forked from osmocom/wireshark
If we encounter an excessively long filter string or one with too many
elements, add an expert item and throw a ReportedBoundsError. We may want to handle this more cleanly in the future but this avoids allocating a huge amount of memory. svn path=/trunk/; revision=36101
This commit is contained in:
parent
16097406f4
commit
91fe31c9b4
|
@ -678,6 +678,16 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v
|
|||
proto_item *it=NULL;
|
||||
attributedesc_string=NULL;
|
||||
|
||||
if (Filter_length++ > MAX_FILTER_LEN) {
|
||||
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN);
|
||||
THROW(ReportedBoundsError);
|
||||
}
|
||||
|
||||
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
|
||||
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
|
||||
THROW(ReportedBoundsError);
|
||||
}
|
||||
|
||||
if(tree){
|
||||
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
||||
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
||||
|
|
|
@ -103,6 +103,7 @@
|
|||
#include <epan/dissectors/packet-windows-common.h>
|
||||
#include <epan/dissectors/packet-dcerpc.h>
|
||||
#include <epan/asn1.h>
|
||||
#include <epan/expert.h>
|
||||
|
||||
#include "packet-ldap.h"
|
||||
#include "packet-ntlmssp.h"
|
||||
|
@ -576,6 +577,12 @@ static const char *substring_item_final=NULL;
|
|||
static const char *matching_rule_string=NULL;
|
||||
static gboolean matching_rule_dnattr=FALSE;
|
||||
|
||||
#define MAX_FILTER_LEN 4096
|
||||
static gint Filter_length;
|
||||
|
||||
#define MAX_FILTER_ELEMENTS 200
|
||||
static gint Filter_elements;
|
||||
|
||||
/* Global variables */
|
||||
char *mechanism = NULL;
|
||||
static gint MessageID =-1;
|
||||
|
|
|
@ -111,6 +111,7 @@
|
|||
#include <epan/dissectors/packet-windows-common.h>
|
||||
#include <epan/dissectors/packet-dcerpc.h>
|
||||
#include <epan/asn1.h>
|
||||
#include <epan/expert.h>
|
||||
|
||||
#include "packet-ldap.h"
|
||||
#include "packet-ntlmssp.h"
|
||||
|
@ -340,7 +341,7 @@ static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
|
|||
static int hf_ldap_error = -1; /* T_error */
|
||||
|
||||
/*--- End of included file: packet-ldap-hf.c ---*/
|
||||
#line 187 "packet-ldap-template.c"
|
||||
#line 188 "packet-ldap-template.c"
|
||||
|
||||
/* Initialize the subtree pointers */
|
||||
static gint ett_ldap = -1;
|
||||
|
@ -413,7 +414,7 @@ static gint ett_ldap_PasswordPolicyResponseValue = -1;
|
|||
static gint ett_ldap_T_warning = -1;
|
||||
|
||||
/*--- End of included file: packet-ldap-ett.c ---*/
|
||||
#line 198 "packet-ldap-template.c"
|
||||
#line 199 "packet-ldap-template.c"
|
||||
|
||||
static dissector_table_t ldap_name_dissector_table=NULL;
|
||||
static const char *object_identifier_id = NULL; /* LDAP OID */
|
||||
|
@ -795,6 +796,12 @@ static const char *substring_item_final=NULL;
|
|||
static const char *matching_rule_string=NULL;
|
||||
static gboolean matching_rule_dnattr=FALSE;
|
||||
|
||||
#define MAX_FILTER_LEN 4096
|
||||
static gint Filter_length;
|
||||
|
||||
#define MAX_FILTER_ELEMENTS 200
|
||||
static gint Filter_elements;
|
||||
|
||||
/* Global variables */
|
||||
char *mechanism = NULL;
|
||||
static gint MessageID =-1;
|
||||
|
@ -1238,7 +1245,7 @@ dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
|||
|
||||
static int
|
||||
dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 691 "ldap.cnf"
|
||||
#line 701 "ldap.cnf"
|
||||
/* make sure the protocol op comes first */
|
||||
ldap_do_protocolop(actx->pinfo);
|
||||
|
||||
|
@ -1254,7 +1261,7 @@ dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in
|
|||
|
||||
static int
|
||||
dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 698 "ldap.cnf"
|
||||
#line 708 "ldap.cnf"
|
||||
/* make sure the protocol op comes first */
|
||||
ldap_do_protocolop(actx->pinfo);
|
||||
|
||||
|
@ -1419,7 +1426,7 @@ dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U
|
|||
|
||||
static int
|
||||
dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 705 "ldap.cnf"
|
||||
#line 715 "ldap.cnf"
|
||||
tvbuff_t *new_tvb=NULL;
|
||||
|
||||
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
|
||||
|
@ -2098,6 +2105,16 @@ dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_
|
|||
proto_item *it=NULL;
|
||||
attributedesc_string=NULL;
|
||||
|
||||
if (Filter_length++ > MAX_FILTER_LEN) {
|
||||
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
|
||||
THROW(ReportedBoundsError);
|
||||
}
|
||||
|
||||
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
|
||||
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
|
||||
THROW(ReportedBoundsError);
|
||||
}
|
||||
|
||||
if(tree){
|
||||
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
||||
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
||||
|
@ -2407,7 +2424,7 @@ dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i
|
|||
|
||||
static int
|
||||
dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 808 "ldap.cnf"
|
||||
#line 818 "ldap.cnf"
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
|
||||
|
@ -2684,7 +2701,7 @@ dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
|||
|
||||
static int
|
||||
dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 815 "ldap.cnf"
|
||||
#line 825 "ldap.cnf"
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
|
||||
|
@ -2755,7 +2772,7 @@ dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U
|
|||
|
||||
static int
|
||||
dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 740 "ldap.cnf"
|
||||
#line 750 "ldap.cnf"
|
||||
|
||||
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
||||
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
|
||||
|
@ -2904,12 +2921,12 @@ dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
|
|||
|
||||
static int
|
||||
dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 748 "ldap.cnf"
|
||||
#line 758 "ldap.cnf"
|
||||
|
||||
const gchar *name;
|
||||
|
||||
|
||||
#line 752 "ldap.cnf"
|
||||
#line 762 "ldap.cnf"
|
||||
if(ldm_tree && object_identifier_id) {
|
||||
proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
|
||||
name = oid_resolved_from_string(object_identifier_id);
|
||||
|
@ -3090,7 +3107,7 @@ dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
|
|||
|
||||
static int
|
||||
dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 721 "ldap.cnf"
|
||||
#line 731 "ldap.cnf"
|
||||
gint8 class;
|
||||
gboolean pc, ind;
|
||||
gint32 tag;
|
||||
|
@ -3275,7 +3292,7 @@ dissect_ldap_DirSyncFlagsSubEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
|
|||
|
||||
static int
|
||||
dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 765 "ldap.cnf"
|
||||
#line 775 "ldap.cnf"
|
||||
gint8 class;
|
||||
gboolean pc;
|
||||
gint32 tag;
|
||||
|
@ -3684,7 +3701,7 @@ static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_in
|
|||
|
||||
|
||||
/*--- End of included file: packet-ldap-fn.c ---*/
|
||||
#line 738 "packet-ldap-template.c"
|
||||
#line 745 "packet-ldap-template.c"
|
||||
|
||||
static void
|
||||
dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
|
||||
|
@ -5562,7 +5579,7 @@ void proto_register_ldap(void) {
|
|||
NULL, HFILL }},
|
||||
|
||||
/*--- End of included file: packet-ldap-hfarr.c ---*/
|
||||
#line 2035 "packet-ldap-template.c"
|
||||
#line 2042 "packet-ldap-template.c"
|
||||
};
|
||||
|
||||
/* List of subtrees */
|
||||
|
@ -5637,7 +5654,7 @@ void proto_register_ldap(void) {
|
|||
&ett_ldap_T_warning,
|
||||
|
||||
/*--- End of included file: packet-ldap-ettarr.c ---*/
|
||||
#line 2048 "packet-ldap-template.c"
|
||||
#line 2055 "packet-ldap-template.c"
|
||||
};
|
||||
|
||||
module_t *ldap_module;
|
||||
|
@ -5768,7 +5785,7 @@ proto_reg_handoff_ldap(void)
|
|||
|
||||
|
||||
/*--- End of included file: packet-ldap-dis-tab.c ---*/
|
||||
#line 2162 "packet-ldap-template.c"
|
||||
#line 2169 "packet-ldap-template.c"
|
||||
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue