diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-05-04 20:03:35 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2017-05-05 04:05:40 +0000 |
commit | ce8863c6efcee54655b7856002430bd1716a7776 (patch) | |
tree | c019c2c3e03ce13e772e7b699539fd9902464226 /epan/wslua | |
parent | a9be0881285c948b5bcf8dd3f11c0369f2735b98 (diff) |
nsh: fix stack overflow due to missing length checks
After v2.3.0rc0-3167-ge6f944d632, the NSH dissector could call itself
recursively and since the minimum header length was not validated, it
could result in a stack overflow due to infinite recursion.
Add checks based on the text from
https://tools.ietf.org/html/draft-ietf-sfc-nsh-12#section-3.2
This patch also fixes a regression since v2.3.0rc0-3171-g2273cf0e7b
where the wrong tvb was passed to subdissectors. Tested with the two
captures from bug 11490.
Bug: 13612
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1156
Change-Id: I8cacfa267557e8373ff8134f4b020d927e37842f
Reviewed-on: https://code.wireshark.org/review/21499
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/wslua')
0 files changed, 0 insertions, 0 deletions