Skip to content

Commit 24182d9

Browse files
infrastationfxlb
authored andcommitted
(for 4.9.3) CVE-2018-16452/SMB: prevent stack exhaustion
Enforce a limit on how many times smb_fdata() can recurse. This fixes a stack exhaustion discovered by Include Security working under the Mozilla SOS program in 2018 by means of code audit.
1 parent af2cf04 commit 24182d9

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

Diff for: smbutil.c

+8-1
Original file line numberDiff line numberDiff line change
@@ -807,7 +807,14 @@ smb_fdata(netdissect_options *ndo,
807807
while (buf < maxbuf) {
808808
const u_char *buf2;
809809
depth++;
810-
buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
810+
/* Not sure how this relates with the protocol specification,
811+
* but in order to avoid stack exhaustion recurse at most that
812+
* many levels.
813+
*/
814+
if (depth == 10)
815+
ND_PRINT((ndo, "(too many nested levels, not recursing)"));
816+
else
817+
buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
811818
depth--;
812819
if (buf2 == NULL)
813820
return(NULL);

0 commit comments

Comments
 (0)