diff options
author | Gerald Combs <gerald@wireshark.org> | 2011-03-01 00:50:17 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2011-03-01 00:50:17 +0000 |
commit | 91fe31c9b48d899666a0f7851e2f30d6960dc3b8 (patch) | |
tree | 523858e905ec2f3ad511a1fe789bfd67d5f48c54 /asn1 | |
parent | 16097406f4589db42d906edef8693dfb0fd47b13 (diff) |
If we encounter an excessively long filter string or one with too many
elements, add an expert item and throw a ReportedBoundsError. We may
want to handle this more cleanly in the future but this avoids
allocating a huge amount of memory.
svn path=/trunk/; revision=36101
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/ldap/ldap.cnf | 10 | ||||
-rw-r--r-- | asn1/ldap/packet-ldap-template.c | 7 |
2 files changed, 17 insertions, 0 deletions
diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf index 7d7e45788c..e11aefe7c3 100644 --- a/asn1/ldap/ldap.cnf +++ b/asn1/ldap/ldap.cnf @@ -678,6 +678,16 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v proto_item *it=NULL; attributedesc_string=NULL; + if (Filter_length++ > MAX_FILTER_LEN) { + expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN); + THROW(ReportedBoundsError); + } + + if (Filter_elements++ > MAX_FILTER_ELEMENTS) { + expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS); + THROW(ReportedBoundsError); + } + if(tree){ it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: "); tr=proto_item_add_subtree(it, ett_ldap_Filter); diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c index 5e4d7797b2..74dffda805 100644 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -103,6 +103,7 @@ #include <epan/dissectors/packet-windows-common.h> #include <epan/dissectors/packet-dcerpc.h> #include <epan/asn1.h> +#include <epan/expert.h> #include "packet-ldap.h" #include "packet-ntlmssp.h" @@ -576,6 +577,12 @@ static const char *substring_item_final=NULL; static const char *matching_rule_string=NULL; static gboolean matching_rule_dnattr=FALSE; +#define MAX_FILTER_LEN 4096 +static gint Filter_length; + +#define MAX_FILTER_ELEMENTS 200 +static gint Filter_elements; + /* Global variables */ char *mechanism = NULL; static gint MessageID =-1; |