buffer overflow found while fuzz testing.
svn path=/trunk/; revision=14169
static int attributeform;
#define ATTRIBUTE_LOCAL_FORM 0
#define ATTRIBUTE_GLOBAL_FORM 1
-static char attribute_identifier_id[64]; /*64 chars should be long enough? */
+static char attribute_identifier_id[BER_MAX_OID_STR_LEN];
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
static int objectclassform;
#define OBJECTCLASS_LOCAL_FORM 0
#define OBJECTCLASS_GLOBAL_FORM 1
-static char objectclass_identifier_id[64]; /*64 chars should be long enough? */
+static char objectclass_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-cmip-fn.c"
static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2eth stops generating these silly wrappers */
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-cms-fn.c"
/* Initialize the subtree pointers */
#include "packet-ess-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-ess-fn.c"
static gint ett_ocsp = -1;
#include "packet-ocsp-ett.c"
-static char responseType_id[64]; /*64 chars should be long enough? */
+static char responseType_id[BER_MAX_OID_STR_LEN];
#include "packet-ocsp-fn.c"
#include "packet-pkix1explicit-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
int
dissect_pkix1explicit_Certificate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
static gint ett_cmp = -1;
#include "packet-cmp-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-cmp-fn.c"
/* Initialize the subtree pointers */
#include "packet-crmf-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-crmf-fn.c"
/* Initialize the subtree pointers */
#include "packet-pkixqualified-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-pkixqualified-fn.c"
static gint ett_pkix_crl = -1;
#include "packet-x509af-ett.c"
-static char algorithm_id[64]; /*64 chars should be long enough? */
+static char algorithm_id[BER_MAX_OID_STR_LEN];
-static char extension_id[64]; /*64 chars should be long enough? */
+static char extension_id[BER_MAX_OID_STR_LEN];
#include "packet-x509af-fn.c"
/* Initialize the subtree pointers */
#include "packet-x509ce-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-x509ce-fn.c"
/* Initialize the subtree pointers */
#include "packet-x509if-ett.c"
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
#include "packet-x509if-fn.c"
-/*#define DEBUG_BER 1*/
+/* #define DEBUG_BER 1 */
/* TODO: change #.REGISTER signature to new_dissector_t and
* update call_ber_oid_callback() accordingly.
*/
int eoffset;
guint8 byte;
guint32 value;
- char str[256],*strp, *name;
+ char str[BER_MAX_OID_STR_LEN],*strp, *name;
proto_item *item;
#ifdef DEBUG_BER
byte = tvb_get_guint8(tvb, offset);
offset++;
- if((strp-str)>200){
- proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier");
+ if((strp-str) > BER_MAX_OID_STR_LEN - 10) { /* 3 digits + '.' + 3 digits + '\0' + slop */
+ proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier (%d bytes)", strp-str);
return offset;
}
#define BER_UNI_TAG_CHARACTERSTRING 29
#define BER_UNI_TAG_BMPString 30
+#define BER_MAX_OID_STR_LEN 256
+
/* this function dissects the identifier octer of the BER TLV.
* We only handle TAGs (and LENGTHs) that fit inside 32 bit integers.
*/
static int attributeform;
#define ATTRIBUTE_LOCAL_FORM 0
#define ATTRIBUTE_GLOBAL_FORM 1
-static char attribute_identifier_id[64]; /*64 chars should be long enough? */
+static char attribute_identifier_id[BER_MAX_OID_STR_LEN];
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
static int objectclassform;
#define OBJECTCLASS_LOCAL_FORM 0
#define OBJECTCLASS_GLOBAL_FORM 1
-static char objectclass_identifier_id[64]; /*64 chars should be long enough? */
+static char objectclass_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-cmip-fn.c ---*/
/*--- End of included file: packet-cmp-ett.c ---*/
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2eth stops generating these silly wrappers */
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-cms-fn.c ---*/
/*--- End of included file: packet-crmf-ett.c ---*/
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-crmf-fn.c ---*/
/*--- End of included file: packet-ess-ett.c ---*/
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-ess-fn.c ---*/
/*--- End of included file: packet-ocsp-ett.c ---*/
-static char responseType_id[64]; /*64 chars should be long enough? */
+static char responseType_id[BER_MAX_OID_STR_LEN];
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
int
dissect_pkix1explicit_Certificate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
/*--- End of included file: packet-pkixqualified-ett.c ---*/
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-pkixqualified-fn.c ---*/
/*--- End of included file: packet-x509af-ett.c ---*/
-static char algorithm_id[64]; /*64 chars should be long enough? */
+static char algorithm_id[BER_MAX_OID_STR_LEN];
-static char extension_id[64]; /*64 chars should be long enough? */
+static char extension_id[BER_MAX_OID_STR_LEN];
/*--- End of included file: packet-x509ce-ett.c ---*/
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-x509ce-fn.c ---*/
/*--- End of included file: packet-x509if-ett.c ---*/
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
/*--- Included file: packet-x509if-fn.c ---*/