forked from osmocom/wireshark
If we encounter an excessively long filter string or one with too many
elements, add an expert item and throw a ReportedBoundsError. We may want to handle this more cleanly in the future but this avoids allocating a huge amount of memory. svn path=/trunk/; revision=36101
This commit is contained in:
parent
16097406f4
commit
91fe31c9b4
|
@ -678,6 +678,16 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v
|
||||||
proto_item *it=NULL;
|
proto_item *it=NULL;
|
||||||
attributedesc_string=NULL;
|
attributedesc_string=NULL;
|
||||||
|
|
||||||
|
if (Filter_length++ > MAX_FILTER_LEN) {
|
||||||
|
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN);
|
||||||
|
THROW(ReportedBoundsError);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
|
||||||
|
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
|
||||||
|
THROW(ReportedBoundsError);
|
||||||
|
}
|
||||||
|
|
||||||
if(tree){
|
if(tree){
|
||||||
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
||||||
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
||||||
|
|
|
@ -103,6 +103,7 @@
|
||||||
#include <epan/dissectors/packet-windows-common.h>
|
#include <epan/dissectors/packet-windows-common.h>
|
||||||
#include <epan/dissectors/packet-dcerpc.h>
|
#include <epan/dissectors/packet-dcerpc.h>
|
||||||
#include <epan/asn1.h>
|
#include <epan/asn1.h>
|
||||||
|
#include <epan/expert.h>
|
||||||
|
|
||||||
#include "packet-ldap.h"
|
#include "packet-ldap.h"
|
||||||
#include "packet-ntlmssp.h"
|
#include "packet-ntlmssp.h"
|
||||||
|
@ -576,6 +577,12 @@ static const char *substring_item_final=NULL;
|
||||||
static const char *matching_rule_string=NULL;
|
static const char *matching_rule_string=NULL;
|
||||||
static gboolean matching_rule_dnattr=FALSE;
|
static gboolean matching_rule_dnattr=FALSE;
|
||||||
|
|
||||||
|
#define MAX_FILTER_LEN 4096
|
||||||
|
static gint Filter_length;
|
||||||
|
|
||||||
|
#define MAX_FILTER_ELEMENTS 200
|
||||||
|
static gint Filter_elements;
|
||||||
|
|
||||||
/* Global variables */
|
/* Global variables */
|
||||||
char *mechanism = NULL;
|
char *mechanism = NULL;
|
||||||
static gint MessageID =-1;
|
static gint MessageID =-1;
|
||||||
|
|
|
@ -111,6 +111,7 @@
|
||||||
#include <epan/dissectors/packet-windows-common.h>
|
#include <epan/dissectors/packet-windows-common.h>
|
||||||
#include <epan/dissectors/packet-dcerpc.h>
|
#include <epan/dissectors/packet-dcerpc.h>
|
||||||
#include <epan/asn1.h>
|
#include <epan/asn1.h>
|
||||||
|
#include <epan/expert.h>
|
||||||
|
|
||||||
#include "packet-ldap.h"
|
#include "packet-ldap.h"
|
||||||
#include "packet-ntlmssp.h"
|
#include "packet-ntlmssp.h"
|
||||||
|
@ -340,7 +341,7 @@ static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
|
||||||
static int hf_ldap_error = -1; /* T_error */
|
static int hf_ldap_error = -1; /* T_error */
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-hf.c ---*/
|
/*--- End of included file: packet-ldap-hf.c ---*/
|
||||||
#line 187 "packet-ldap-template.c"
|
#line 188 "packet-ldap-template.c"
|
||||||
|
|
||||||
/* Initialize the subtree pointers */
|
/* Initialize the subtree pointers */
|
||||||
static gint ett_ldap = -1;
|
static gint ett_ldap = -1;
|
||||||
|
@ -413,7 +414,7 @@ static gint ett_ldap_PasswordPolicyResponseValue = -1;
|
||||||
static gint ett_ldap_T_warning = -1;
|
static gint ett_ldap_T_warning = -1;
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-ett.c ---*/
|
/*--- End of included file: packet-ldap-ett.c ---*/
|
||||||
#line 198 "packet-ldap-template.c"
|
#line 199 "packet-ldap-template.c"
|
||||||
|
|
||||||
static dissector_table_t ldap_name_dissector_table=NULL;
|
static dissector_table_t ldap_name_dissector_table=NULL;
|
||||||
static const char *object_identifier_id = NULL; /* LDAP OID */
|
static const char *object_identifier_id = NULL; /* LDAP OID */
|
||||||
|
@ -795,6 +796,12 @@ static const char *substring_item_final=NULL;
|
||||||
static const char *matching_rule_string=NULL;
|
static const char *matching_rule_string=NULL;
|
||||||
static gboolean matching_rule_dnattr=FALSE;
|
static gboolean matching_rule_dnattr=FALSE;
|
||||||
|
|
||||||
|
#define MAX_FILTER_LEN 4096
|
||||||
|
static gint Filter_length;
|
||||||
|
|
||||||
|
#define MAX_FILTER_ELEMENTS 200
|
||||||
|
static gint Filter_elements;
|
||||||
|
|
||||||
/* Global variables */
|
/* Global variables */
|
||||||
char *mechanism = NULL;
|
char *mechanism = NULL;
|
||||||
static gint MessageID =-1;
|
static gint MessageID =-1;
|
||||||
|
@ -1238,7 +1245,7 @@ dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 691 "ldap.cnf"
|
#line 701 "ldap.cnf"
|
||||||
/* make sure the protocol op comes first */
|
/* make sure the protocol op comes first */
|
||||||
ldap_do_protocolop(actx->pinfo);
|
ldap_do_protocolop(actx->pinfo);
|
||||||
|
|
||||||
|
@ -1254,7 +1261,7 @@ dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 698 "ldap.cnf"
|
#line 708 "ldap.cnf"
|
||||||
/* make sure the protocol op comes first */
|
/* make sure the protocol op comes first */
|
||||||
ldap_do_protocolop(actx->pinfo);
|
ldap_do_protocolop(actx->pinfo);
|
||||||
|
|
||||||
|
@ -1419,7 +1426,7 @@ dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 705 "ldap.cnf"
|
#line 715 "ldap.cnf"
|
||||||
tvbuff_t *new_tvb=NULL;
|
tvbuff_t *new_tvb=NULL;
|
||||||
|
|
||||||
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
|
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
|
||||||
|
@ -2098,6 +2105,16 @@ dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_
|
||||||
proto_item *it=NULL;
|
proto_item *it=NULL;
|
||||||
attributedesc_string=NULL;
|
attributedesc_string=NULL;
|
||||||
|
|
||||||
|
if (Filter_length++ > MAX_FILTER_LEN) {
|
||||||
|
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
|
||||||
|
THROW(ReportedBoundsError);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
|
||||||
|
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
|
||||||
|
THROW(ReportedBoundsError);
|
||||||
|
}
|
||||||
|
|
||||||
if(tree){
|
if(tree){
|
||||||
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
||||||
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
||||||
|
@ -2407,7 +2424,7 @@ dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 808 "ldap.cnf"
|
#line 818 "ldap.cnf"
|
||||||
|
|
||||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||||
hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
|
hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
|
||||||
|
@ -2684,7 +2701,7 @@ dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 815 "ldap.cnf"
|
#line 825 "ldap.cnf"
|
||||||
|
|
||||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||||
hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
|
hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
|
||||||
|
@ -2755,7 +2772,7 @@ dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 740 "ldap.cnf"
|
#line 750 "ldap.cnf"
|
||||||
|
|
||||||
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
||||||
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
|
||||||
|
@ -2904,12 +2921,12 @@ dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 748 "ldap.cnf"
|
#line 758 "ldap.cnf"
|
||||||
|
|
||||||
const gchar *name;
|
const gchar *name;
|
||||||
|
|
||||||
|
|
||||||
#line 752 "ldap.cnf"
|
#line 762 "ldap.cnf"
|
||||||
if(ldm_tree && object_identifier_id) {
|
if(ldm_tree && object_identifier_id) {
|
||||||
proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
|
proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
|
||||||
name = oid_resolved_from_string(object_identifier_id);
|
name = oid_resolved_from_string(object_identifier_id);
|
||||||
|
@ -3090,7 +3107,7 @@ dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 721 "ldap.cnf"
|
#line 731 "ldap.cnf"
|
||||||
gint8 class;
|
gint8 class;
|
||||||
gboolean pc, ind;
|
gboolean pc, ind;
|
||||||
gint32 tag;
|
gint32 tag;
|
||||||
|
@ -3275,7 +3292,7 @@ dissect_ldap_DirSyncFlagsSubEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
|
||||||
|
|
||||||
static int
|
static int
|
||||||
dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||||
#line 765 "ldap.cnf"
|
#line 775 "ldap.cnf"
|
||||||
gint8 class;
|
gint8 class;
|
||||||
gboolean pc;
|
gboolean pc;
|
||||||
gint32 tag;
|
gint32 tag;
|
||||||
|
@ -3684,7 +3701,7 @@ static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_in
|
||||||
|
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-fn.c ---*/
|
/*--- End of included file: packet-ldap-fn.c ---*/
|
||||||
#line 738 "packet-ldap-template.c"
|
#line 745 "packet-ldap-template.c"
|
||||||
|
|
||||||
static void
|
static void
|
||||||
dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
|
dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
|
||||||
|
@ -5562,7 +5579,7 @@ void proto_register_ldap(void) {
|
||||||
NULL, HFILL }},
|
NULL, HFILL }},
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-hfarr.c ---*/
|
/*--- End of included file: packet-ldap-hfarr.c ---*/
|
||||||
#line 2035 "packet-ldap-template.c"
|
#line 2042 "packet-ldap-template.c"
|
||||||
};
|
};
|
||||||
|
|
||||||
/* List of subtrees */
|
/* List of subtrees */
|
||||||
|
@ -5637,7 +5654,7 @@ void proto_register_ldap(void) {
|
||||||
&ett_ldap_T_warning,
|
&ett_ldap_T_warning,
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-ettarr.c ---*/
|
/*--- End of included file: packet-ldap-ettarr.c ---*/
|
||||||
#line 2048 "packet-ldap-template.c"
|
#line 2055 "packet-ldap-template.c"
|
||||||
};
|
};
|
||||||
|
|
||||||
module_t *ldap_module;
|
module_t *ldap_module;
|
||||||
|
@ -5768,7 +5785,7 @@ proto_reg_handoff_ldap(void)
|
||||||
|
|
||||||
|
|
||||||
/*--- End of included file: packet-ldap-dis-tab.c ---*/
|
/*--- End of included file: packet-ldap-dis-tab.c ---*/
|
||||||
#line 2162 "packet-ldap-template.c"
|
#line 2169 "packet-ldap-template.c"
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue