Gerald Combs wrote: > [email protected] wrote: >> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33464 >> >> User: morriss >> Date: 2010/07/07 08:52 AM >> >> Log: >> Fix infinite recursion reported in >> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4984 : In >> try_get_ber_length() make sure we move forward before recursing. >> >> Directory: /trunk/epan/dissectors/ >> Changes Path Action >> +57 -56 packet-ber.c Modified > > If I apply the attached debugging code to packet-ber.c I see some high > stack counts in the fuzz capture from bug 4984. It looks like we're > still vulnerable to a stack overflow.
Interesting--I don't get any stacks deeper than 10 on that capture file. > Shouldn't we remove recursion from try_get_ber_length or at least throw > an exception when we run into, say, 5 levels of nesting? I don't know enough to say what's a valid depth. In looking at the sample captures I have, I only got to a depth above 10 on one which is probably supposed to be valid but throws an exception in the end. But this sample capture: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=c06-ldapv3-enc-r1.pcap.gz gets depths as high as 25,604... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
