Packet 2478 in capture 15142 triggers a UAF crash since val_to_str is
packet-scoped and by the time tshark reads the column, it is destroyed.
Bug: 15142
Change-Id: If8df858c6a295fbac57c758577fb51b288e7f44a
Reviewed-on: https://code.wireshark.org/review/30104
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).
Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the pathLabel for Coloring Rules, Decode As, Display Filters
and Capture Filter. Put the absolute file path into the pathLabel
if the file exists. This aligns with UAT dialogs and frames.
Change-Id: I72bd06e31bab220de0a0ef8df99df9a4daed667c
Reviewed-on: https://code.wireshark.org/review/30089
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Valgrind found an invalid read in the capture from Bug 15173 which was
not detected by ASAN, probably because 'top' pointed to a valid stack
address. Try to catch such issues with an explicit invariant check.
Change-Id: I3e2d90f053209c133ea2edc9c7990a2fd39bd236
Ping-Bug: 15189
Reviewed-on: https://code.wireshark.org/review/30101
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As documented in epan/exceptions.h, return/goto should never be used in
a TRY/CATCH/FINALLY block as ENDTRY must be executed first. Additionally
clamp the exit code since values larger than 255 will wrap around. Use a
small value as shells typically use 128+signal for termination signals.
Verified against packet-t125.c and ftype-protocol.c while they suffered
from the return bug. Tested against packet-gssapi.c for lack of false
positives (goto with labels within the function) and against:
int main() {
TRY {
goto bar;
goto omg;
goto bar;
goto barrie;
barrie: ;
} ENDTRY;
bar: meh;
}
Change-Id: I44484add34e238e07a84fc2c74b69f50ba6dc3f3
Ping-Bug: 15189
Reviewed-on: https://code.wireshark.org/review/30097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Doing so corrupts the exceptions stack and causes crashes elsewhere.
Move the heuristics check after get_ber_identifier as dissect_t125
calls that check too.
Bug: 15189
Change-Id: I816fcd693141c5e9e2979348f58bf5a8112290da
Fixes: v2.9.0rc0-2122-gf710f21833 ("T125: Add a heuristic test case.")
Reviewed-on: https://code.wireshark.org/review/30096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Émilio Gonzalez <egg997@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
None of the current heuristics dissectors for "cotp" accept the packet,
so just skip calling subdissectors if the packet is empty.
Change-Id: Ie26f05d472b4d184d5229ceab8b143a88cc921fc
Reviewed-on: https://code.wireshark.org/review/30103
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Émilio Gonzalez <egg997@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TRY/CATCH are macros, before returning the ENDTRY block must be executed
or the weirdest crashes can occur.
Change-Id: Ic56871322f8567263e2b8a81cce5a3c7042301b7
Fixes: v2.1.0rc0-2939-g5493fe0167 ("Convert ftype-tvbuff.c to ftype-protocol.c")
Reviewed-on: https://code.wireshark.org/review/30095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When protobuf_dissect_unknown_field throws an exception,
steamdiscover_dissect_body_status will leak memory as
wmem_destroy_allocator is not called. Capture fuzz-2018-10-06-3104.pcap
from the linked bug leaks 64kiB memory in each frame 14 and 36.
Bug: 15171
Change-Id: I930d0738fde61799ab4ef2310f8ff11c1bcb032b
Fixes: v2.5.1rc0-130-g7ae954c7ac ("steam-ihs: Add dissector for the Steam IHS Discovery Protocol")
Reviewed-on: https://code.wireshark.org/review/30098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new button to UAT frames to copy entries from another profile.
Change-Id: I9decb5ed5d67e97388ee7b22a15cacae4d5a3621
Reviewed-on: https://code.wireshark.org/review/30084
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Refactor CopyFromProfile class from Button to Menu to make it
usable for existing buttons, both QPushButton and QToolButton.
Change-Id: I7d23b4225dbe45f961fb05e73dbb4dd51e6f8ea1
Reviewed-on: https://code.wireshark.org/review/30083
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add an entry for the copy from profile feature for coloring rules,
IO graphs and protocol preference tables.
Change-Id: I79a191c1ec13e96fcb1b5fb04dd28c95dd034aca
Reviewed-on: https://code.wireshark.org/review/30070
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't use sharkd_json_value_stringf() if there is no need for it.
Change-Id: Ie375be1d91fc3bd20fae68df282ec14310055eba
Reviewed-on: https://code.wireshark.org/review/30075
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Add a clear all button to easily remove all existing entries.
Change-Id: I76e7ee2b7b85a9b4e5f9f5a788a89f38f70ee8ce
Reviewed-on: https://code.wireshark.org/review/30052
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already do that for the macOS-specific system libraries; do it for
the Windows-specific system libraries as well.
Change-Id: I4646cbf5043406a9b6be70307b51df2fbe0329dd
Reviewed-on: https://code.wireshark.org/review/30066
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Call it from wmain() in the command-line tools, passing it the input
argument count and vector, and call it from main() in Wireshark, after
getting a UTF-16 argument vector from passing the result of
GetCommandLineW() to CommandLineToArgvW().
Change-Id: I0e51703c0a6c92f7892d196e700ab437bd702514
Reviewed-on: https://code.wireshark.org/review/30063
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Doing so for command-line programs means that the argument list doesn't
ever get converted to the local code page; converting to the local code
page can mangle file names that *can't* be converted to the local code
page.
Furthermore, code that uses setargv.obj rather than wsetargv.obj has
issues in some versions of Windows 10; see bug 15151.
That means that converting the argument list to UTF-8 is a bit simpler -
we don't need to call GetCommandLineW() or CommandLineToArgvW(), we just
loop over the UTF-16LE argument strings in argv[].
While we're at it, note in Wireshark's main() why we discard argv on
Windows (Qt does the same "convert-to-the-local-code-page" stuff); that
means we *do* need to call GetCommandLineW() and CommandLineToArgvW() in
main() (i.e., we duplicate what Qt's WinMain() does, but converting to
UTF-8 rather than to the local code page).
Change-Id: I35b57c1b658fb3e9b0c685097afe324e9fe98649
Ping-Bug: 15151
Reviewed-on: https://code.wireshark.org/review/30051
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a new button to the IO Graphs dialog to copy entries from
another profile. Add a clear all button to easily remove all
existing entries before copying.
Change-Id: I66cb27163663e5f2223d0dd3f8566f0fbebb553c
Reviewed-on: https://code.wireshark.org/review/30043
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The correct role for the newly introduced copy from profile button is
ActionRole because it "causes changes to the elements within the dialog".
Change-Id: I8613d00c0fdb33f2873e999aea9a54ea1f49dffb
Reviewed-on: https://code.wireshark.org/review/30044
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new value (used by WPA3)
Issue reported by Philipp Ebbecke
Bug: 15168
Change-Id: Iff4a7332dfc57226b191ec34319f0b7a78e30ede
Reviewed-on: https://code.wireshark.org/review/30040
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
commit 8ffdba5aa45427bfc13a1c4638ddbf0d49c7542b
Author: Peter Lemenkov <lemenkov@gmail.com>
Date: Sun Aug 19 20:44:06 2018 +0200
Proper letter case
IP-TOS-Field was renamed to IP-Tos-Field in commit
c6670b1ac3e137df8f0af47103a82d1a575330f3. Let's rename it back to avoid
any confusion.
Similar changes for 3GPP-RAT-Type in dictionary.3gpp and for
Unisphere-PPP-Protocol in dictionary.unisphere.
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
commit 43603a7234821354c69205a16945a19315e6fa4e
Author: Peter Lemenkov <lemenkov@gmail.com>
Date: Sun Aug 19 19:37:08 2018 +0200
Looks like this attribute should be 70
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
commit 070428a01041316c45f4670f709e0f37213a4255
Author: Peter Lemenkov <lemenkov@gmail.com>
Date: Sun Aug 19 19:36:47 2018 +0200
Remove duplicated attribute definitions
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Change-Id: I71951e0fa677396860f61fcd66922b969054fe06
Reviewed-on: https://code.wireshark.org/review/29625
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for "FiTness Machine Service" characteristics:
- 0x2ADA Fitness Machine Status
Change-Id: Ifceae6aba9f1849d1b9f027e54953385c0d1a98c
Reviewed-on: https://code.wireshark.org/review/30042
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reading from a TCP socket in Windows must not change read state
variables to values required by cap_thread_read on pipes.
Bug: 15149
Change-Id: I1efa9288b5954dc4a18b2c68772c54a098a224e7
Reviewed-on: https://code.wireshark.org/review/29894
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Call createIOGraph() when adding a new graph by duplicating
an existing to actually create the new graph.
This is a regression from g5b3e3ee5.
Change-Id: If1d8e4386a44dc4867d75fbad2d9ebb2e4b22307
Reviewed-on: https://code.wireshark.org/review/30034
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Looks for common T.125 packet types such as erectDomainRequest and
attachUserRequest. This correctly links COTP with T.125/MCS in case of
RDP traffic, which results in RDP traffic actually being dissected by
the RDP dissector.
Change-Id: I14eecc417cf5038779d78207ac0ccf2dd22a1219
Reviewed-on: https://code.wireshark.org/review/29960
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>