Wireshark mailing list archives
Re: [Wireshark-commits] rev 33464: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ber.c
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Wed, 07 Jul 2010 14:49:55 -0400
Gerald Combs wrote:
morriss () wireshark org wrote:http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33464 User: morriss Date: 2010/07/07 08:52 AM Log: Fix infinite recursion reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4984 : In try_get_ber_length() make sure we move forward before recursing. Directory: /trunk/epan/dissectors/ Changes Path Action +57 -56 packet-ber.c ModifiedIf I apply the attached debugging code to packet-ber.c I see some high stack counts in the fuzz capture from bug 4984. It looks like we're still vulnerable to a stack overflow.
Interesting--I don't get any stacks deeper than 10 on that capture file.
Shouldn't we remove recursion from try_get_ber_length or at least throw an exception when we run into, say, 5 levels of nesting?
I don't know enough to say what's a valid depth. In looking at the sample captures I have, I only got to a depth above 10 on one which is probably supposed to be valid but throws an exception in the end. But this sample capture: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=c06-ldapv3-enc-r1.pcap.gz gets depths as high as 25,604... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-commits] rev 33464: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ber.c Gerald Combs (Jul 07)
- Re: [Wireshark-commits] rev 33464: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ber.c Guy Harris (Jul 07)
- Re: [Wireshark-commits] rev 33464: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ber.c Jeff Morriss (Jul 07)