diff options
author | Guy Harris <guy@alum.mit.edu> | 2011-11-14 18:42:11 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2011-11-14 18:42:11 +0000 |
commit | bbed650915915d8421b6bce281d7d732ee82ef45 (patch) | |
tree | a896514bc8f242f2671450130fd7182f8c4071a6 /asn1/snmp | |
parent | eed8e49aff77f0ff1a7a95b516a973220b0615eb (diff) |
Do some more length checking to avoid a dissector bug error. Should fix
bug 6564.
svn path=/trunk/; revision=39831
Diffstat (limited to 'asn1/snmp')
-rw-r--r-- | asn1/snmp/packet-snmp-template.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/asn1/snmp/packet-snmp-template.c b/asn1/snmp/packet-snmp-template.c index c1961c63fb..959724e69f 100644 --- a/asn1/snmp/packet-snmp-template.c +++ b/asn1/snmp/packet-snmp-template.c @@ -824,13 +824,47 @@ indexing_done: hfid = hf_snmp_unknown_value; break; } - if ((value_len == 9) && (tvb_get_guint8(tvb, value_offset) == 0)) { - /* Check if this is an unsigned int64 with a big value */ + if (value_len > 8) { + /* + * Too long for an FT_UINT64 or an FT_INT64. + */ header_field_info *hfinfo = proto_registrar_get_nth(hfid); if (hfinfo->type == FT_UINT64) { + /* + * Check if this is an unsigned int64 with + * a big value. + */ + if (value_len > 9 || tvb_get_guint8(tvb, value_offset) != 0) { + /* It is. Fail. */ + pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value too large"); + expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unsigned integer value > 2^64 - 1"); + goto already_added; + } /* Cheat and skip the leading 0 byte */ value_len--; value_offset++; + } else if (hfinfo->type == FT_INT64) { + /* + * For now, just reject these. + */ + pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value too large or too small"); + expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Signed integer value > 2^63 - 1 or <= -2^63"); + goto already_added; + } + } else if (value_len == 0) { + /* + * X.690 section 8.3.1 "Encoding of an integer value": + * "The encoding of an integer value shall be + * primitive. The contents octets shall consist of + * one or more octets." + * + * Zero is not "one or more". + */ + header_field_info *hfinfo = proto_registrar_get_nth(hfid); + if (hfinfo->type == FT_UINT64 || hfinfo->type == FT_INT64) { + pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value is zero-length"); + expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Integral value is zero-length"); + goto already_added; } } pi_value = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN); |