forked from osmocom/wireshark
583150198b
In commit v2.3.0rc0-117-g485bc45 (backported to v2.2.0rc0-44-g66721ca), extcap_prefs_dynamic_vals and extcap_cleanup were added in an attempt to address dangling pointers. Unfortunately it is not sufficient: - A pointer to the preference value is stored in extcap_arg and passed to the prefs API, but this extcap_arg structure can become invalid which result in use-after-free whenever the preference is accessed. - On exit, a use-after-free occurs in prefs_cleanup when the preference value is being checked. As the preference subsystem actually manages the memory for the string value and consumers should only provide a pointer where the value can be stored, convert the char* field in extcap to char**. This has as additional benefit that values are not limited to 256 bytes anymore. extcap_cleanup is moved after epan_cleanup to ensure that prefs_cleanup does not operate on dangling pointers. Crash is reproducible under ASAN with: tshark -i randpkt Ping-Bug: 12183 Change-Id: Ibf1ba1102a5633aa085dc278a12ffc05a4f4a34b Reviewed-on: https://code.wireshark.org/review/17631 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Roland Knall <rknall@gmail.com> |
||
---|---|---|
.. | ||
cli | ||
gtk | ||
qt | ||
win32 | ||
.editorconfig | ||
CMakeLists.txt | ||
Makefile.am | ||
alert_box.c | ||
alert_box.h | ||
all_files_wildcard.h | ||
capture.c | ||
capture.h | ||
capture_globals.h | ||
capture_ui_utils.c | ||
capture_ui_utils.h | ||
commandline.c | ||
commandline.h | ||
console.c | ||
console.h | ||
decode_as_utils.c | ||
decode_as_utils.h | ||
doxygen.cfg.in | ||
export_object.c | ||
export_object.h | ||
export_object_dicom.c | ||
export_object_http.c | ||
export_object_smb.c | ||
export_object_tftp.c | ||
export_pdu_ui_utils.c | ||
export_pdu_ui_utils.h | ||
file_dialog.h | ||
firewall_rules.c | ||
firewall_rules.h | ||
help_url.c | ||
help_url.h | ||
iface_lists.c | ||
iface_lists.h | ||
io_graph_item.c | ||
io_graph_item.h | ||
language.c | ||
language.h | ||
last_open_dir.h | ||
main_statusbar.h | ||
mcast_stream.c | ||
mcast_stream.h | ||
packet_list_utils.c | ||
packet_list_utils.h | ||
persfilepath_opt.c | ||
persfilepath_opt.h | ||
preference_utils.c | ||
preference_utils.h | ||
profile.c | ||
profile.h | ||
progress_dlg.h | ||
proto_hier_stats.c | ||
proto_hier_stats.h | ||
recent.c | ||
recent.h | ||
recent_utils.h | ||
rtp_media.c | ||
rtp_media.h | ||
rtp_stream.c | ||
rtp_stream.h | ||
service_response_time.c | ||
service_response_time.h | ||
simple_dialog.h | ||
software_update.c | ||
software_update.h | ||
ssl_key_export.c | ||
ssl_key_export.h | ||
tap-iax2-analysis.c | ||
tap-iax2-analysis.h | ||
tap-rlc-graph.c | ||
tap-rlc-graph.h | ||
tap-rtp-analysis.h | ||
tap-rtp-common.c | ||
tap-rtp-common.h | ||
tap-sctp-analysis.c | ||
tap-sctp-analysis.h | ||
tap-sequence-analysis.c | ||
tap-sequence-analysis.h | ||
tap-tcp-stream.c | ||
tap-tcp-stream.h | ||
tap_export_pdu.c | ||
tap_export_pdu.h | ||
text_import.c | ||
text_import.h | ||
text_import_scanner.h | ||
text_import_scanner.l | ||
time_shift.c | ||
time_shift.h | ||
traffic_table_ui.c | ||
traffic_table_ui.h | ||
ui_util.h | ||
util.c | ||
util.h | ||
voip_calls.c | ||
voip_calls.h |