osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan
History
Darius Davis 6e88943d0e BGP: Validate length of Path Attribute records. 
Bug 13741 showed a case where the BGP dissector's failure to validate the
length of the Path Attribute record allowed a pathological BGP UPDATE packet to
generate more than one million items in the protocol tree by repeatedly
dissecting certain segments of the packet.

It's easy enough to detect when the Path Attribute length cannot be valid, so
let's do so.  When the condition arises, let's raise an Expert Info error in
the same style and format as used elsewhere in the same routine, and abandon
dissection of the Path Attributes list.

With this check in place, an incorrect length computation is revealed at a
callsite.  This would only have prevented a small (less than 5 bytes) Path
Attribute from being dissected if it was at the very end of the Path Attributes
list, but the bounds checking added in this change makes this problem much more
apparent, so we fix the length computation while we're here.

Testing Done: Built wireshark on Linux amd64.  Using bgp.pcap from the Sample
   Captures page on the wiki, verified that the dissection of the UPDATE
   packets were unaltered by this fix.  Using the capture attached to bug 13741
   (clusterfuzz-testcase-minimized-6689222578667520.pcap), verified that the
   packet no longer triggers the "too many items" exception, instead we see
   an Expert Info for each oversized Path Attribute length, and eventually an
   exception for "length of contained item exceeds length of containing item".
   30,000 iterations of fuzz test with bgp.pcap as input, and many iterations
   of randpkt-test too.  Crafted a packet with a 3-byte ATOMIC_AGGREGATE Path
   Attribute at the end of the Path Attributes list; Before this change, an
   exception is raised during dissection, but after this change it is dissected
   correctly.

Bug: 13741
Change-Id: I80f506b114a61e5b060d93b59bed6b94fb188b3e
Reviewed-on: https://code.wireshark.org/review/27466
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
 		2018-05-14 08:17:09 +00:00
..
crypt Remove autotools build system. 2018-04-18 03:46:17 +00:00
dfilter dfilter: fix memleaks with functions and slice operator 2018-04-25 06:57:00 +00:00
dissectors BGP: Validate length of Path Attribute records. 2018-05-14 08:17:09 +00:00
ftypes ftypes: fix memleak when converting protocol values 2018-04-25 06:55:52 +00:00
wmem fix missing parentheses in 'if' statement 2018-05-03 04:09:42 +00:00
wslua wslua: fix memleak in Dir.remove_all on error path 2018-05-10 06:16:19 +00:00
.editorconfig Remove circuit API 2017-11-13 05:21:36 +00:00
CMakeLists.txt CMake: fix build with json-glib with gold linker 2018-04-19 08:08:11 +00:00
addr_and_mask.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
addr_and_mask.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
addr_resolv.c addr_resolv: fix memleak of g_penterprises_path 2018-04-25 04:09:48 +00:00
addr_resolv.h Transition from GeoIP Legacy to MaxMindDB. 2018-03-06 18:02:21 +00:00
address.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
address_types.c address_types: fix returned length of eui64_addr_to_str 2018-03-07 23:05:28 +00:00
address_types.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
afn.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
afn.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
aftypes.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
aftypes.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
app_mem_usage.c Update a comment. 2018-03-24 04:03:20 +00:00
app_mem_usage.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
arcnet_pids.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
arptypes.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
asn1.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
asn1.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ax25_pids.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
bridged_pids.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
capture_dissectors.c more SPDX convertions. 2018-02-13 13:57:30 +00:00
capture_dissectors.h more SPDX convertions. 2018-02-13 13:57:30 +00:00
charsets.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
charsets.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
chdlctypes.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
color_filters.c glib: Use g_slist_free_full() in a couple of places. 2018-04-17 15:01:24 +00:00
color_filters.h Remove some GTK+-only code. 2018-04-17 03:44:47 +00:00
column-info.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
column-utils.c fix missing parentheses in 'if' statement 2018-05-03 04:09:42 +00:00
column-utils.h colum-utils.h: Fix 325 million -Wdocumentation warnings 2018-03-16 20:28:25 +00:00
column.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
column.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
conv_id.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
conversation.c UDP: Heuristic dissector for conversation taking precedence 2018-02-10 20:51:55 +00:00
conversation.h UDP: Heuristic dissector for conversation taking precedence 2018-02-10 20:51:55 +00:00
conversation_debug.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
conversation_table.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
conversation_table.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc6-tvb.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc6-tvb.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc8-tvb.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc8-tvb.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc10-tvb.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc10-tvb.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc16-tvb.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc16-tvb.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc32-tvb.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
crc32-tvb.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
decode_as.c Fix the "pointer to function that generates a label" values. 2018-02-13 18:06:11 +00:00
decode_as.h Fix the "pointer to function that generates a label" values. 2018-02-13 18:06:11 +00:00
diam_dict.h spdx: more licenses converted. 2018-03-07 15:56:44 +00:00
diam_dict.l If we're reading from a string, don't fclose yyin. 2018-04-03 01:04:09 +00:00
disabled_protos.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
disabled_protos.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
dissector_filters.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
dissector_filters.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
dtd.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
dtd_grammar.lemon Use common indenting space in heading 2018-05-01 06:55:55 +00:00
dtd_parse.h Use common indenting space in heading 2018-05-01 06:55:55 +00:00
dtd_parse.l Use DIAG_OFF_FLEX/DIAG_ON_FLEX more consistently. 2018-02-16 19:54:16 +00:00
dtd_preparse.l Add DIAG_OFF_FLEX and DIAG_ON_FLEX for use in Flex scanners. 2018-02-16 10:35:10 +00:00
dvb_chartbl.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
dvb_chartbl.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
eap.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
eapol_keydes_types.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
epan.c glib: Get rid of GLIB_CHECK_VERSION as we now require 2.32.0 2018-04-16 16:07:46 +00:00
epan.h Switch the Doxygen API reference build to CMake. 2018-04-17 03:46:05 +00:00
epan_dissect.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
etypes.h Add Arista Vendor Specific Protocol (Ethertype) dissector 2018-03-22 20:15:12 +00:00
ex-opt.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ex-opt.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
except.c Clean up REPORT_DISSECTOR_BUG(). 2018-03-25 23:49:35 +00:00
except.h Clean up REPORT_DISSECTOR_BUG(). 2018-03-25 23:49:35 +00:00
exceptions.h Handle subset tvbuffs where the length goes past the end of the parent. 2018-04-20 03:18:47 +00:00
exntest.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
expert.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
expert.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
export_object.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
export_object.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
exported_pdu.c glib: Use g_slist_free_full() in a couple of places. 2018-04-17 15:01:24 +00:00
exported_pdu.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
filter_expressions.c Fix minor leak in filter_expression_new. 2018-04-28 16:28:18 +00:00
filter_expressions.h Remove some GTK+-only code. 2018-04-17 03:44:47 +00:00
follow.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
follow.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
frame_data.c Remove redundant members from wtap_syscall_header. 2018-02-09 02:39:09 +00:00
frame_data.h Generalize wtap_pkthdr into a structure for packet and non-packet records. 2018-02-09 00:29:51 +00:00
frame_data_sequence.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
frame_data_sequence.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
funnel.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
funnel.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
garrayfix.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
golay.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
golay.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
guid-utils.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
guid-utils.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
iana_charsets.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
iana_charsets.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
iax2_codec_type.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
in_cksum.c epan: more SPDX convertions. 2018-02-09 14:41:31 +00:00
in_cksum.h epan: more SPDX convertions. 2018-02-09 14:41:31 +00:00
ip_opts.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ipproto.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ipproto.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ipv4.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ipv6.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
lapd_sapi.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
llcsaps.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
maxmind_db.c Properly initialize mmdb_lookup_t. 2018-03-13 21:14:46 +00:00
maxmind_db.h MaxMind DB: Shut down our mmdbresolve process. 2018-03-15 17:44:46 +00:00
media_params.c Add wmem alloc parameter to ws_find_media_type_parameter. 2018-03-11 15:07:24 +00:00
media_params.h Add wmem alloc parameter to ws_find_media_type_parameter. 2018-03-11 15:07:24 +00:00
next_tvb.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
next_tvb.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
nlpid.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
oids.c OID name resolv: Fix MIB/PIB path presentations 2018-03-24 07:07:14 +00:00
oids.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
oids_test.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
osi-utils.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
osi-utils.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
oui.h dissector/ptp: use BASE_OUI for organizationId 2018-04-06 03:15:50 +00:00
packet.c Handle subset tvbuffs where the length goes past the end of the parent. 2018-04-20 03:18:47 +00:00
packet.h Constify an argument that doesn't need to be non-const. 2018-03-08 02:55:10 +00:00
packet_info.h ERSPAN: Various small cleanups and enhancements 2018-03-18 10:14:03 +00:00
params.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
plugin_if.c plugin_if: fix small memory leak in ext_menubar_add_separator 2018-05-05 05:57:25 +00:00
plugin_if.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ppptypes.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
prefs-int.h Remove some GTK+-only code. 2018-04-17 03:44:47 +00:00
prefs.c Get rid of GTK+-only structure member. 2018-05-12 22:47:24 +00:00
prefs.h Remove some GTK+-only code. 2018-04-17 03:44:47 +00:00
print.c glib: Get rid of GLIB_CHECK_VERSION as we now require 2.32.0 2018-04-16 16:07:46 +00:00
print.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
print.ps
print_stream.c replace SPDX identifier GPL-2.0+ with GPL-2.0-or-later. 2018-02-08 14:57:36 +00:00
print_stream.h replace SPDX identifier GPL-2.0+ with GPL-2.0-or-later. 2018-02-08 14:57:36 +00:00
proto.c Display configured checksum Expert summary string 2018-05-14 08:15:39 +00:00
proto.h tshark: improve -G elastic-mapping command by adding filters. 2018-04-19 15:54:47 +00:00
proto_data.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
proto_data.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ps.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
ptvcursor.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
radius_dict.l Add DIAG_OFF_FLEX and DIAG_ON_FLEX for use in Flex scanners. 2018-02-16 10:35:10 +00:00
range.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
range.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
reassemble.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
reassemble.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
reassemble_test.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
reedsolomon.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
reedsolomon.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
register.c glib: Get rid of GLIB_CHECK_VERSION as we now require 2.32.0 2018-04-16 16:07:46 +00:00
register.h replace SPDX identifier GPL-2.0+ with GPL-2.0-or-later. 2018-02-08 14:57:36 +00:00
req_resp_hdrs.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
req_resp_hdrs.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
rtd_table.c Get rid of some GTK+-only stuff. 2018-05-12 23:01:14 +00:00
rtd_table.h Get rid of some GTK+-only stuff. 2018-05-12 23:01:14 +00:00
rtp_pt.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
sctpppids.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
sequence_analysis.c glib: Get rid of GLIB_CHECK_VERSION as we now require 2.32.0 2018-04-16 16:07:46 +00:00
sequence_analysis.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
show_exception.c Put protocol name before "length of contained item...". 2018-04-22 21:45:48 +00:00
show_exception.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
slow_protocol_subtypes.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
sminmpec.h epan: Trivial constant sort order fix - sminmpec.h 2018-04-21 06:10:35 +00:00
srt_table.c Get rid of some GTK+-only stuff. 2018-05-13 19:46:45 +00:00
srt_table.h Get rid of some GTK+-only stuff. 2018-05-13 19:46:45 +00:00
stat_groups.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
stat_tap_ui.c Get rid of some GTK+-only stuff. 2018-05-13 20:21:14 +00:00
stat_tap_ui.h Get rid of some GTK+-only stuff. 2018-05-13 20:21:14 +00:00
stats_tree.c Remove some GTK+-only code. 2018-04-17 03:44:47 +00:00
stats_tree.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
stats_tree_priv.h Remove some GTK+-only code. 2018-04-17 03:44:47 +00:00
stream.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
stream.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
strutil.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
strutil.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
t35.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
t35.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
tap-voip.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
tap.c glib: Get rid of GLIB_CHECK_VERSION as we now require 2.32.0 2018-04-16 16:07:46 +00:00
tap.h tap: fix remaining potential memleaks with register_tap_listener 2018-03-27 04:51:00 +00:00
tfs.c tfs: Add high_normal and low_normal 2018-03-11 02:42:41 +00:00
tfs.h tfs: Add high_normal and low_normal 2018-03-11 02:42:41 +00:00
time_fmt.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
timestamp.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
timestamp.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
timestats.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
timestats.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
to_str-int.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
to_str.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
to_str.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
tvbparse.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
tvbparse.h Use common indenting space in heading 2018-05-01 06:55:55 +00:00
tvbtest.c Update some comments. 2018-04-20 02:58:36 +00:00
tvbuff-int.h Handle subset tvbuffs where the length goes past the end of the parent. 2018-04-20 03:18:47 +00:00
tvbuff.c More 'abs_offset' initialisation needed for gcc 4.8.5 (Leap 42.3) 2018-04-21 22:40:32 +00:00
tvbuff.h Update some comments. 2018-04-20 02:58:36 +00:00
tvbuff_base64.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
tvbuff_composite.c Handle subset tvbuffs where the length goes past the end of the parent. 2018-04-20 03:18:47 +00:00
tvbuff_real.c Handle subset tvbuffs where the length goes past the end of the parent. 2018-04-20 03:18:47 +00:00
tvbuff_subset.c Handle subset tvbuffs where the length goes past the end of the parent. 2018-04-20 03:18:47 +00:00
tvbuff_zlib.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
uat-int.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
uat.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
uat.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
uat_load.l Use DIAG_OFF_FLEX/DIAG_ON_FLEX more consistently. 2018-02-16 19:54:16 +00:00
unit_strings.c Make some arguments const, and remove casting-away of constness. 2018-02-21 05:34:52 +00:00
unit_strings.h Make some arguments const, and remove casting-away of constness. 2018-02-21 05:34:52 +00:00
value_string.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
value_string.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
x264_prt_id.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
xdlc.c epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00
xdlc.h epan: use SPDX indentifiers. 2018-02-08 19:29:45 +00:00