From ecc401e5d290374dbc1bee65fca90b77f3060854 Mon Sep 17 00:00:00 2001 From: John Thacker Date: Fri, 13 Mar 2026 03:48:34 +0000 Subject: [PATCH] AFP Spotlight: Add recursion checks AFP is sent over DSI, which is segmented over TCP and has a 32-bit PDU length. This can cause stack overflow from the recursive calls in spotlight_dissect_query_loop when there is a NULL tree. Thanks to bcoles for the POC. Fix #21088 AI-Assisted: yes (reporter used Claude; I personally verified solution) (cherry picked from commit 6abb63feb490a087cd13dd1fa881dddea1104c9c) Co-authored-by: John Thacker --- epan/dissectors/packet-afp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/epan/dissectors/packet-afp.c b/epan/dissectors/packet-afp.c index ca989aa4921..7a0d90d2a3d 100644 --- a/epan/dissectors/packet-afp.c +++ b/epan/dissectors/packet-afp.c @@ -4327,7 +4327,9 @@ spotlight_dissect_query_loop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree } offset += 8; + increment_dissection_depth(pinfo); offset = spotlight_dissect_query_loop(tvb, pinfo, sub_tree, offset, complex_query_type, subquery_count, toc_offset, encoding); + decrement_dissection_depth(pinfo); count--; break; case SQ_TYPE_NULL: -- GitLab