diff options
author | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2005-04-22 21:17:13 +0000 |
---|---|---|
committer | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2005-04-22 21:17:13 +0000 |
commit | 4c59fdc388eb5bcc9cf78d1385c23d1e60546b21 (patch) | |
tree | f8f62a7beb847bddda04888f1e98f4140a5e1ae1 /epan | |
parent | 3e0cbeaa55c93ec1ee25c6625daea5edf8c45081 (diff) |
Define a maximum OID string length, and use it in a lot of places. Fixes a
buffer overflow found while fuzz testing.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@14169 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ber.c | 8 | ||||
-rw-r--r-- | epan/dissectors/packet-ber.h | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-cmip.c | 6 | ||||
-rw-r--r-- | epan/dissectors/packet-cmp.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-cms.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-crmf.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-ess.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-ocsp.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-pkix1explicit.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-pkixqualified.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-x509af.c | 4 | ||||
-rw-r--r-- | epan/dissectors/packet-x509ce.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-x509if.c | 2 |
13 files changed, 20 insertions, 18 deletions
diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c index f90617b96c..69cec54361 100644 --- a/epan/dissectors/packet-ber.c +++ b/epan/dissectors/packet-ber.c @@ -1,4 +1,4 @@ -/*#define DEBUG_BER 1*/ +/* #define DEBUG_BER 1 */ /* TODO: change #.REGISTER signature to new_dissector_t and * update call_ber_oid_callback() accordingly. */ @@ -1185,7 +1185,7 @@ int dissect_ber_object_identifier(gboolean implicit_tag, packet_info *pinfo, pro int eoffset; guint8 byte; guint32 value; - char str[256],*strp, *name; + char str[BER_MAX_OID_STR_LEN],*strp, *name; proto_item *item; #ifdef DEBUG_BER @@ -1231,8 +1231,8 @@ printf("OBJECT IDENTIFIER dissect_ber_object_identifier(%s) entered\n",name); byte = tvb_get_guint8(tvb, offset); offset++; - if((strp-str)>200){ - proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier"); + if((strp-str) > BER_MAX_OID_STR_LEN - 10) { /* 3 digits + '.' + 3 digits + '\0' + slop */ + proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier (%d bytes)", strp-str); return offset; } diff --git a/epan/dissectors/packet-ber.h b/epan/dissectors/packet-ber.h index ecefef4337..2a65ca336d 100644 --- a/epan/dissectors/packet-ber.h +++ b/epan/dissectors/packet-ber.h @@ -71,6 +71,8 @@ typedef int (*ber_callback)(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, #define BER_UNI_TAG_CHARACTERSTRING 29 #define BER_UNI_TAG_BMPString 30 +#define BER_MAX_OID_STR_LEN 256 + /* this function dissects the identifier octer of the BER TLV. * We only handle TAGs (and LENGTHs) that fit inside 32 bit integers. */ diff --git a/epan/dissectors/packet-cmip.c b/epan/dissectors/packet-cmip.c index 6d06fd4682..f82576a351 100644 --- a/epan/dissectors/packet-cmip.c +++ b/epan/dissectors/packet-cmip.c @@ -280,14 +280,14 @@ static int opcode_type; static int attributeform; #define ATTRIBUTE_LOCAL_FORM 0 #define ATTRIBUTE_GLOBAL_FORM 1 -static char attribute_identifier_id[64]; /*64 chars should be long enough? */ +static char attribute_identifier_id[BER_MAX_OID_STR_LEN]; -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; static int objectclassform; #define OBJECTCLASS_LOCAL_FORM 0 #define OBJECTCLASS_GLOBAL_FORM 1 -static char objectclass_identifier_id[64]; /*64 chars should be long enough? */ +static char objectclass_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-cmip-fn.c ---*/ diff --git a/epan/dissectors/packet-cmp.c b/epan/dissectors/packet-cmp.c index 2db510befb..c39f53f237 100644 --- a/epan/dissectors/packet-cmp.c +++ b/epan/dissectors/packet-cmp.c @@ -214,7 +214,7 @@ static gint ett_cmp_ErrorMsgContent = -1; /*--- End of included file: packet-cmp-ett.c ---*/ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; diff --git a/epan/dissectors/packet-cms.c b/epan/dissectors/packet-cms.c index 02aece5548..4e5fe33a6f 100644 --- a/epan/dissectors/packet-cms.c +++ b/epan/dissectors/packet-cms.c @@ -186,7 +186,7 @@ static gint ett_cms_ExtendedCertificateInfo = -1; static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2eth stops generating these silly wrappers */ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-cms-fn.c ---*/ diff --git a/epan/dissectors/packet-crmf.c b/epan/dissectors/packet-crmf.c index 6c1a047741..f1e8cb0d5c 100644 --- a/epan/dissectors/packet-crmf.c +++ b/epan/dissectors/packet-crmf.c @@ -153,7 +153,7 @@ static gint ett_crmf_CertId = -1; /*--- End of included file: packet-crmf-ett.c ---*/ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-crmf-fn.c ---*/ diff --git a/epan/dissectors/packet-ess.c b/epan/dissectors/packet-ess.c index a4681c6357..070d394e58 100644 --- a/epan/dissectors/packet-ess.c +++ b/epan/dissectors/packet-ess.c @@ -129,7 +129,7 @@ static gint ett_ess_IssuerSerial = -1; /*--- End of included file: packet-ess-ett.c ---*/ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-ess-fn.c ---*/ diff --git a/epan/dissectors/packet-ocsp.c b/epan/dissectors/packet-ocsp.c index 70f7794382..fb4144f251 100644 --- a/epan/dissectors/packet-ocsp.c +++ b/epan/dissectors/packet-ocsp.c @@ -139,7 +139,7 @@ static gint ett_ocsp_CrlID = -1; /*--- End of included file: packet-ocsp-ett.c ---*/ -static char responseType_id[64]; /*64 chars should be long enough? */ +static char responseType_id[BER_MAX_OID_STR_LEN]; diff --git a/epan/dissectors/packet-pkix1explicit.c b/epan/dissectors/packet-pkix1explicit.c index 6cfa0a555e..7d114b928b 100644 --- a/epan/dissectors/packet-pkix1explicit.c +++ b/epan/dissectors/packet-pkix1explicit.c @@ -98,7 +98,7 @@ static gint ett_pkix1explicit_TeletexDomainDefinedAttribute = -1; -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; int dissect_pkix1explicit_Certificate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) { diff --git a/epan/dissectors/packet-pkixqualified.c b/epan/dissectors/packet-pkixqualified.c index d462c3c34b..9ef95d6171 100644 --- a/epan/dissectors/packet-pkixqualified.c +++ b/epan/dissectors/packet-pkixqualified.c @@ -94,7 +94,7 @@ static gint ett_pkixqualified_NameRegistrationAuthorities = -1; /*--- End of included file: packet-pkixqualified-ett.c ---*/ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-pkixqualified-fn.c ---*/ diff --git a/epan/dissectors/packet-x509af.c b/epan/dissectors/packet-x509af.c index f460edf448..172177ad40 100644 --- a/epan/dissectors/packet-x509af.c +++ b/epan/dissectors/packet-x509af.c @@ -170,10 +170,10 @@ static gint ett_x509af_SET_OF_AttributeType = -1; /*--- End of included file: packet-x509af-ett.c ---*/ -static char algorithm_id[64]; /*64 chars should be long enough? */ +static char algorithm_id[BER_MAX_OID_STR_LEN]; -static char extension_id[64]; /*64 chars should be long enough? */ +static char extension_id[BER_MAX_OID_STR_LEN]; diff --git a/epan/dissectors/packet-x509ce.c b/epan/dissectors/packet-x509ce.c index e329b8f645..54712d5294 100644 --- a/epan/dissectors/packet-x509ce.c +++ b/epan/dissectors/packet-x509ce.c @@ -260,7 +260,7 @@ static gint ett_x509ce_PkiPathMatchSyntax = -1; /*--- End of included file: packet-x509ce-ett.c ---*/ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-x509ce-fn.c ---*/ diff --git a/epan/dissectors/packet-x509if.c b/epan/dissectors/packet-x509if.c index 7a9f1a87bd..c2ae943f53 100644 --- a/epan/dissectors/packet-x509if.c +++ b/epan/dissectors/packet-x509if.c @@ -275,7 +275,7 @@ static gint ett_x509if_MRSubstitution = -1; /*--- End of included file: packet-x509if-ett.c ---*/ -static char object_identifier_id[64]; /*64 chars should be long enough? */ +static char object_identifier_id[BER_MAX_OID_STR_LEN]; /*--- Included file: packet-x509if-fn.c ---*/ |