet_string will throw if the maximum
recursion depth is reached.
Bug: 11822
Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
Reviewed-on: https://code.wireshark.org/review/14108
Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 9ff932bf5ea554f9e94ee1364284aff9eb3fd619)
Reviewed-on: https://code.wireshark.org/review/14110
(cherry picked from commit 307bbd253fc61657935eca992ec9325dbfff3274)
Reviewed-on: https://code.wireshark.org/review/14111
(cherry picked from commit 8f7a26e8fcf878bb55601edae5032caf71c2e587)
Reviewed-on: https://code.wireshark.org/review/14348
Reviewed-by: Balint Reczey <balint@xxxxxxxxxxxxxxx>
Actions performed:
from f03f508 ber: fix buffer overrun when handling empty sets
adds e1f3c18 ber: avoid deep recursion for constructed strings
Summary of changes:
epan/dissectors/packet-ber.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)