]> The Tcpdump Group git mirrors - tcpdump/blobdiff - smbutil.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
(for 4.9.3) CVE-2018-16452/SMB: prevent stack exhaustion
[tcpdump] / smbutil.c
diff --git a/smbutil.c b/smbutil.c
index fc9b3cc6f227a659fd71f3c5e4c1c766a132e9a3..7b01f487dbc2de43cb1cdb19c5a017866d27d80d 100644 (file)
--- a/smbutil.c
+++ b/smbutil.c
@@ -807,7 +807,14 @@ smb_fdata(netdissect_options *ndo,
            while (buf < maxbuf) {
                const u_char *buf2;
                depth++;
-               buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
+               /* Not sure how this relates with the protocol specification,
+                * but in order to avoid stack exhaustion recurse at most that
+                * many levels.
+                */
+               if (depth == 10)
+                       ND_PRINT((ndo, "(too many nested levels, not recursing)"));
+               else
+                       buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
                depth--;
                if (buf2 == NULL)
                    return(NULL);
[mirror] the TCPdump network dissector