Wireshark-commits: [Wireshark-commits] master f6ef53e: csn1: Validate recursive array max size duri
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6ef53e3ed87cb83144e2e7270f38a459d459711
Submitter: "Pascal Quantin <pascal@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
f6ef53e by Pau Espin Pedrol (pespin@xxxxxxxxxxx):
csn1: Validate recursive array max size during decoding
This way if CSN1 encoded bitstream contains more elements than what the
defintion expects it will fail instead of overflowing the decoded
buffer.
Example: RA Capabilities struct (recursive array) sent by a real android phone
when attaching to the network. Then SGSN sends it back and osmo-pcu would crash
similar to this:
*** stack smashing detected ***: terminated
Process terminating with default action of signal 6 (SIGABRT): dumping core
at 0x4C62CE5: raise (in /usr/lib/libc-2.31.so)
by 0x4C4C856: abort (in /usr/lib/libc-2.31.so)
by 0x4CA62AF: __libc_message (in /usr/lib/libc-2.31.so)
by 0x4D36069: __fortify_fail (in /usr/lib/libc-2.31.so)
by 0x4D36033: __stack_chk_fail (in /usr/lib/libc-2.31.so)
by 0x124706: testRAcap2(void*) (RLCMACTest.cpp:468)
Port from osmo-pcu.git efad80bfbffb2a35d2516e56dc40979f19c6c370
Related: https://osmocom.org/issues/4463
Change-Id: I6bdd6960141829491aebbfdaab548c41d4a3bc9f
Reviewed-on: https://code.wireshark.org/review/36572
Reviewed-by: Harald Welte <laforge@xxxxxxxxxxxx>
Petri-Dish: Pascal Quantin <pascal@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@xxxxxxxxxxxxx>
Actions performed:
from 7b8ea03 lltd: fix typo found by lintian (Phyiscal => Physical)
add f6ef53e csn1: Validate recursive array max size during decoding
Summary of changes:
epan/dissectors/packet-csn1.c | 18 ++++++++++++++++--
epan/dissectors/packet-csn1.h | 6 +++---
2 files changed, 19 insertions(+), 5 deletions(-)