diff options
-rw-r--r-- | epan/dissectors/packet-afp.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/epan/dissectors/packet-afp.c b/epan/dissectors/packet-afp.c index 9ff972cf63..89878931f5 100644 --- a/epan/dissectors/packet-afp.c +++ b/epan/dissectors/packet-afp.c @@ -4664,8 +4664,9 @@ decode_kauth_ace(tvbuff_t *tvb, proto_tree *tree, gint offset) return offset; } +#define AFP_MAX_ACL_ENTRIES 500 /* Arbitrary. */ static gint -decode_kauth_acl(tvbuff_t *tvb, proto_tree *tree, gint offset) +decode_kauth_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) { int entries; int i; @@ -4680,9 +4681,14 @@ decode_kauth_acl(tvbuff_t *tvb, proto_tree *tree, gint offset) sub_tree = proto_item_add_subtree(item, ett_afp_ace_entries); offset += 4; - proto_tree_add_item(tree, hf_afp_acl_flags, tvb, offset, 4, ENC_BIG_ENDIAN); + item = proto_tree_add_item(tree, hf_afp_acl_flags, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; + if (entries > AFP_MAX_ACL_ENTRIES) { + expert_add_info_format(pinfo, item, PI_UNDECODED, PI_WARN, "Excessive number of ACL entries (%u). Stopping dissection.", entries); + THROW(ReportedBoundsError); + } + for (i = 0; i < entries; i++) { item = proto_tree_add_text(sub_tree, tvb, offset, 24, "ACE: %u", i); ace_tree = proto_item_add_subtree(item, ett_afp_ace_entry); @@ -4694,7 +4700,7 @@ decode_kauth_acl(tvbuff_t *tvb, proto_tree *tree, gint offset) } static gint -decode_uuid_acl(tvbuff_t *tvb, proto_tree *tree, gint offset, guint16 bitmap) +decode_uuid_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset, guint16 bitmap) { if ((offset & 1)) PAD(1); @@ -4710,7 +4716,7 @@ decode_uuid_acl(tvbuff_t *tvb, proto_tree *tree, gint offset, guint16 bitmap) } if ((bitmap & kFileSec_ACL)) { - offset = decode_kauth_acl(tvb, tree, offset); + offset = decode_kauth_acl(tvb, pinfo, tree, offset); } return offset; @@ -4730,7 +4736,7 @@ dissect_query_afp_set_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g offset = decode_name(tree, pinfo, tvb, offset); - offset = decode_uuid_acl(tvb, tree, offset, bitmap); + offset = decode_uuid_acl(tvb, pinfo, tree, offset, bitmap); return offset; } @@ -4762,7 +4768,7 @@ dissect_reply_afp_get_acl(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tre bitmap = decode_acl_list_bitmap(tvb, tree, offset); offset += 2; - offset = decode_uuid_acl(tvb, tree, offset, bitmap); + offset = decode_uuid_acl(tvb, pinfo, tree, offset, bitmap); return offset; } @@ -6544,7 +6550,7 @@ proto_register_afp(void) { &hf_afp_acl_entrycount, { "ACEs count", "afp.acl_entrycount", - FT_UINT32, BASE_HEX, NULL, 0, + FT_UINT32, BASE_DEC, NULL, 0, "Number of ACL entries", HFILL }}, { &hf_afp_acl_flags, |