Wireshark-commits: [Wireshark-commits] master 9ff932b: ber: avoid deep recursion for constructed st
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 24 Feb 2016 06:06:50 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9ff932bf5ea554f9e94ee1364284aff9eb3fd619
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

9ff932b by Peter Wu (peter@xxxxxxxxxxxxx):

    ber: avoid deep recursion for constructed strings
    
    Bound the recursion depth to avoid a stack overflow while parsing a
    deeply nested constructed string.
    
    Call chain before this patch:
    
     - dissect_ber_octet_string
       - dissect_ber_constrained_octet_string
         - reassemble_octet_string (called for constructed types)
           - dissect_ber_octet_string *recursion*
    
    After this patch, the reassemble_octet_string will throw if the maximum
    recursion depth is reached.
    
    Bug: 11822
    Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
    Reviewed-on: https://code.wireshark.org/review/14108
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  e395633   vwr: fix heap-based buffer overflow
    adds  9ff932b   ber: avoid deep recursion for constructed strings


Summary of changes:
 epan/dissectors/packet-ber.c |   20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)