Define a maximum OID string length, and use it in a lot of places. Fixes a

buffer overflow found while fuzz testing.

svn path=/trunk/; revision=14169

diff --git a/asn1/cmip/packet-cmip-template.c b/asn1/cmip/packet-cmip-template.c
index 968636094bad6513eaf8af1f6f0d06da59f910c0..19228ddbfe463823c5a69eb227ab1153ae811953 100644 (file)
--- a/asn1/cmip/packet-cmip-template.c
+++ b/asn1/cmip/packet-cmip-template.c
@@ -69,14 +69,14 @@ static int opcode_type;
 static int attributeform;
 #define ATTRIBUTE_LOCAL_FORM  0
 #define ATTRIBUTE_GLOBAL_FORM 1
-static char attribute_identifier_id[64]; /*64 chars should be long enough? */
+static char attribute_identifier_id[BER_MAX_OID_STR_LEN];
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 static int objectclassform;
 #define OBJECTCLASS_LOCAL_FORM  0
 #define OBJECTCLASS_GLOBAL_FORM 1
-static char objectclass_identifier_id[64]; /*64 chars should be long enough? */
+static char objectclass_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-cmip-fn.c"
 

diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c
index 293ac944605ec81ea35fbab60f4fdad806f4d4e3..644ea2b82d01183d495042ce24ce9fd2e49e064d 100644 (file)
--- a/asn1/cms/packet-cms-template.c
+++ b/asn1/cms/packet-cms-template.c
@@ -54,7 +54,7 @@ static int hf_cms_ci_contentType = -1;
 static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2eth stops generating these silly wrappers */
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-cms-fn.c"
 

diff --git a/asn1/ess/packet-ess-template.c b/asn1/ess/packet-ess-template.c
index 1d0edcf3bee2142860cf59e92c7a0490e04feb4d..2d80ce1a9eb84c3580c873c4d3b8f7fa8112e06d 100644 (file)
--- a/asn1/ess/packet-ess-template.c
+++ b/asn1/ess/packet-ess-template.c
@@ -51,7 +51,7 @@ static int hf_ess_SecurityCategory_type_OID = -1;
 /* Initialize the subtree pointers */
 #include "packet-ess-ett.c"
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-ess-fn.c"
 

diff --git a/asn1/ocsp/packet-ocsp-template.c b/asn1/ocsp/packet-ocsp-template.c
index d509d4749af22f30d18308a0f6a90c02f3276c70..585f9084809efc6d692b1fe0d77df43dd2939805 100644 (file)
--- a/asn1/ocsp/packet-ocsp-template.c
+++ b/asn1/ocsp/packet-ocsp-template.c
@@ -53,7 +53,7 @@ static int hf_ocsp_responseType_id = -1;
 static gint ett_ocsp = -1;
 #include "packet-ocsp-ett.c"
 
-static char responseType_id[64]; /*64 chars should be long enough? */
+static char responseType_id[BER_MAX_OID_STR_LEN];
 
 
 #include "packet-ocsp-fn.c"

diff --git a/asn1/pkix1explicit/packet-pkix1explicit-template.c b/asn1/pkix1explicit/packet-pkix1explicit-template.c
index b657a55e45b822386805dd855b717a3aeb8e73b7..5864278ea7d2bb924be057de4612e05dbe440cdc 100644 (file)
--- a/asn1/pkix1explicit/packet-pkix1explicit-template.c
+++ b/asn1/pkix1explicit/packet-pkix1explicit-template.c
@@ -54,7 +54,7 @@ static int hf_pkix1explicit_object_identifier_id = -1;
 #include "packet-pkix1explicit-ett.c"
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 int
 dissect_pkix1explicit_Certificate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {

diff --git a/asn1/pkixcmp/packet-cmp-template.c b/asn1/pkixcmp/packet-cmp-template.c
index adf2b06983b364de9052c49441398da959ff960d..0591eb9318bda1a7c225f3eca6b8d5661526f594 100644 (file)
--- a/asn1/pkixcmp/packet-cmp-template.c
+++ b/asn1/pkixcmp/packet-cmp-template.c
@@ -53,7 +53,7 @@ static int hf_cmp_type_oid = -1;
 static gint ett_cmp = -1;
 #include "packet-cmp-ett.c"
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 #include "packet-cmp-fn.c"

diff --git a/asn1/pkixcrmf/packet-crmf-template.c b/asn1/pkixcrmf/packet-crmf-template.c
index 5258037fb82ecc5470a46826267fa6f2b2fe83e3..994711600948e5b0c61622b4cc28897d6b5125c6 100644 (file)
--- a/asn1/pkixcrmf/packet-crmf-template.c
+++ b/asn1/pkixcrmf/packet-crmf-template.c
@@ -52,7 +52,7 @@ static int hf_crmf_type_oid = -1;
 /* Initialize the subtree pointers */
 #include "packet-crmf-ett.c"
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-crmf-fn.c"
 

diff --git a/asn1/pkixqualified/packet-pkixqualified-template.c b/asn1/pkixqualified/packet-pkixqualified-template.c
index ffebc23c72d93cb27acbd9522f82f80e78bd9b19..8525ef4715f6b399d03070169b543f13c6e420d6 100644 (file)
--- a/asn1/pkixqualified/packet-pkixqualified-template.c
+++ b/asn1/pkixqualified/packet-pkixqualified-template.c
@@ -51,7 +51,7 @@ int proto_pkixqualified = -1;
 /* Initialize the subtree pointers */
 #include "packet-pkixqualified-ett.c"
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-pkixqualified-fn.c"
 

diff --git a/asn1/x509af/packet-x509af-template.c b/asn1/x509af/packet-x509af-template.c
index a10c7205ebe10f2163cbbee6e4732764982271c7..1f8a2993b90a06444aecf49af6adb723564a8963 100644 (file)
--- a/asn1/x509af/packet-x509af-template.c
+++ b/asn1/x509af/packet-x509af-template.c
@@ -54,10 +54,10 @@ static int hf_x509af_extension_id = -1;
 static gint ett_pkix_crl = -1;
 #include "packet-x509af-ett.c"
 
-static char algorithm_id[64]; /*64 chars should be long enough? */
+static char algorithm_id[BER_MAX_OID_STR_LEN];
 
 
-static char extension_id[64]; /*64 chars should be long enough? */
+static char extension_id[BER_MAX_OID_STR_LEN];
 
 
 #include "packet-x509af-fn.c"

diff --git a/asn1/x509ce/packet-x509ce-template.c b/asn1/x509ce/packet-x509ce-template.c
index c725d15adb4c889dfbb2fe6f43b23ba36592195f..05945be10f63d3a30012fb7974b6885519b54318 100644 (file)
--- a/asn1/x509ce/packet-x509ce-template.c
+++ b/asn1/x509ce/packet-x509ce-template.c
@@ -55,7 +55,7 @@ static int hf_x509ce_IPAddress = -1;
 /* Initialize the subtree pointers */
 #include "packet-x509ce-ett.c"
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-x509ce-fn.c"
 

diff --git a/asn1/x509if/packet-x509if-template.c b/asn1/x509if/packet-x509if-template.c
index ca63d592e269de69ee4a1fa06fd99b36738044d6..06e2bd18c765acb602983cba2716df47d84e280e 100644 (file)
--- a/asn1/x509if/packet-x509if-template.c
+++ b/asn1/x509if/packet-x509if-template.c
@@ -49,7 +49,7 @@ static int hf_x509if_object_identifier_id = -1;
 /* Initialize the subtree pointers */
 #include "packet-x509if-ett.c"
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 #include "packet-x509if-fn.c"
 

diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c
index f90617b96cc4177b216b7ba3c857a52d1914fbb7..69cec5436166e513c8d53e5524f22f2a008b99db 100644 (file)
--- a/epan/dissectors/packet-ber.c
+++ b/epan/dissectors/packet-ber.c
@@ -1,4 +1,4 @@
-/*#define DEBUG_BER 1*/
+/* #define DEBUG_BER 1 */
 /* TODO: change #.REGISTER signature to new_dissector_t and
  * update call_ber_oid_callback() accordingly.
  */
@@ -1185,7 +1185,7 @@ int dissect_ber_object_identifier(gboolean implicit_tag, packet_info *pinfo, pro
        int eoffset;
        guint8 byte;
        guint32 value;
-       char str[256],*strp, *name;
+       char str[BER_MAX_OID_STR_LEN],*strp, *name;
        proto_item *item;
 
 #ifdef DEBUG_BER
@@ -1231,8 +1231,8 @@ printf("OBJECT IDENTIFIER dissect_ber_object_identifier(%s) entered\n",name);
                byte = tvb_get_guint8(tvb, offset);
                offset++;
 
-               if((strp-str)>200){
-           proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier");
+               if((strp-str) > BER_MAX_OID_STR_LEN - 10) { /* 3 digits + '.' + 3 digits + '\0' + slop */
+           proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier (%d bytes)", strp-str);
                        return offset;
                }
 

diff --git a/epan/dissectors/packet-ber.h b/epan/dissectors/packet-ber.h
index ecefef4337c27e1cd2a6e5e489a3225ae11fa621..2a65ca336d590c1bd227748aef37f8df80eee460 100644 (file)
--- a/epan/dissectors/packet-ber.h
+++ b/epan/dissectors/packet-ber.h
@@ -71,6 +71,8 @@ typedef int (*ber_callback)(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb,
 #define BER_UNI_TAG_CHARACTERSTRING        29
 #define BER_UNI_TAG_BMPString              30
 
+#define BER_MAX_OID_STR_LEN 256
+
 /* this function dissects the identifier octer of the BER TLV.
  * We only handle TAGs (and LENGTHs) that fit inside 32 bit integers.
  */

diff --git a/epan/dissectors/packet-cmip.c b/epan/dissectors/packet-cmip.c
index 6d06fd468274ff4ce4402310590f668fca9f5a73..f82576a351ec1fdb4ee65d37e97d543c793c815a 100644 (file)
--- a/epan/dissectors/packet-cmip.c
+++ b/epan/dissectors/packet-cmip.c
@@ -280,14 +280,14 @@ static int opcode_type;
 static int attributeform;
 #define ATTRIBUTE_LOCAL_FORM  0
 #define ATTRIBUTE_GLOBAL_FORM 1
-static char attribute_identifier_id[64]; /*64 chars should be long enough? */
+static char attribute_identifier_id[BER_MAX_OID_STR_LEN];
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 static int objectclassform;
 #define OBJECTCLASS_LOCAL_FORM  0
 #define OBJECTCLASS_GLOBAL_FORM 1
-static char objectclass_identifier_id[64]; /*64 chars should be long enough? */
+static char objectclass_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-cmip-fn.c ---*/

diff --git a/epan/dissectors/packet-cmp.c b/epan/dissectors/packet-cmp.c
index 2db510befb0f57c44b66d679678cca4b138ffb7c..c39f53f2378ec8f690f2452cb741aebed74485d6 100644 (file)
--- a/epan/dissectors/packet-cmp.c
+++ b/epan/dissectors/packet-cmp.c
@@ -214,7 +214,7 @@ static gint ett_cmp_ErrorMsgContent = -1;
 /*--- End of included file: packet-cmp-ett.c ---*/
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 

diff --git a/epan/dissectors/packet-cms.c b/epan/dissectors/packet-cms.c
index 02aece5548520d316324100a8e357d9a0ad5b6b1..4e5fe33a6fdb9dd3cba20505a149acce2e080ea7 100644 (file)
--- a/epan/dissectors/packet-cms.c
+++ b/epan/dissectors/packet-cms.c
@@ -186,7 +186,7 @@ static gint ett_cms_ExtendedCertificateInfo = -1;
 static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2eth stops generating these silly wrappers */
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-cms-fn.c ---*/

diff --git a/epan/dissectors/packet-crmf.c b/epan/dissectors/packet-crmf.c
index 6c1a04774149b57bc99e1c1657d32193052c635f..f1e8cb0d5cb80e6063583664507a47843120285d 100644 (file)
--- a/epan/dissectors/packet-crmf.c
+++ b/epan/dissectors/packet-crmf.c
@@ -153,7 +153,7 @@ static gint ett_crmf_CertId = -1;
 /*--- End of included file: packet-crmf-ett.c ---*/
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-crmf-fn.c ---*/

diff --git a/epan/dissectors/packet-ess.c b/epan/dissectors/packet-ess.c
index a4681c6357339d86d88ebc080a09de9b88f488e5..070d394e58980cd43aa092e30b87ee9695c2b92b 100644 (file)
--- a/epan/dissectors/packet-ess.c
+++ b/epan/dissectors/packet-ess.c
@@ -129,7 +129,7 @@ static gint ett_ess_IssuerSerial = -1;
 /*--- End of included file: packet-ess-ett.c ---*/
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-ess-fn.c ---*/

diff --git a/epan/dissectors/packet-ocsp.c b/epan/dissectors/packet-ocsp.c
index 70f7794382a1033aa9130add9df77ddbdc6d666a..fb4144f25186ce88a3f855cfff5d56118ae7c16b 100644 (file)
--- a/epan/dissectors/packet-ocsp.c
+++ b/epan/dissectors/packet-ocsp.c
@@ -139,7 +139,7 @@ static gint ett_ocsp_CrlID = -1;
 /*--- End of included file: packet-ocsp-ett.c ---*/
 
 
-static char responseType_id[64]; /*64 chars should be long enough? */
+static char responseType_id[BER_MAX_OID_STR_LEN];
 
 
 

diff --git a/epan/dissectors/packet-pkix1explicit.c b/epan/dissectors/packet-pkix1explicit.c
index 6cfa0a555e7b30955d97b65c145bcde8981dfae9..7d114b928b2a6640fb2ee70368e4be030a82e766 100644 (file)
--- a/epan/dissectors/packet-pkix1explicit.c
+++ b/epan/dissectors/packet-pkix1explicit.c
@@ -98,7 +98,7 @@ static gint ett_pkix1explicit_TeletexDomainDefinedAttribute = -1;
 
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 int
 dissect_pkix1explicit_Certificate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {

diff --git a/epan/dissectors/packet-pkixqualified.c b/epan/dissectors/packet-pkixqualified.c
index d462c3c34bd36adc76e616eb1f5bfe5005617634..9ef95d6171df3f96b9b71c10c36b0bb3e76a91f4 100644 (file)
--- a/epan/dissectors/packet-pkixqualified.c
+++ b/epan/dissectors/packet-pkixqualified.c
@@ -94,7 +94,7 @@ static gint ett_pkixqualified_NameRegistrationAuthorities = -1;
 /*--- End of included file: packet-pkixqualified-ett.c ---*/
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-pkixqualified-fn.c ---*/

diff --git a/epan/dissectors/packet-x509af.c b/epan/dissectors/packet-x509af.c
index f460edf4486d1628ca0ebc865e4a32ecd4ed6594..172177ad40bee56a4801488850d2efb4ecb4a62f 100644 (file)
--- a/epan/dissectors/packet-x509af.c
+++ b/epan/dissectors/packet-x509af.c
@@ -170,10 +170,10 @@ static gint ett_x509af_SET_OF_AttributeType = -1;
 /*--- End of included file: packet-x509af-ett.c ---*/
 
 
-static char algorithm_id[64]; /*64 chars should be long enough? */
+static char algorithm_id[BER_MAX_OID_STR_LEN];
 
 
-static char extension_id[64]; /*64 chars should be long enough? */
+static char extension_id[BER_MAX_OID_STR_LEN];
 
 
 

diff --git a/epan/dissectors/packet-x509ce.c b/epan/dissectors/packet-x509ce.c
index e329b8f6454572c90966cea21ea1b0a32afb8fdf..54712d5294c9d7d7b1ef7c6c979a7cf8854955c9 100644 (file)
--- a/epan/dissectors/packet-x509ce.c
+++ b/epan/dissectors/packet-x509ce.c
@@ -260,7 +260,7 @@ static gint ett_x509ce_PkiPathMatchSyntax = -1;
 /*--- End of included file: packet-x509ce-ett.c ---*/
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-x509ce-fn.c ---*/

diff --git a/epan/dissectors/packet-x509if.c b/epan/dissectors/packet-x509if.c
index 7a9f1a87bd41ab3bdb613917f1b8beb23a635412..c2ae943f5325646d3b1d6cc9b94fd870ca220fbc 100644 (file)
--- a/epan/dissectors/packet-x509if.c
+++ b/epan/dissectors/packet-x509if.c
@@ -275,7 +275,7 @@ static gint ett_x509if_MRSubstitution = -1;
 /*--- End of included file: packet-x509if-ett.c ---*/
 
 
-static char object_identifier_id[64]; /*64 chars should be long enough? */
+static char object_identifier_id[BER_MAX_OID_STR_LEN];
 
 
 /*--- Included file: packet-x509if-fn.c ---*/