diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2017-06-18 22:16:42 +0200 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2017-06-19 19:03:35 +0000 |
commit | 29c0bc8abbcd6e745ecd23a0a7dfc2497b2758c3 (patch) | |
tree | cc3da6b7a9a5285e5c8adc1d8bd98c64e844c7f3 | |
parent | 4378f2da42705b77a5de45b4337a6a1a7deaa7f1 (diff) | |
download | wireshark-29c0bc8abbcd6e745ecd23a0a7dfc2497b2758c3.tar.gz |
DAAP: define an arbitrary recursion depth limit
Bug: 13799
Change-Id: I611e3e888f91f78262e0d685e613a2bc221687c5
Reviewed-on: https://code.wireshark.org/review/22210
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(cherry picked from commit 82fc557bed30b1aa69ca43a4291b64a9ce54c78a)
Reviewed-on: https://code.wireshark.org/review/22229
-rw-r--r-- | epan/dissectors/packet-daap.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/epan/dissectors/packet-daap.c b/epan/dissectors/packet-daap.c index 4d1b600bab..794d40a64b 100644 --- a/epan/dissectors/packet-daap.c +++ b/epan/dissectors/packet-daap.c @@ -26,6 +26,7 @@ #include <epan/packet.h> #include <epan/exceptions.h> #include <wsutil/str_util.h> +#include <epan/expert.h> #include "packet-http.h" #define TCP_PORT_DAAP 3689 @@ -394,8 +395,10 @@ static int hf_daap_track_id = -1; static gint ett_daap = -1; static gint ett_daap_sub = -1; +static expert_field ei_daap_max_recursion_depth_reached = EI_INIT; + /* Forward declarations */ -static void dissect_daap_one_tag(proto_tree *tree, tvbuff_t *tvb); +static void dissect_daap_one_tag(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int recursion_depth); static int dissect_daap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) @@ -428,12 +431,14 @@ dissect_daap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ ti = proto_tree_add_item(tree, proto_daap, tvb, 0, -1, ENC_NA); daap_tree = proto_item_add_subtree(ti, ett_daap); - dissect_daap_one_tag(daap_tree, tvb); + dissect_daap_one_tag(daap_tree, pinfo, tvb, 0); return tvb_captured_length(tvb); } +#define DAAP_MAX_RECURSION_DEPTH 100 + static void -dissect_daap_one_tag(proto_tree *tree, tvbuff_t *tvb) +dissect_daap_one_tag(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int recursion_depth) { guint offset = 0; guint32 tagname, tagsize; @@ -441,6 +446,11 @@ dissect_daap_one_tag(proto_tree *tree, tvbuff_t *tvb) proto_tree *tag_tree; tvbuff_t *new_tvb; + if (recursion_depth >= DAAP_MAX_RECURSION_DEPTH) { + proto_tree_add_expert(tree, pinfo, &ei_daap_max_recursion_depth_reached, + tvb, 0, 0); + return; + } while (offset < tvb_reported_length(tvb)) { tagname = tvb_get_ntohl(tvb, offset); tagsize = tvb_get_ntohl(tvb, offset+4); @@ -491,7 +501,7 @@ dissect_daap_one_tag(proto_tree *tree, tvbuff_t *tvb) case dacp_cmst: /* Container tags */ new_tvb = tvb_new_subset_length(tvb, offset, (gint)tagsize); - dissect_daap_one_tag(tag_tree, new_tvb); + dissect_daap_one_tag(tag_tree, pinfo, new_tvb, recursion_depth+1); break; case daap_minm: @@ -762,9 +772,19 @@ proto_register_daap(void) &ett_daap_sub, }; + expert_module_t *expert_daap; + + static ei_register_info ei[] = { + { &ei_daap_max_recursion_depth_reached, { "daap.max_recursion_depth_reached", + PI_PROTOCOL, PI_WARN, "Maximum allowed recursion depth reached - stop decoding", EXPFILL }} + }; + proto_daap = proto_register_protocol("Digital Audio Access Protocol", "DAAP", "daap"); + expert_daap = expert_register_protocol(proto_daap); + expert_register_field_array(expert_daap, ei, array_length(ei)); + proto_register_field_array(proto_daap, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } |