From ecbce8201b1f11ddcb914205dd7e78b7a0a22c0e Mon Sep 17 00:00:00 2001 From: Simon Walton Date: Wed, 5 Jun 2019 18:17:24 -0700 Subject: [PATCH 1/3] Dissectors: Limit message number & position values --- tools/dissectors/1-hfudt.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/dissectors/1-hfudt.lua b/tools/dissectors/1-hfudt.lua index 70831416b9..484ae6f897 100644 --- a/tools/dissectors/1-hfudt.lua +++ b/tools/dissectors/1-hfudt.lua @@ -307,7 +307,7 @@ function p_hfudt.dissector(buf, pinfo, tree) -- check if we have part of a message that we need to re-assemble -- before it can be dissected - if message_bit == 1 and message_position ~= 0 then + if message_bit == 1 and message_position ~= 0 and message_number < 50 and message_part_number < 10 then if fragments[message_number] == nil then fragments[message_number] = {} end From a5c2ce472e659d476de796a15625cfc98b4f13db Mon Sep 17 00:00:00 2001 From: Simon Walton Date: Thu, 6 Jun 2019 11:08:16 -0700 Subject: [PATCH 2/3] unsourced additions from Howard --- tools/dissectors/1-hfudt.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/dissectors/1-hfudt.lua b/tools/dissectors/1-hfudt.lua index 484ae6f897..eeda0c4d7e 100644 --- a/tools/dissectors/1-hfudt.lua +++ b/tools/dissectors/1-hfudt.lua @@ -158,7 +158,13 @@ local packet_types = { } local unsourced_packet_types = { - ["DomainList"] = true + ["DomainList"] = true, + ["DomainConnectRequest"] = true, + ["ICEPing"] = true, + ["ICEPingReply"] = true, + ["DomainServerConnectionToken"] = true, + ["DomainSettingsRequest"] = true, + ["ICEServerHeartbeatACK"] = true } local fragments = {} From d2e9abd72c6cc270535f3f5e717ffaa93a912859 Mon Sep 17 00:00:00 2001 From: Simon Walton Date: Thu, 6 Jun 2019 15:01:54 -0700 Subject: [PATCH 3/3] Tweak limits; add comment --- tools/dissectors/1-hfudt.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/dissectors/1-hfudt.lua b/tools/dissectors/1-hfudt.lua index eeda0c4d7e..00b71a341a 100644 --- a/tools/dissectors/1-hfudt.lua +++ b/tools/dissectors/1-hfudt.lua @@ -313,7 +313,10 @@ function p_hfudt.dissector(buf, pinfo, tree) -- check if we have part of a message that we need to re-assemble -- before it can be dissected - if message_bit == 1 and message_position ~= 0 and message_number < 50 and message_part_number < 10 then + -- limit array indices to prevent lock-up with arbitrary data + if message_bit == 1 and message_position ~= 0 and message_number < 100 + and message_part_number < 100 then + if fragments[message_number] == nil then fragments[message_number] = {} end