URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6ef53e3ed87cb83144e2e7270f38a459d459711 Submitter: "Pascal Quantin <pas...@wireshark.org>" Changed: branch: master Repository: wireshark
Commits: f6ef53e by Pau Espin Pedrol (pes...@sysmocom.de): csn1: Validate recursive array max size during decoding This way if CSN1 encoded bitstream contains more elements than what the defintion expects it will fail instead of overflowing the decoded buffer. Example: RA Capabilities struct (recursive array) sent by a real android phone when attaching to the network. Then SGSN sends it back and osmo-pcu would crash similar to this: *** stack smashing detected ***: terminated Process terminating with default action of signal 6 (SIGABRT): dumping core at 0x4C62CE5: raise (in /usr/lib/libc-2.31.so) by 0x4C4C856: abort (in /usr/lib/libc-2.31.so) by 0x4CA62AF: __libc_message (in /usr/lib/libc-2.31.so) by 0x4D36069: __fortify_fail (in /usr/lib/libc-2.31.so) by 0x4D36033: __stack_chk_fail (in /usr/lib/libc-2.31.so) by 0x124706: testRAcap2(void*) (RLCMACTest.cpp:468) Port from osmo-pcu.git efad80bfbffb2a35d2516e56dc40979f19c6c370 Related: https://osmocom.org/issues/4463 Change-Id: I6bdd6960141829491aebbfdaab548c41d4a3bc9f Reviewed-on: https://code.wireshark.org/review/36572 Reviewed-by: Harald Welte <lafo...@gnumonks.org> Petri-Dish: Pascal Quantin <pas...@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Pascal Quantin <pas...@wireshark.org> Actions performed: from 7b8ea03 lltd: fix typo found by lintian (Phyiscal => Physical) add f6ef53e csn1: Validate recursive array max size during decoding Summary of changes: epan/dissectors/packet-csn1.c | 18 ++++++++++++++++-- epan/dissectors/packet-csn1.h | 6 +++--- 2 files changed, 19 insertions(+), 5 deletions(-) ___________________________________________________________________________ Sent via: Wireshark-commits mailing list <wireshark-commits@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-commits Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-commits mailto:wireshark-commits-requ...@wireshark.org?subject=unsubscribe