diff options
| author | Pascal Quantin <pascal.quantin@gmail.com> | 2016-07-25 17:39:10 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-07-26 03:54:27 +0000 |
| commit | 347f071f1b9180563c28b0f3d0627b91eb456c72 (patch) | |
| tree | 53c740860ea6b8939fc23b8ee3e254ff3b2834f1 /epan | |
| parent | 2193bea3212d74e2a907152055e27d409b59485e (diff) | |
| download | wireshark-347f071f1b9180563c28b0f3d0627b91eb456c72.tar.gz | |
WBXML: limit the recursion level
Bug: 12663
Change-Id: Ibbab2f20f4eda9f42ea0ea5e88dcf553cce1b55c
Reviewed-on: https://code.wireshark.org/review/16670
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-wbxml.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/epan/dissectors/packet-wbxml.c b/epan/dissectors/packet-wbxml.c index 54948ca1be..b78d45f83e 100644 --- a/epan/dissectors/packet-wbxml.c +++ b/epan/dissectors/packet-wbxml.c @@ -178,6 +178,7 @@ static expert_field ei_wbxml_data_not_shown = EI_INIT; static expert_field ei_wbxml_content_type_not_supported = EI_INIT; static expert_field ei_wbxml_content_type_disabled = EI_INIT; static expert_field ei_wbxml_oversized_uintvar = EI_INIT; +static expert_field ei_wbxml_too_much_recursion = EI_INIT; /* WBXML Preferences */ static gboolean skip_wbxml_token_mapping = FALSE; @@ -7309,6 +7310,10 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, gu The initial state is FALSE. This state will trigger recursion. */ + if (*level == 255) { + proto_tree_add_expert(tree, pinfo, &ei_wbxml_too_much_recursion, tvb, offset, tvb_captured_length_remaining(tvb, offset)); + return tvb_len; + } DebugLog(("parse_wbxml_tag_defined (level = %u, offset = %u)\n", *level, offset)); while (off < tvb_len) { peek = tvb_get_guint8 (tvb, off); @@ -8106,7 +8111,8 @@ proto_register_wbxml(void) { &ei_wbxml_data_not_shown, { "wbxml.data_not_shown", PI_PROTOCOL, PI_NOTE, "Data representation not shown (edit WBXML preferences to show)", EXPFILL }}, { &ei_wbxml_content_type_not_supported, { "wbxml.content_type.not_supported", PI_UNDECODED, PI_WARN, "Rendering of this content type not (yet) supported", EXPFILL }}, { &ei_wbxml_content_type_disabled, { "wbxml.content_type.disabled", PI_PROTOCOL, PI_NOTE, "Rendering of this content type has been disabled (edit WBXML preferences to enable)", EXPFILL }}, - { &ei_wbxml_oversized_uintvar, { "wbxml.oversized_uintvar", PI_MALFORMED, PI_ERROR, "Uintvar is oversized", EXPFILL }} + { &ei_wbxml_oversized_uintvar, { "wbxml.oversized_uintvar", PI_MALFORMED, PI_ERROR, "Uintvar is oversized", EXPFILL }}, + { &ei_wbxml_too_much_recursion, { "wbxml.too_much_recursion", PI_UNDECODED, PI_WARN, "Too much recursion", EXPFILL }} }; expert_module_t* expert_wbxml; |