diff options
| author | Gerald Combs <gerald@wireshark.org> | 2011-03-01 00:50:17 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2011-03-01 00:50:17 +0000 |
| commit | 91fe31c9b48d899666a0f7851e2f30d6960dc3b8 (patch) | |
| tree | 523858e905ec2f3ad511a1fe789bfd67d5f48c54 /epan/dissectors | |
| parent | 16097406f4589db42d906edef8693dfb0fd47b13 (diff) | |
If we encounter an excessively long filter string or one with too many
elements, add an expert item and throw a ReportedBoundsError. We may
want to handle this more cleanly in the future but this avoids
allocating a huge amount of memory.
svn path=/trunk/; revision=36101
Diffstat (limited to 'epan/dissectors')
| -rw-r--r-- | epan/dissectors/packet-ldap.c | 49 |
1 files changed, 33 insertions, 16 deletions
diff --git a/epan/dissectors/packet-ldap.c b/epan/dissectors/packet-ldap.c index 151d153f43..8152b25883 100644 --- a/epan/dissectors/packet-ldap.c +++ b/epan/dissectors/packet-ldap.c @@ -111,6 +111,7 @@ #include <epan/dissectors/packet-windows-common.h> #include <epan/dissectors/packet-dcerpc.h> #include <epan/asn1.h> +#include <epan/expert.h> #include "packet-ldap.h" #include "packet-ntlmssp.h" @@ -340,7 +341,7 @@ static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */ static int hf_ldap_error = -1; /* T_error */ /*--- End of included file: packet-ldap-hf.c ---*/ -#line 187 "packet-ldap-template.c" +#line 188 "packet-ldap-template.c" /* Initialize the subtree pointers */ static gint ett_ldap = -1; @@ -413,7 +414,7 @@ static gint ett_ldap_PasswordPolicyResponseValue = -1; static gint ett_ldap_T_warning = -1; /*--- End of included file: packet-ldap-ett.c ---*/ -#line 198 "packet-ldap-template.c" +#line 199 "packet-ldap-template.c" static dissector_table_t ldap_name_dissector_table=NULL; static const char *object_identifier_id = NULL; /* LDAP OID */ @@ -795,6 +796,12 @@ static const char *substring_item_final=NULL; static const char *matching_rule_string=NULL; static gboolean matching_rule_dnattr=FALSE; +#define MAX_FILTER_LEN 4096 +static gint Filter_length; + +#define MAX_FILTER_ELEMENTS 200 +static gint Filter_elements; + /* Global variables */ char *mechanism = NULL; static gint MessageID =-1; @@ -1238,7 +1245,7 @@ dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 691 "ldap.cnf" +#line 701 "ldap.cnf" /* make sure the protocol op comes first */ ldap_do_protocolop(actx->pinfo); @@ -1254,7 +1261,7 @@ dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in static int dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 698 "ldap.cnf" +#line 708 "ldap.cnf" /* make sure the protocol op comes first */ ldap_do_protocolop(actx->pinfo); @@ -1419,7 +1426,7 @@ dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U static int dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 705 "ldap.cnf" +#line 715 "ldap.cnf" tvbuff_t *new_tvb=NULL; offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb); @@ -2098,6 +2105,16 @@ dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_ proto_item *it=NULL; attributedesc_string=NULL; + if (Filter_length++ > MAX_FILTER_LEN) { + expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN); + THROW(ReportedBoundsError); + } + + if (Filter_elements++ > MAX_FILTER_ELEMENTS) { + expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS); + THROW(ReportedBoundsError); + } + if(tree){ it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: "); tr=proto_item_add_subtree(it, ett_ldap_Filter); @@ -2407,7 +2424,7 @@ dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i static int dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 808 "ldap.cnf" +#line 818 "ldap.cnf" offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL); @@ -2684,7 +2701,7 @@ dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 815 "ldap.cnf" +#line 825 "ldap.cnf" offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID); @@ -2755,7 +2772,7 @@ dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U static int dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 740 "ldap.cnf" +#line 750 "ldap.cnf" if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); @@ -2904,12 +2921,12 @@ dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 748 "ldap.cnf" +#line 758 "ldap.cnf" const gchar *name; -#line 752 "ldap.cnf" +#line 762 "ldap.cnf" if(ldm_tree && object_identifier_id) { proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id); name = oid_resolved_from_string(object_identifier_id); @@ -3090,7 +3107,7 @@ dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse static int dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 721 "ldap.cnf" +#line 731 "ldap.cnf" gint8 class; gboolean pc, ind; gint32 tag; @@ -3275,7 +3292,7 @@ dissect_ldap_DirSyncFlagsSubEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, static int dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 765 "ldap.cnf" +#line 775 "ldap.cnf" gint8 class; gboolean pc; gint32 tag; @@ -3684,7 +3701,7 @@ static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_in /*--- End of included file: packet-ldap-fn.c ---*/ -#line 738 "packet-ldap-template.c" +#line 745 "packet-ldap-template.c" static void dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo, @@ -5562,7 +5579,7 @@ void proto_register_ldap(void) { NULL, HFILL }}, /*--- End of included file: packet-ldap-hfarr.c ---*/ -#line 2035 "packet-ldap-template.c" +#line 2042 "packet-ldap-template.c" }; /* List of subtrees */ @@ -5637,7 +5654,7 @@ void proto_register_ldap(void) { &ett_ldap_T_warning, /*--- End of included file: packet-ldap-ettarr.c ---*/ -#line 2048 "packet-ldap-template.c" +#line 2055 "packet-ldap-template.c" }; module_t *ldap_module; @@ -5768,7 +5785,7 @@ proto_reg_handoff_ldap(void) /*--- End of included file: packet-ldap-dis-tab.c ---*/ -#line 2162 "packet-ldap-template.c" +#line 2169 "packet-ldap-template.c" } |