Hannes Mezger
28a7a79cac
opcua: prevent opcua dissector crash by limiting nesting depth
...
The OPC UA types DiagnosticInfo, Variant and ExtensionObject can be
nested, which can lead to stack overflows when parsing specially
crafted packets. This is fixed by storing the current nesting depth
as expert info.
The corresponding CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12086
The corresponding security bulletin of the OPC Foundation is https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf
Change-Id: I5f6da3a3e269f6db1b690b77470ddf60045bcedd
Reviewed-on: https://code.wireshark.org/review/29645
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-14 04:11:20 +00:00
Erika Szelleova
6b13c05da1
OpcUa: fix in function getExtensionObjectType
...
The function getExtensionObjectType was not reading the corrects bytes,
this sometimes ended in reading outside the buffer and that way
exception was raised even for correct packets.
Bug: 14465
Change-Id: I5d7d9ca5f43f0afbc93f40487a78709c52f0658a
Reviewed-on: https://code.wireshark.org/review/28328
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-06-21 03:33:21 +00:00
Dario Lombardo
d2d1f793f8
plugins: use SPDX identifiers.
...
Change-Id: I8155573933daeb69c6e4c95c6702bdd6fc1fa89b
Reviewed-on: https://code.wireshark.org/review/25707
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-09 14:12:48 +00:00
João Valverde
5352ef42f9
plugins: Add source tree subfolder for plugin library
...
This allows some simplification and makes things more consistent,
particularly for loading plugins from the build dir.
Also fixes the issue reported here:
https://www.wireshark.org/lists/wireshark-dev/201801/msg00061.html
Change-Id: I0d8a000ee679172bccad546a3b0c47a79486f44d
Reviewed-on: https://code.wireshark.org/review/25329
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
2018-01-16 08:51:37 +00:00