Skip to content
Permalink
Browse files Browse the repository at this point in the history
(for 4.9.3) CVE-2018-16452/SMB: prevent stack exhaustion
Enforce a limit on how many times smb_fdata() can recurse.

This fixes a stack exhaustion discovered by Include Security working
under the Mozilla SOS program in 2018 by means of code audit.
  • Loading branch information
infrastation authored and fxlb committed Aug 27, 2019
1 parent af2cf04 commit 24182d9
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion smbutil.c
Expand Up @@ -807,7 +807,14 @@ smb_fdata(netdissect_options *ndo,
while (buf < maxbuf) {
const u_char *buf2;
depth++;
buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
/* Not sure how this relates with the protocol specification,
* but in order to avoid stack exhaustion recurse at most that
* many levels.
*/
if (depth == 10)
ND_PRINT((ndo, "(too many nested levels, not recursing)"));
else
buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
depth--;
if (buf2 == NULL)
return(NULL);
Expand Down

0 comments on commit 24182d9

Please sign in to comment.