forked from osmocom/wireshark
4f3646fe62
If the UAT file failed a field check, then the user_data pointer may be empty. As a result uat_save() triggers an invalid write. (Discovered while working with a dfilter_macros file having duplicate names for bug 10957, caught by ASAN.) The second issue fixed in this patch is that the validity of an item is only calculated when a new record is added. So even if the user edits the UAT and makes the entry valid, it would not be saved. This is solved by adding a new uat_update_record() function which got wires up into GTK and Qt. Some open-coded g_array_index and UAT[_USER]_INDEX_PTR are also converted. Even after this patch, Qt has some issues with UAT handling. In particular, it saves new, but empty/invalid, items. It also it does not check individual fields when saving all fields (unlike Gtk). This patch focused on getting Gtk fixed first so ignores those existing issues. Change-Id: Ia35cfe9d2b793c65144ae7e29a1ed706b6668d99 Reviewed-on: https://code.wireshark.org/review/7120 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net> |
||
|---|---|---|
| .. | ||
| patches | ||
| po | ||
| source | ||
| README.Debian | ||
| README.Debian.security | ||
| changelog | ||
| compat | ||
| control | ||
| copyright | ||
| dirs | ||
| ethereal-common.NEWS | ||
| headers-check.c | ||
| libwireshark-data.install | ||
| libwireshark-dev.install | ||
| libwireshark0.install | ||
| libwireshark0.symbols | ||
| libwiretap-dev.install | ||
| libwiretap0.docs | ||
| libwiretap0.install | ||
| libwiretap0.symbols | ||
| libwsutil-dev.install | ||
| libwsutil0.install | ||
| libwsutil0.symbols | ||
| license-text-about-dialog | ||
| postinst | ||
| rules | ||
| templates | ||
| tshark.docs | ||
| tshark.install | ||
| tshark.manpages | ||
| wireshark-common.config | ||
| wireshark-common.install | ||
| wireshark-common.manpages | ||
| wireshark-common.postinst | ||
| wireshark-common.postrm | ||
| wireshark-dev.docs | ||
| wireshark-dev.install | ||
| wireshark-dev.manpages | ||
| wireshark-dev.prerm | ||
| wireshark-doc.docs | ||
| wireshark-gtk.docs | ||
| wireshark-gtk.install | ||
| wireshark-qt.docs | ||
| wireshark-qt.install | ||
| wireshark.manpages | ||
| wireshark.menu | ||
README.Debian.security
Handling security fixes in source package wireshark Wireshark is a network protocol analyzer and it's ability to perform deep packet inspection in live traffic may encourage users to use Wireshark/Tshark as a part of an intrusion detection or traffic monitoring system. In that case, please note that Wireshark/Tshark may contain remotely triggerable bugs causing crashes or allowing code injection. Bugs allowing code injection will be fixed in regular Debian Security Advisories, but fixes for pure crash bugs may be delayed. -- Balint Reczey <balint@balintreczey.hu> Fri, 10 Jul 2009 15:38:33 +0200