osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

prefs: fix crash when importing old filter expression preference 

When the filter label was missing, it would result in a crash
(use-after-free) while reading the next expression. For example:

    gui.filter_expressions.label: Not-Junk
    gui.filter_expressions.expr: tcp.flags.reset==1
    # note: missing label preference
    gui.filter_expressions.expr: dns

While at it, do not duplicate the filter expression,
"filter_expression_new" has always been copying it.

Change-Id: I980fd720c9a04b679a71dd2e7e8bf5e53c72ac43
Fixes: 1a046d693b ("Added Filter Toolbar Save functionality.")
Bug: 11648
Reviewed-on: https://code.wireshark.org/review/28471
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Peter Wu 2018-06-26 15:52:11 -07:00 committed by Anders Broman
parent c20432285a
commit d3e3c00fbb
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
epan/prefs.c
View File

@ -5362,7 +5362,6 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
gchar *dotp, *last_dotp;
static gchar *filter_label = NULL;
static gboolean filter_enabled = FALSE;
gchar *filter_expr = NULL;
module_t *module, *containing_module;
pref_t *pref;
int type;
@ -5370,15 +5369,18 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
//The PRS_GUI field names are here for backwards compatibility
//display filters have been converted to a UAT.
if (strcmp(pref_name, PRS_GUI_FILTER_LABEL) == 0) {
/* Assume that PRS_GUI_FILTER_EXPR follows this preference. In case of
* malicious preference files, free the previous value to limit the size
* of leaked memory. */
g_free(filter_label);
filter_label = g_strdup(value);
} else if (strcmp(pref_name, PRS_GUI_FILTER_ENABLED) == 0) {
filter_enabled = (strcmp(value, "TRUE") == 0) ? TRUE : FALSE;
} else if (strcmp(pref_name, PRS_GUI_FILTER_EXPR) == 0) {
filter_expr = g_strdup(value);
/* Comments not supported for "old" preference style */
filter_expression_new(filter_label, filter_expr, "", filter_enabled);
filter_expression_new(filter_label, value, "", filter_enabled);
g_free(filter_label);
g_free(filter_expr);
filter_label = NULL;
} else if (strcmp(pref_name, "gui.version_in_start_page") == 0) {
/* Convert deprecated value to closest current equivalent */
if (g_ascii_strcasecmp(value, "true") == 0) {