commit 2cdf36b8a88a5378d462b013f2182f0b27ecc8c5 Author: gu-gu-gu Date: Mon Dec 2 20:44:06 2019 +0800 wireshark:openEuler init diff --git a/90-wireshark-usbmon.rules b/90-wireshark-usbmon.rules new file mode 100644 index 0000000..10a127c --- /dev/null +++ b/90-wireshark-usbmon.rules @@ -0,0 +1 @@ +SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="640" diff --git a/Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch b/Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch new file mode 100644 index 0000000..5b39918 --- /dev/null +++ b/Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch @@ -0,0 +1,218 @@ +From d477e9a935aadd5f4c740511009454a2c26e1e7b Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Tue, 10 Apr 2018 03:05:20 -0700 +Subject: [PATCH] Replace lbmpdm_fetch_uintN_encoded() with tvb_get_guintN(). + +They do the same thing. + +Change-Id: I0ff800efca9e6812ae416677023c955869bbc0cc +Reviewed-on: https://code.wireshark.org/review/26850 +Reviewed-by: Guy Harris +--- + epan/dissectors/packet-lbmpdm.c | 85 ++++++++++------------------------------- + 1 file changed, 20 insertions(+), 65 deletions(-) + +diff --git a/epan/dissectors/packet-lbmpdm.c b/epan/dissectors/packet-lbmpdm.c +index 0df5932..70bb649 100644 +--- a/epan/dissectors/packet-lbmpdm.c ++++ b/epan/dissectors/packet-lbmpdm.c +@@ -454,57 +454,12 @@ static const value_string lbmpdm_field_fixed_length[] = + { 0x0, NULL } + }; + +-static guint64 lbmpdm_fetch_uint64_encoded(tvbuff_t * tvb, int offset, int encoding) +-{ +- guint64 value = 0; +- +- if (encoding == ENC_BIG_ENDIAN) +- { +- value = tvb_get_ntoh64(tvb, offset); +- } +- else +- { +- value = tvb_get_letoh64(tvb, offset); +- } +- return (value); +-} +- +-static guint32 lbmpdm_fetch_uint32_encoded(tvbuff_t * tvb, int offset, int encoding) +-{ +- guint32 value = 0; +- +- if (encoding == ENC_BIG_ENDIAN) +- { +- value = tvb_get_ntohl(tvb, offset); +- } +- else +- { +- value = tvb_get_letohl(tvb, offset); +- } +- return (value); +-} +- +-static guint16 lbmpdm_fetch_uint16_encoded(tvbuff_t * tvb, int offset, int encoding) +-{ +- guint16 value = 0; +- +- if (encoding == ENC_BIG_ENDIAN) +- { +- value = tvb_get_ntohs(tvb, offset); +- } +- else +- { +- value = tvb_get_letohs(tvb, offset); +- } +- return (value); +-} +- + static int lbmpdm_get_segment_length(tvbuff_t * tvb, int offset, int encoding, int * data_length) + { + guint32 datalen = 0; + int seglen = 0; + +- datalen = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, encoding); ++ datalen = tvb_get_guint32(tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, encoding); + seglen = ((int)datalen) + L_LBMPDM_SEG_HDR_T; + *data_length = (int) datalen; + return (seglen); +@@ -629,7 +584,7 @@ static void dissect_field_value(tvbuff_t * tvb, int offset, proto_tree * tree, g + gint8 shift_count; + + exponent = (gint8)tvb_get_guint8(tvb, offset); +- mantissa = (gint64)lbmpdm_fetch_uint64_encoded(tvb, offset + 1, encoding); ++ mantissa = (gint64)tvb_get_guint64(tvb, offset + 1, encoding); + if (exponent >= 0) + { + whole = mantissa; +@@ -676,8 +631,8 @@ static void dissect_field_value(tvbuff_t * tvb, int offset, proto_tree * tree, g + { + nstime_t timestamp; + +- timestamp.secs = (time_t)lbmpdm_fetch_uint32_encoded(tvb, offset, encoding); +- timestamp.nsecs = (int)(lbmpdm_fetch_uint32_encoded(tvb, offset + 4, encoding) * 1000); ++ timestamp.secs = (time_t)tvb_get_guint32(tvb, offset, encoding); ++ timestamp.nsecs = (int)(tvb_get_guint32(tvb, offset + 4, encoding) * 1000); + proto_tree_add_time(tree, hf_lbmpdm_field_value_timestamp, tvb, offset, field_length, ×tamp); + } + break; +@@ -755,7 +710,7 @@ static int dissect_field(tvbuff_t * tvb, int offset, proto_tree * tree, lbmpdm_d + if (field->fixed == PDM_DEFN_VARIABLE_LENGTH_FIELD) + { + proto_tree_add_item(field_tree, hf_lbmpdm_field_length, tvb, ofs, 4, encoding); +- value_len = lbmpdm_fetch_uint32_encoded(tvb, ofs, encoding); ++ value_len = tvb_get_guint32(tvb, ofs, encoding); + field_len = value_len + 4; + value_offset += 4; + } +@@ -872,9 +827,9 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi + offset_item = proto_tree_add_item(subtree, hf_lbmpdm_offset_entry, tvb, ofs, L_LBMPDM_OFFSET_ENTRY_T, ENC_NA); + offset_tree = proto_item_add_subtree(offset_item, ett_lbmpdm_offset_entry); + proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_id, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, L_LBMPDM_OFFSET_ENTRY_T_ID, encoding); +- id_list[idx] = (gint32)lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding); ++ id_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding); + proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_offset, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, L_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding); +- ofs_list[idx] = (gint32)lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding); ++ ofs_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding); + if (id_list[idx] > max_index) + { + max_index = id_list[idx]; +@@ -936,7 +891,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + proto_tree_add_item(subtree, hf_lbmpdm_segment_len, tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, L_LBMPDM_SEG_HDR_T_LEN, encoding); + ofs = offset + L_LBMPDM_SEG_HDR_T; + proto_tree_add_item(subtree, hf_lbmpdm_segment_def_id, tvb, ofs + O_LBMPDM_DEFN_T_ID, L_LBMPDM_DEFN_T_ID, encoding); +- def_id = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_ID, encoding); ++ def_id = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_ID, encoding); + proto_tree_add_item(subtree, hf_lbmpdm_segment_def_num_fields, tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, L_LBMPDM_DEFN_T_NUM_FIELDS, encoding); + proto_tree_add_item(subtree, hf_lbmpdm_segment_def_field_names_type, tvb, ofs + O_LBMPDM_DEFN_T_FIELD_NAMES_TYPE, L_LBMPDM_DEFN_T_FIELD_NAMES_TYPE, encoding); + proto_tree_add_item(subtree, hf_lbmpdm_segment_def_finalized, tvb, ofs + O_LBMPDM_DEFN_T_FINALIZED, L_LBMPDM_DEFN_T_FINALIZED, encoding); +@@ -950,7 +905,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + { + string_field_name = TRUE; + } +- num_fields = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, encoding); ++ num_fields = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, encoding); + if (add_definition) + { + def = lbmpdm_definition_find(channel, def_id, vers_major, vers_minor); +@@ -959,7 +914,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + def = lbmpdm_definition_add(channel, def_id, vers_major, vers_minor); + def->num_fields = num_fields; + def->field_names_type = tvb_get_guint8(tvb, ofs + O_LBMPDM_DEFN_T_FIELD_NAMES_TYPE); +- def->fixed_req_section_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_FIXED_REQ_SECTION_LEN, encoding); ++ def->fixed_req_section_len = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_FIXED_REQ_SECTION_LEN, encoding); + def->first_fixed_required = NULL; + def->fixed_required_count = 0; + } +@@ -978,7 +933,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + + if (string_field_name) + { +- def_len = lbmpdm_fetch_uint32_encoded(tvb, ofs, encoding) + 4; ++ def_len = tvb_get_guint32(tvb, ofs, encoding) + 4; + } + field_item = proto_tree_add_item(subtree, hf_lbmpdm_segment_def_field, tvb, ofs, def_len, ENC_NA); + field_tree = proto_item_add_subtree(field_item, ett_lbmpdm_segment_def_field); +@@ -998,7 +953,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + proto_tree_add_item(field_tree, hf_lbmpdm_segment_def_field_str_name_len, tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, L_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding); + if (string_field_name) + { +- string_name_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding); ++ string_name_len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding); + if (string_name_len > 0) + { + string_name_ofs = ofs + def_ofs + L_LBMPDM_FIELD_INFO_T; +@@ -1012,19 +967,19 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + lbmpdm_definition_field_t * field = NULL; + guint32 field_id; + +- field_id = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_ID, encoding); ++ field_id = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_ID, encoding); + field = lbmpdm_definition_field_find(def, field_id); + if (field == NULL) + { + field = lbmpdm_definition_field_add(def, field_id); + if (field != NULL) + { +- field->len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_LEN, encoding); +- field->fixed_string_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED_STR_LEN, encoding); +- field->num_array_elem = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_NUM_ARR_ELEM, encoding); ++ field->len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_LEN, encoding); ++ field->fixed_string_len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED_STR_LEN, encoding); ++ field->num_array_elem = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_NUM_ARR_ELEM, encoding); + field->required = tvb_get_guint8(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_REQ); + field->fixed = tvb_get_guint8(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED); +- field->field_int_name = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FLD_INT_NAME, encoding); ++ field->field_int_name = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FLD_INT_NAME, encoding); + if (string_field_name && (string_name_len > 0)) + { + field->field_string_name_len = string_name_len; +@@ -1035,7 +990,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo, + field->field_string_name_len = 0; + field->field_string_name = NULL; + } +- field->field_type = lbmpdm_fetch_uint16_encoded(tvb, ofs + type_ofs, encoding); ++ field->field_type = tvb_get_guint16(tvb, ofs + type_ofs, encoding); + switch (field->field_type) + { + case PDM_TYPE_BOOLEAN: +@@ -1213,7 +1168,7 @@ gboolean lbmpdm_verify_payload(tvbuff_t * tvb, int offset, int * encoding, int * + return (FALSE); + break; + } +- len = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, *encoding); ++ len = tvb_get_guint32(tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, *encoding); + if (len > G_MAXINT) + { + return (FALSE); +@@ -1265,7 +1220,7 @@ int lbmpdm_dissect_lbmpdm_payload(tvbuff_t * tvb, int offset, packet_info * pinf + proto_tree_add_item(subtree, hf_lbmpdm_def_minor_ver, tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_MINOR_VER, L_LBMPDM_MSG_HDR_T_DEF_MINOR_VER, encoding); + msgid.ver_minor = tvb_get_guint8(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_MINOR_VER); + proto_tree_add_item(subtree, hf_lbmpdm_def_id, tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, L_LBMPDM_MSG_HDR_T_DEF_ID, encoding); +- msgid.msg_def_id = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, encoding); ++ msgid.msg_def_id = tvb_get_guint32(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, encoding); + proto_tree_add_item(subtree, hf_lbmpdm_len, tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, L_LBMPDM_MSG_HDR_T_LEN, encoding); + + next_hdr = tvb_get_guint8(tvb, offset + O_LBMPDM_MSG_HDR_T_NEXT_HDR); +-- +1.7.12.4 + diff --git a/SIGNATURES-2.6.2.txt b/SIGNATURES-2.6.2.txt new file mode 100644 index 0000000..d7afcf1 --- /dev/null +++ b/SIGNATURES-2.6.2.txt @@ -0,0 +1,60 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-2.6.2.tar.xz: 28392140 bytes +SHA256(wireshark-2.6.2.tar.xz)=49b2895ee3ba17ef9ef0aebfdc4d32a778e0f36ccadde184516557d5f3357094 +RIPEMD160(wireshark-2.6.2.tar.xz)=e9b782d49d9a063ba556320e9f2c08dea079967d +SHA1(wireshark-2.6.2.tar.xz)=52517c30926211b0b718815b51a3f06a18d8f5da + +Wireshark-win64-2.6.2.exe: 59963968 bytes +SHA256(Wireshark-win64-2.6.2.exe)=88aa2ca018090fc73ffb273aa1ba9f690ec06deb77d1ec7ff9b39fe646ca2877 +RIPEMD160(Wireshark-win64-2.6.2.exe)=3b947ada3e64bfb1c1b16a470926d94ed9db391b +SHA1(Wireshark-win64-2.6.2.exe)=90217eb0ed020a53a9ae80682c0881d347d11b4a + +Wireshark-win32-2.6.2.exe: 54249888 bytes +SHA256(Wireshark-win32-2.6.2.exe)=3d886e435570b7326f53d00996040ef65b9e2a5bffe48645ce29ea5a23930801 +RIPEMD160(Wireshark-win32-2.6.2.exe)=c2c5afa101559976439f36401ea1cc4564fa624e +SHA1(Wireshark-win32-2.6.2.exe)=eb7c50e80d6e7ec834599c1facfd6a3fd66aebf8 + +Wireshark-win32-2.6.2.msi: 43728896 bytes +SHA256(Wireshark-win32-2.6.2.msi)=99d5d94345a20e177736533840ff59859a76e864247a8146a73fca227f004043 +RIPEMD160(Wireshark-win32-2.6.2.msi)=7f21412e4d335f6e797356b968fbef14afb03b8c +SHA1(Wireshark-win32-2.6.2.msi)=05f1f9c4b9bed8c4447e5e31f907c578f52cf067 + +Wireshark-win64-2.6.2.msi: 49364992 bytes +SHA256(Wireshark-win64-2.6.2.msi)=381076d09c757038072f761f7eee9d5aa45fa8423b771ba34ddbd8b56f2c429c +RIPEMD160(Wireshark-win64-2.6.2.msi)=a080eec0f8bd089f493d0c76837d7fe03c1fa0dd +SHA1(Wireshark-win64-2.6.2.msi)=2c6b5bf555729d1e5ee3a1dda8d2b14d3bb01759 + +WiresharkPortable_2.6.2.paf.exe: 37482552 bytes +SHA256(WiresharkPortable_2.6.2.paf.exe)=d36727bdb8cc3a72bfb80084d3c634c3bfa4661f4de68d644b43ef5d41c52b69 +RIPEMD160(WiresharkPortable_2.6.2.paf.exe)=a98756bf5a67e47e1ca9ecd8836f2e6913a56f27 +SHA1(WiresharkPortable_2.6.2.paf.exe)=dd11e62f34212be77abee9d2227a2fd3b613b0a5 + +Wireshark 2.6.2 Intel 64.dmg: 169012317 bytes +SHA256(Wireshark 2.6.2 Intel 64.dmg)=ef54b04a73df4069e29e77bc1940f3b767ee498c4e28f739eabda78ef71ab4a9 +RIPEMD160(Wireshark 2.6.2 Intel 64.dmg)=f93d2cc4057337ca76d1aa435b0039a60927bebb +SHA1(Wireshark 2.6.2 Intel 64.dmg)=3a46de720848b286e7c115c75c7b00bcd08155aa + +You can validate these hashes using the following commands (among others): + + Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 + Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz + macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" + Other: openssl sha256 wireshark-x.y.z.tar.xz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAltPqKQACgkQgiRKeOb+ +rurNbg//dw5903/0W2vw1a6u8F9JVvXfctb9/t1IOD2yT2omPXFTfqEkcwcY5c8W +FoSsflHM6g4rf8jqpqyipSPb6lYRJjm1fZGDzTilVPe+pcAV/HZ2QSdwOgw9FiAs +sV2eZdqPMVqdeLgDGtC4aHHabwsytFNaWtZLVyKr4ojdUfJNIBa40iUrItxXfgxA +GDCnVpdapuygk4rMeDpi3qZtvEKmgZ9Yj5aseX+wBYIT21EShP/gHSKNSA8x3gGz +xnpvOrz2qyJmWB6sBmIQndEXrYdazKr14Fzhmc2ajFMOJLwTGIZg5wl+UDnmPikW +6R1gRzSwkjEtgTKlZ9Gcel8eg6fNjW9HC9d4VjZzG4N693YrYwlpu0FIvaK+QGxE +yEJKPJnlaCi37Q6GBiKIpC5NUkTnt38Gb5DJ4/N3tk4P2LGlSyyMxLc5U096Zd8V +KCE/OVUuZs/4NsgIYaTYWDyTeNjjN2ZXnyx0N3x8yzWHcB6gYVPJc2lKouZe9XqZ +9Gz1Fr0/LEbx+r0iFOEm9pX/W8a5pzZnMn5YYUeTue61ZZp/yBOf7oTqjCVvSPHU +rZhsHMLcZnBNFoYKr03dcvukgSNsndTJPXvAEIX9FVmQUcQAEsdXRFO/csihG7l/ +7KWgNjReI7eoWkBUH8sx7J+4wZVy9leWjHTtkZKTeOo6OO1vJx4= +=OiJq +-----END PGP SIGNATURE----- diff --git a/wireshark-0001-enable-Lua-support.patch b/wireshark-0001-enable-Lua-support.patch new file mode 100644 index 0000000..6963c77 --- /dev/null +++ b/wireshark-0001-enable-Lua-support.patch @@ -0,0 +1,18 @@ +From: =?UTF-8?q?Radek=20Vok=C3=A1l?= +Date: Tue, 15 Dec 2009 08:36:27 +0000 +Subject: [PATCH] enable Lua support + + +diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua +index 3fe2aca..2b48f9b 100644 +--- a/epan/wslua/template-init.lua ++++ b/epan/wslua/template-init.lua +@@ -41,7 +41,7 @@ if running_superuser then + local disabled_lib = {} + setmetatable(disabled_lib,{ __index = function() error("this package ".. hint) end } ); + +- dofile = function() error("dofile " .. hint) end ++-- dofile = function() error("dofile " .. hint) end + loadfile = function() error("loadfile " .. hint) end + loadlib = function() error("loadlib " .. hint) end + require = function() error("require " .. hint) end diff --git a/wireshark-0002-Customize-permission-denied-error.patch b/wireshark-0002-Customize-permission-denied-error.patch new file mode 100644 index 0000000..9b3451f --- /dev/null +++ b/wireshark-0002-Customize-permission-denied-error.patch @@ -0,0 +1,57 @@ +From: Jan Safranek +Date: Fri, 26 Nov 2010 14:30:45 +0300 +Subject: [PATCH] Customize 'permission denied' error. + +Add Fedora-specific message to error output when dumpcap cannot be started +because of permissions. + +Signed-off-by: Jan Safranek + +diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c +index 2f9d2cc..b18e47f 100644 +--- a/capchild/capture_sync.c ++++ b/capchild/capture_sync.c +@@ -375,6 +375,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi + gchar *signal_pipe_name; + #else + char errmsg[1024+1]; ++ const char *securitymsg = ""; + int sync_pipe[2]; /* pipe used to send messages from child to parent */ + enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */ + #endif +@@ -728,8 +729,11 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi + dup2(sync_pipe[PIPE_WRITE], 2); + ws_close(sync_pipe[PIPE_READ]); + execv(argv[0], argv); +- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", +- argv[0], g_strerror(errno)); ++ if (errno == EPERM || errno == EACCES) ++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root."; ++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", ++ argv[0], g_strerror(errno), securitymsg); ++ + sync_pipe_errmsg_to_parent(2, errmsg, ""); + + /* Exit with "_exit()", so that we don't close the connection +@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + int i; + #else + char errmsg[1024+1]; ++ const char *securitymsg = ""; + int sync_pipe[2]; /* pipe used to send messages from child to parent */ + int data_pipe[2]; /* pipe used to send data from child to parent */ + #endif +@@ -1003,8 +1008,11 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + ws_close(sync_pipe[PIPE_READ]); + ws_close(sync_pipe[PIPE_WRITE]); + execv(argv[0], argv); +- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", +- argv[0], g_strerror(errno)); ++ execv(argv[0], (gpointer)argv); ++ if (errno == EPERM || errno == EACCES) ++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root."; ++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", ++ argv[0], g_strerror(errno), securitymsg); + sync_pipe_errmsg_to_parent(2, errmsg, ""); + + /* Exit with "_exit()", so that we don't close the connection diff --git a/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch new file mode 100644 index 0000000..8277a8c --- /dev/null +++ b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch @@ -0,0 +1,18 @@ +From: Peter Hatina +Date: Wed, 4 Sep 2013 10:03:57 +0200 +Subject: [PATCH] fix string overrun in plugins/profinet + + +diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c +index 0f1658a..f7fd322 100644 +--- a/plugins/epan/profinet/packet-dcom-cba.c ++++ b/plugins/epan/profinet/packet-dcom-cba.c +@@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) + { + guint32 u32Pointer; +- gchar szStr[1000]; ++ gchar szStr[1000] = ""; + guint32 u32MaxStr = sizeof(szStr); + gchar *call; + diff --git a/wireshark-0004-Restore-Fedora-specific-groups.patch b/wireshark-0004-Restore-Fedora-specific-groups.patch new file mode 100644 index 0000000..2cdf2ea --- /dev/null +++ b/wireshark-0004-Restore-Fedora-specific-groups.patch @@ -0,0 +1,15 @@ +From: Peter Lemenkov +Date: Fri, 13 Sep 2013 14:36:55 +0400 +Subject: [PATCH] Restore Fedora-specific groups + +Signed-off-by: Peter Lemenkov +diff --git a/wireshark.desktop b/wireshark.desktop +index 334db48..669c6f1 100644 +--- a/wireshark.desktop ++++ b/wireshark.desktop +@@ -108,4 +108,4 @@ Terminal=false + MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr; + # Category entry according to: + # http://standards.freedesktop.org/menu-spec/1.0/ +-Categories=Network;Monitor;Qt; ++Categories=Application;Network;Monitor;Qt; diff --git a/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch b/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch new file mode 100644 index 0000000..a762194 --- /dev/null +++ b/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch @@ -0,0 +1,20 @@ +From: Kenneth Soerensen +Date: Wed, 29 Jan 2014 16:04:12 +0400 +Subject: [PATCH] Fix paths in a wireshark.desktop file + + +diff --git a/wireshark.desktop b/wireshark.desktop +index 669c6f1..f7df1f3 100644 +--- a/wireshark.desktop ++++ b/wireshark.desktop +@@ -102,8 +102,8 @@ Comment[tr]=Ağ trafiği çözümleyicisi + Comment[vi]=Trình phân tích giao thông mạng + Comment[uk]=Аналізатор мережевого трафіку + Icon=wireshark +-TryExec=wireshark +-Exec=wireshark %f ++TryExec=/usr/bin/wireshark ++Exec=/usr/bin/wireshark %f + Terminal=false + MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr; + # Category entry according to: diff --git a/wireshark-0006-Move-tmp-to-var-tmp.patch b/wireshark-0006-Move-tmp-to-var-tmp.patch new file mode 100644 index 0000000..faf34b5 --- /dev/null +++ b/wireshark-0006-Move-tmp-to-var-tmp.patch @@ -0,0 +1,330 @@ +From cb54210f7f02b07768cfbf49ae266d487f580e1b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 29 Jun 2017 15:32:58 +0200 +Subject: [PATCH] Move /tmp to /var/tmp + +Fedora is using tmpfs which is limited by the size of RAM, thus we need +to use different directory on different filesystem. +--- + ui/gtk/about_dlg.c | 3 +- + ui/qt/about_dialog.cpp | 3 +- + ui/qt/iax2_analysis_dialog.cpp | 5 +-- + ui/qt/rtp_analysis_dialog.cpp | 5 +-- + ui/qt/rtp_audio_stream.cpp | 3 +- + wsutil/Makefile.am | 6 ++-- + wsutil/tempfile.c | 9 +++--- + wsutil/tempfile.h | 4 +-- + wsutil/wstmpdir.c | 70 ++++++++++++++++++++++++++++++++++++++++++ + wsutil/wstmpdir.h | 39 +++++++++++++++++++++++ + 10 files changed, 132 insertions(+), 15 deletions(-) + create mode 100644 wsutil/wstmpdir.c + create mode 100644 wsutil/wstmpdir.h + +diff --git a/ui/gtk/about_dlg.c b/ui/gtk/about_dlg.c +index 22ca841..6bcb527 100644 +--- a/ui/gtk/about_dlg.c ++++ b/ui/gtk/about_dlg.c +@@ -28,6 +28,7 @@ + #include + + #include ++#include /* for get_tmp_dir() */ + #include + #include + #ifdef HAVE_LIBSMI +@@ -427,7 +428,7 @@ about_folders_page_new(void) + "capture files"); + + /* temp */ +- about_folders_row(table, "Temp", g_get_tmp_dir(), ++ about_folders_row(table, "Temp", get_tmp_dir(), + "untitled capture files"); + + /* pers conf */ +diff --git a/ui/qt/about_dialog.cpp b/ui/qt/about_dialog.cpp +index 31dc581..2f74285 100644 +--- a/ui/qt/about_dialog.cpp ++++ b/ui/qt/about_dialog.cpp +@@ -26,6 +26,7 @@ + + #include "wireshark_application.h" + #include ++#include /* for get_tmp_dir() */ + + #include + #include +@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent): + appendRow( QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files")); + + /* temp */ +- appendRow( QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files")); ++ appendRow( QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files")); + + /* pers conf */ + appendRow( QStringList() << tr("Personal configuration") +diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp +index ee4e5fd..fe17a95 100644 +--- a/ui/qt/iax2_analysis_dialog.cpp ++++ b/ui/qt/iax2_analysis_dialog.cpp +@@ -37,6 +37,7 @@ + #include "ui/rtp_stream.h" + #endif + #include ++#include /* for get_tmp_dir() */ + + #include + #include +@@ -271,10 +272,10 @@ Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) : + + // We keep our temp files open for the lifetime of the dialog. The GTK+ + // UI opens and closes at various points. +- QString tempname = QString("%1/wireshark_iax2_f").arg(QDir::tempPath()); ++ QString tempname = QString("%1/wireshark_iax2_f").arg(get_tmp_dir()); + fwd_tempfile_ = new QTemporaryFile(tempname, this); + fwd_tempfile_->open(); +- tempname = QString("%1/wireshark_iax2_r").arg(QDir::tempPath()); ++ tempname = QString("%1/wireshark_iax2_r").arg(get_tmp_dir()); + rev_tempfile_ = new QTemporaryFile(tempname, this); + rev_tempfile_->open(); + +diff --git a/ui/qt/rtp_analysis_dialog.cpp b/ui/qt/rtp_analysis_dialog.cpp +index 5d82e46..8008984 100644 +--- a/ui/qt/rtp_analysis_dialog.cpp ++++ b/ui/qt/rtp_analysis_dialog.cpp +@@ -37,6 +37,7 @@ + + #include + #include ++#include /* for get_tmp_dir() */ + + #include + #include +@@ -331,10 +332,10 @@ RtpAnalysisDialog::RtpAnalysisDialog(QWidget &parent, CaptureFile &cf, struct _r + + // We keep our temp files open for the lifetime of the dialog. The GTK+ + // UI opens and closes at various points. +- QString tempname = QString("%1/wireshark_rtp_f").arg(QDir::tempPath()); ++ QString tempname = QString("%1/wireshark_rtp_f").arg(get_tmp_dir()); + fwd_tempfile_ = new QTemporaryFile(tempname, this); + fwd_tempfile_->open(); +- tempname = QString("%1/wireshark_rtp_r").arg(QDir::tempPath()); ++ tempname = QString("%1/wireshark_rtp_r").arg(get_tmp_dir()); + rev_tempfile_ = new QTemporaryFile(tempname, this); + rev_tempfile_->open(); + +diff --git a/ui/qt/rtp_audio_stream.cpp b/ui/qt/rtp_audio_stream.cpp +index fde66c8..b9531d2 100644 +--- a/ui/qt/rtp_audio_stream.cpp ++++ b/ui/qt/rtp_audio_stream.cpp +@@ -37,6 +37,7 @@ + #include + + #include ++#include /* for get_tmp_dir() */ + + #include + #include +@@ -76,7 +77,7 @@ RtpAudioStream::RtpAudioStream(QObject *parent, _rtp_stream_info *rtp_stream) : + visual_sample_rate_, SPEEX_RESAMPLER_QUALITY_MIN, NULL); + speex_resampler_skip_zeros(visual_resampler_); + +- QString tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath()); ++ QString tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir()); + tempfile_ = new QTemporaryFile(tempname, this); + tempfile_->open(); + +diff --git a/wsutil/Makefile.am b/wsutil/Makefile.am +index 2af1b6c..aa149a2 100644 +--- a/wsutil/Makefile.am ++++ b/wsutil/Makefile.am +@@ -90,6 +90,7 @@ WSUTIL_PUBLIC_INCLUDES = \ + ws_pipe.h \ + ws_printf.h \ + wsjsmn.h \ ++ wstmpdir.h \ + wsgcrypt.h \ + wsgetopt.h \ + wspcap.h \ +@@ -168,6 +169,7 @@ libwsutil_la_SOURCES = \ + ws_pipe.c \ + wsgcrypt.c \ + wsjsmn.c \ ++ wstmpdir.c \ + xtea.c + + if HAVE_PLUGINS +diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c +index 8e1f8dc..dcf2f78 100644 +--- a/wsutil/tempfile.c ++++ b/wsutil/tempfile.c +@@ -36,6 +36,7 @@ + + #include "tempfile.h" + #include ++#include /* for get_tmp_dir() */ + + #ifndef __set_errno + #define __set_errno(x) errno=(x) +@@ -83,13 +83,14 @@ mkstemps(char *path_template, int suffixlen) + */ + char *get_tempfile_path(const char *filename) + { +- return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", g_get_tmp_dir(), filename); ++ return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", get_tmp_dir(), filename); + } + + #define MAX_TEMPFILES 3 + + /** +- * Create a tempfile with the given prefix (e.g. "wireshark"). ++ * Create a tempfile with the given prefix (e.g. "wireshark"). The path ++ * is created using get_tmp_dir and mkdtemp + * + * @param namebuf If not NULL, receives the full path of the temp file. + * Should NOT be freed. +@@ -199,7 +200,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx) + tf[idx].path = (char *)g_malloc(tf[idx].len); + } + +- tmp_dir = g_get_tmp_dir(); ++ tmp_dir = get_tmp_dir(); + + #ifdef _WIN32 + _tzset(); +diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h +index 1dca2df..bb3160c 100644 +--- a/wsutil/tempfile.h ++++ b/wsutil/tempfile.h +@@ -45,7 +45,7 @@ WS_DLL_PUBLIC char *get_tempfile_path(const char *filename); + + /** + * Create a tempfile with the given prefix (e.g. "wireshark"). The path +- * is created using g_get_tmp_dir and mkstemp. ++ * is created using get_tmp_dir and mkstemp. + * + * @param namebuf [in,out] If not NULL, receives the full path of the temp file. + * Must NOT be freed. +diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c +new file mode 100644 +index 0000000..d8b733b +--- /dev/null ++++ b/wsutil/wstmpdir.c +@@ -0,0 +1,70 @@ ++/* wstmpdir.c ++ * ++ * Copyright (C) 2013 Red Hat, Inc. All right reserved. ++ * ++ * Temporary directory routine ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Author: Peter Hatina ++ */ ++ ++#include "config.h" ++ ++#include ++#include "wstmpdir.h" ++ ++/** ++ * Gets the directory to use for temporary files. ++ * ++ * Inspired by glib-2.0. If no TMP, TEMP or TMPDIR is set, ++ * /var/tmp is returned (Fedora specific). ++ * ++ * Returns: the directory to use for temporary files. ++ */ ++const char *get_tmp_dir(void) ++{ ++ static gchar *tmp_dir; ++ ++ if (g_once_init_enter(&tmp_dir)) { ++ gchar *tmp; ++ ++ tmp = g_strdup(g_getenv("TEMP")); ++ if (tmp == NULL || *tmp == '\0') { ++ g_free(tmp); ++ tmp = g_strdup(g_getenv("TMPDIR")); ++ } ++ ++#ifdef P_tmpdir ++ if (tmp == NULL || *tmp == '\0') { ++ gsize k; ++ g_free(tmp); ++ tmp = g_strdup(P_tmpdir); ++ k = strlen(tmp); ++ if (k > 1 && G_IS_DIR_SEPARATOR(tmp[k - 1])) ++ tmp[k - 1] = '\0'; ++ } ++#endif /* P_tmpdir */ ++ ++ if (tmp == NULL || *tmp == '\0') { ++ g_free(tmp); ++ tmp = g_strdup("/var/tmp"); ++ } ++ ++ g_once_init_leave(&tmp_dir, tmp); ++ } ++ ++ return tmp_dir; ++} +diff --git a/wsutil/wstmpdir.h b/wsutil/wstmpdir.h +new file mode 100644 +index 0000000..07ac583 +--- /dev/null ++++ b/wsutil/wstmpdir.h +@@ -0,0 +1,39 @@ ++/* wstmpdir.c ++ * ++ * Copyright (C) 2013 Red Hat, Inc. All right reserved. ++ * ++ * Temporary directory routine ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Author: Peter Hatina ++ */ ++ ++#ifndef __WS_TMP_DIR_H__ ++#define __WS_TMP_DIR_H__ ++ ++#include "ws_symbol_export.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif // __cplusplus ++ ++WS_DLL_PUBLIC const char *get_tmp_dir(void); ++ ++#ifdef __cplusplus ++} ++#endif // __cplusplus ++ ++#endif +-- +2.13.0 + diff --git a/wireshark-0007-cmakelists.patch b/wireshark-0007-cmakelists.patch new file mode 100644 index 0000000..07919f0 --- /dev/null +++ b/wireshark-0007-cmakelists.patch @@ -0,0 +1,33 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 9e3b555..b0abd84 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -3069,7 +3069,7 @@ if(RPMBUILD_EXECUTABLE AND GIT_EXECUTABLE) + endif() + + execute_process( +- COMMAND git describe --abbrev=8 --match v[1-9]* ++ COMMAND git describe --always --abbrev=8 --match v[1-9]* + OUTPUT_VARIABLE _git_description + OUTPUT_STRIP_TRAILING_WHITESPACE + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} +diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt +index 0367cd1..6382a2c 100644 +--- a/wsutil/CMakeLists.txt ++++ b/wsutil/CMakeLists.txt +@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS + ws_mempbrk_int.h + ws_pipe.h + ws_printf.h ++ wstmpdir.h + wsjsmn.h + xtea.h + ) +@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES + unicode-utils.c + ws_mempbrk.c + ws_pipe.c ++ wstmpdir.c + wsgcrypt.c + wsjsmn.c + xtea.c diff --git a/wireshark-2.6.2.tar.xz b/wireshark-2.6.2.tar.xz new file mode 100644 index 0000000..6f91294 Binary files /dev/null and b/wireshark-2.6.2.tar.xz differ diff --git a/wireshark-CVE-2018-16057.patch b/wireshark-CVE-2018-16057.patch new file mode 100644 index 0000000..f694942 --- /dev/null +++ b/wireshark-CVE-2018-16057.patch @@ -0,0 +1,46 @@ +From 739eebd3d2e39db63c959eb99291edf59647ed6d Mon Sep 17 00:00:00 2001 +From: Pascal Quantin +Date: Wed, 8 Aug 2018 16:45:21 +0200 +Subject: [PATCH] 802.11 Radiotap: add more bound checks in + ieee80211_radiotap_iterator_next() + +Bug: 15022 +Change-Id: Ife413312c88b8d78926c78bdb6707903257e7964 +Reviewed-on: https://code.wireshark.org/review/29017 +Petri-Dish: Pascal Quantin +Tested-by: Petri Dish Buildbot +Reviewed-by: Richard Sharpe +--- + epan/dissectors/packet-ieee80211-radiotap-iter.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/epan/dissectors/packet-ieee80211-radiotap-iter.c b/epan/dissectors/packet-ieee80211-radiotap-iter.c +index 167cb39..e10fdaf 100644 +--- a/epan/dissectors/packet-ieee80211-radiotap-iter.c ++++ b/epan/dissectors/packet-ieee80211-radiotap-iter.c +@@ -132,6 +132,7 @@ int ieee80211_radiotap_iterator_init( + iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present); + iterator->_arg = (guint8 *)radiotap_header + sizeof(*radiotap_header); + iterator->_reset_on_ext = 0; ++ iterator->_next_ns_data = NULL; + iterator->_next_bitmap = &radiotap_header->it_present; + iterator->_next_bitmap++; + iterator->_vns = vns; +@@ -288,9 +289,14 @@ int ieee80211_radiotap_iterator_next( + } + if (!align) { + /* skip all subsequent data */ ++ if (!iterator->_next_ns_data) ++ return -EINVAL; + iterator->_arg = iterator->_next_ns_data; + /* give up on this namespace */ + iterator->current_namespace = NULL; ++ iterator->_next_ns_data = NULL; ++ if (!ITERATOR_VALID(iterator, 0)) ++ return -EINVAL; + goto next_entry; + } + break; +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-16058.patch b/wireshark-CVE-2018-16058.patch new file mode 100644 index 0000000..0c7ba6a --- /dev/null +++ b/wireshark-CVE-2018-16058.patch @@ -0,0 +1,37 @@ +From c48d6a6d60c5c9111838a945966b6cb8750777be Mon Sep 17 00:00:00 2001 +From: Pascal Quantin +Date: Tue, 14 Aug 2018 11:03:09 +0200 +Subject: [PATCH] BT A2DP: fully initialize sep_entry_t structure + +Bug: 14884 +Change-Id: Id409563d5e8869596db7b479132045bf8cf88f16 +Reviewed-on: https://code.wireshark.org/review/29128 +Petri-Dish: Anders Broman +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-btavdtp.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/epan/dissectors/packet-btavdtp.c b/epan/dissectors/packet-btavdtp.c +index afdac33..c21308b 100644 +--- a/epan/dissectors/packet-btavdtp.c ++++ b/epan/dissectors/packet-btavdtp.c +@@ -719,13 +719,11 @@ dissect_sep(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset, + key[6].length = 0; + key[6].key = NULL; + +- sep_data = wmem_new(wmem_file_scope(), sep_entry_t); ++ sep_data = wmem_new0(wmem_file_scope(), sep_entry_t); + sep_data->seid = seid; + sep_data->type = type; + sep_data->media_type = media_type; +- sep_data->int_seid = 0; + sep_data->codec = -1; +- sep_data->content_protection_type = 0; + if (in_use) { + sep_data->state = SEP_STATE_IN_USE; + } else { +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-18225.patch b/wireshark-CVE-2018-18225.patch new file mode 100644 index 0000000..ec26f54 --- /dev/null +++ b/wireshark-CVE-2018-18225.patch @@ -0,0 +1,56 @@ +From 5a2aafef7a8ad4b3917823133c2e3534951fc4d3 Mon Sep 17 00:00:00 2001 +From: Peter Wu +Date: Tue, 9 Oct 2018 19:18:34 +0200 +Subject: [PATCH] coap: ensure that piv_len matches piv + +In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and +piv_len are reset to avoid this. Adjust another check to ensure that piv +and piv_len are in sync (probably not necessary, but it seems the +intention). + +Bug: 15172 +Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d +Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE") +Reviewed-on: https://code.wireshark.org/review/30100 +Petri-Dish: Peter Wu +Petri-Dish: Gerald Combs +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-coap.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/epan/dissectors/packet-coap.c b/epan/dissectors/packet-coap.c +index b034042..40331af 100644 +--- a/epan/dissectors/packet-coap.c ++++ b/epan/dissectors/packet-coap.c +@@ -451,8 +451,11 @@ dissect_coap_opt_object_security(tvbuff_t *tvb, proto_item *head_item, proto_tre + coinfo->object_security = TRUE; + + coinfo->oscore_info->piv = NULL; ++ coinfo->oscore_info->piv_len = 0; + coinfo->oscore_info->kid_context = NULL; ++ coinfo->oscore_info->kid_context_len = 0; + coinfo->oscore_info->kid = NULL; ++ coinfo->oscore_info->kid_len = 0; + + if (opt_length == 0) { /* option length is zero, means flag byte is 0x00*/ + /* add info to the head of the packet detail */ +@@ -1148,11 +1151,9 @@ dissect_coap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* d + /* Indicate to OSCORE that this response contains its own PIV */ + coinfo->oscore_info->piv_in_response = TRUE; + coap_trans->oscore_info->piv_in_response = TRUE; +- } else { +- if (coap_trans->oscore_info->piv) { +- /* Use the PIV from the request */ +- coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len); +- } ++ } else if (coap_trans->oscore_info->piv_len > 0) { ++ /* Use the PIV from the request */ ++ coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len); + coinfo->oscore_info->piv_len = coap_trans->oscore_info->piv_len; + } + coinfo->oscore_info->response = TRUE; +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-18226.patch b/wireshark-CVE-2018-18226.patch new file mode 100644 index 0000000..19d9c2b --- /dev/null +++ b/wireshark-CVE-2018-18226.patch @@ -0,0 +1,81 @@ +From f3986c24728f03a346a10388fd6c15ea9ae16d41 Mon Sep 17 00:00:00 2001 +From: Peter Wu +Date: Tue, 9 Oct 2018 18:16:11 +0200 +Subject: [PATCH] steam-ihs: fix memleak on exception + +When protobuf_dissect_unknown_field throws an exception, +steamdiscover_dissect_body_status will leak memory as +wmem_destroy_allocator is not called. Capture fuzz-2018-10-06-3104.pcap +from the linked bug leaks 64kiB memory in each frame 14 and 36. + +Bug: 15171 +Change-Id: I930d0738fde61799ab4ef2310f8ff11c1bcb032b +Fixes: v2.5.1rc0-130-g7ae954c7ac ("steam-ihs: Add dissector for the Steam IHS Discovery Protocol") +Reviewed-on: https://code.wireshark.org/review/30098 +Petri-Dish: Peter Wu +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-steam-ihs-discovery.c | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/epan/dissectors/packet-steam-ihs-discovery.c b/epan/dissectors/packet-steam-ihs-discovery.c +index 1bec81e..9d238f4 100644 +--- a/epan/dissectors/packet-steam-ihs-discovery.c ++++ b/epan/dissectors/packet-steam-ihs-discovery.c +@@ -491,9 +491,7 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree + protobuf_desc_t pb = { tvb, offset, bytes_left }; + protobuf_desc_t pb2 = { tvb, 0, 0 }; + protobuf_tag_t tag = { 0, 0, 0 }; +- wmem_allocator_t* strpool; + guint8 *hostname; +- strpool = wmem_allocator_new(WMEM_ALLOCATOR_SIMPLE); + nstime_t timestamp; + proto_tree *user_tree; + proto_item *user_it; +@@ -522,7 +520,7 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree + value = get_varint64(pb.tvb, pb.offset, pb.bytes_left, &len); + proto_tree_add_item(tree, hf_steam_ihs_discovery_body_status_hostname, pb.tvb, + pb.offset+len, (gint)value, ENC_UTF_8|ENC_NA); +- hostname = tvb_get_string_enc(strpool, pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8); ++ hostname = tvb_get_string_enc(wmem_packet_scope(), pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8); + if(hostname && strlen(hostname)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "%s from %s", hf_steam_ihs_discovery_header_msgtype_strings[STEAMDISCOVER_MSGTYPE_CLIENTBROADCASTMSGSTATUS].strptr, hostname); + } +@@ -615,7 +613,6 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree + } + protobuf_seek_forward(&pb, len); + } +- wmem_destroy_allocator(strpool); + } + + /* Dissect a CMsgRemoteDeviceAuthorizationRequest protobuf message body. +@@ -648,8 +645,6 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_ + gint64 value; + protobuf_desc_t pb = { tvb, offset, bytes_left }; + protobuf_tag_t tag = { 0, 0, 0 }; +- wmem_allocator_t *strpool; +- strpool = wmem_allocator_new(WMEM_ALLOCATOR_SIMPLE); + guint8* devicename; + while (protobuf_iter_next(&pb, &tag)) { + switch(tag.field_number) { +@@ -665,7 +660,7 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_ + value = get_varint64(pb.tvb, pb.offset, pb.bytes_left, &len); + proto_tree_add_item(tree, hf_steam_ihs_discovery_body_authrequest_devicename, pb.tvb, + pb.offset+len, (gint)value, ENC_UTF_8|ENC_NA); +- devicename = tvb_get_string_enc(strpool, pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8); ++ devicename = tvb_get_string_enc(wmem_packet_scope(), pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8); + if (devicename && strlen(devicename)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " from %s", devicename); + } +@@ -684,7 +679,6 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_ + } + protobuf_seek_forward(&pb, len); + } +- wmem_destroy_allocator(strpool); + } + + /* Dissect a CMsgRemoteDeviceAuthorizationResponse protobuf message body. +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-18227.patch b/wireshark-CVE-2018-18227.patch new file mode 100644 index 0000000..be93111 --- /dev/null +++ b/wireshark-CVE-2018-18227.patch @@ -0,0 +1,744 @@ +From f4d2dffd8be1df30a832647a2f188507076f0fed Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Sun, 9 Sep 2018 10:45:56 -0700 +Subject: [PATCH] Fix handling of invalid type values. + +If vType_get_type() returns NULL, that means that the packet is bad, not +that the dissector is bad. Report it as such. + +Bug: 15119 +Change-Id: I8e66fcece2b526ef9edbf948862f8fc5bea25d74 +Reviewed-on: https://code.wireshark.org/review/29511 +Reviewed-by: Guy Harris +--- + epan/dissectors/packet-mswsp.c | 284 ++++++++++++++--------------------------- + 1 file changed, 99 insertions(+), 185 deletions(-) + +diff --git a/epan/dissectors/packet-mswsp.c b/epan/dissectors/packet-mswsp.c +index 4217130..295192a 100644 +--- a/epan/dissectors/packet-mswsp.c ++++ b/epan/dissectors/packet-mswsp.c +@@ -359,6 +359,7 @@ static int SMB2 = 2; + + void proto_reg_handoff_mswsp(void); + ++static expert_field ei_mswsp_invalid_variant_type = EI_INIT; + static expert_field ei_missing_msg_context = EI_INIT; + static expert_field ei_mswsp_msg_cpmsetbinding_ccolumns = EI_INIT; + +@@ -3068,7 +3069,7 @@ static int parse_lcid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, const + + /*****************************************************************************************/ + /* 2.2.1.1 CBaseStorageVariant */ +-static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CBaseStorageVariant *value, const char *text); ++static int parse_CBaseStorageVariant(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CBaseStorageVariant *value, const char *text); + + /* 2.2.1.2 CFullPropSpec */ + static int parse_CFullPropSpec(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *pad_tree, struct CFullPropSpec *v, const char *fmt, ...); +@@ -3080,10 +3081,10 @@ static int parse_CContentRestriction(tvbuff_t *tvb, int offset, proto_tree *pare + static int parse_CNatLanguageRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNatLanguageRestriction *v, const char *fmt, ...); + + /* 2.2.1.6 CNodeRestriction */ +-static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char* fmt, ...); ++static int parse_CNodeRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char* fmt, ...); + + /* 2.2.1.7 CPropertyRestriction */ +-static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...); ++static int parse_CPropertyRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...); + + /* 2.2.1.8 CReuseWhere */ + static int parse_CReuseWhere(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CReuseWhere *v, const char *fmt, ...); +@@ -3092,27 +3093,27 @@ static int parse_CReuseWhere(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + static int parse_CSort(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, const char *fmt, ...); + + /* 2.2.1.12 CCoercionRestriction */ +-static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...); ++static int parse_CCoercionRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...); + /* 2.2.1.16 CRestrictionArray */ +-static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CRestrictionArray(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.17 CRestriction */ +-static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...); ++static int parse_CRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...); + + /* 2.2.1.18 CColumnSet */ + static int parse_CColumnSet(tvbuff_t *tvb, int offset, proto_tree *tree, const char *fmt, ...); + + /* 2.2.1.20 CCategorizationSpec */ +-static int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CCategorizationSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.21 CCategSpec */ +-static int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.22 CRangeCategSpec */ +-static int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CRangeCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.23 RANGEBOUNDARY */ +-static int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_RANGEBOUNDARY(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.24 CAggregSet */ + static int parse_CAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); +@@ -3127,19 +3128,19 @@ static int parse_CSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tr + static int parse_CAggregSortKey(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.28 CInGroupSortAggregSets */ +-static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.29 CInGroupSortAggregSet */ +-static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.30 CDbColId */ + static int parse_CDbColId(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *text); + + /* 2.2.1.31 CDbProp */ +-static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...); ++static int parse_CDbProp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...); + + /* 2.2.1.32 CDbPropSet */ +-static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); ++static int parse_CDbPropSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.33 CPidMapper */ + static int parse_CPidMapper(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); +@@ -3157,7 +3158,7 @@ static int parse_CRowsetProperties(tvbuff_t *tvb, int offset, proto_tree *parent + static int parse_CSortSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...); + + /* 2.2.1.44 CTableColumn */ +-static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...); ++static int parse_CTableColumn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...); + + + /* +@@ -3231,11 +3232,11 @@ static int parse_CSortSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr + return offset; + } + +-static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...) ++static int parse_CTableColumn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...) + { + + +- proto_item *item; ++ proto_item *item, *ti_type; + proto_tree *tree; + va_list ap; + struct vtype_data *type; +@@ -3266,8 +3267,14 @@ static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree + } + } + type = vType_get_type(vtype_val); +- DISSECTOR_ASSERT(type != NULL); +- proto_tree_add_string_format_value(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, type->str, "%s%s", type->str, modifier); ++ if (type == NULL) { ++ /* ++ * Not a valid type. ++ */ ++ ti_type = proto_tree_add_string(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, "Unknown CTableColumn type"); ++ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type); ++ } else ++ proto_tree_add_string_format_value(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, type->str, "%s%s", type->str, modifier); + offset += 4; + + used = tvb_get_guint8(tvb, offset); +@@ -3487,7 +3494,7 @@ static int parse_relop(tvbuff_t *tvb, int offset, proto_tree *tree, guint32 *re + } + return offset + 4; + } +-static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...) ++static int parse_CPropertyRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...) + { + proto_tree *tree; + proto_item *item; +@@ -3505,7 +3512,7 @@ static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *par + + offset = parse_CFullPropSpec(tvb, offset, tree, pad_tree, &v->property, "Property"); + +- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &v->prval, "prval"); ++ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &v->prval, "prval"); + + offset = parse_padding(tvb, offset, 4, pad_tree, "padding_lcid"); + +@@ -3517,7 +3524,7 @@ static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *par + return offset; + } + +-static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...) ++static int parse_CCoercionRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...) + { + proto_tree *tree; + proto_item *item; +@@ -3535,7 +3542,7 @@ static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *par + + offset += 4; + +- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &v->child, "child"); ++ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &v->child, "child"); + + proto_item_set_end(item, tvb, offset); + return offset; +@@ -3732,7 +3739,7 @@ static int parse_rType(tvbuff_t *tvb, int offset, proto_tree *tree, enum rType * + return offset + 4; + } + +-static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...) ++static int parse_CRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...) + { + proto_tree *tree; + proto_item *item; +@@ -3761,18 +3768,18 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree + case RTProximity: + case RTPhrase: { + v->u.RTAnd = EP_ALLOC(struct CNodeRestriction); +- offset = parse_CNodeRestriction(tvb, offset, tree, pad_tree, v->u.RTAnd, "CNodeRestriction"); ++ offset = parse_CNodeRestriction(tvb, pinfo, offset, tree, pad_tree, v->u.RTAnd, "CNodeRestriction"); + break; + } + case RTNot: { + v->u.RTNot = EP_ALLOC(struct CRestriction); +- offset = parse_CRestriction(tvb, offset, tree, pad_tree, ++ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, + v->u.RTNot, "CRestriction"); + break; + } + case RTProperty: { + v->u.RTProperty = EP_ALLOC(struct CPropertyRestriction); +- offset = parse_CPropertyRestriction(tvb, offset, tree, pad_tree, ++ offset = parse_CPropertyRestriction(tvb, pinfo, offset, tree, pad_tree, + v->u.RTProperty, "CPropertyRestriction"); + break; + } +@@ -3780,7 +3787,7 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree + case RTCoerce_Multiply: + case RTCoerce_Absolute: { + v->u.RTCoerce_Add = EP_ALLOC(struct CCoercionRestriction); +- offset = parse_CCoercionRestriction(tvb, offset, tree, pad_tree, ++ offset = parse_CCoercionRestriction(tvb, pinfo, offset, tree, pad_tree, + v->u.RTCoerce_Add, "CCoercionRestriction"); + break; + } +@@ -3810,7 +3817,7 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree + return offset; + } + +-static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...) ++static int parse_CRestrictionArray(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...) + { + guint8 present, count; + +@@ -3840,14 +3847,14 @@ static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent + + for (i=0; icNode; i++) { + struct CRestriction r; + ZERO_STRUCT(r); +- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &r, "paNode[%u]", i); ++ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &r, "paNode[%u]", i); + offset = parse_padding(tvb, offset, 4, tree, "padding_paNode[%u]", i); /*at begin or end of loop ????*/ + + } +@@ -4208,117 +4215,7 @@ static const char *str_CBaseStorageVariant(struct CBaseStorageVariant *value, gb + return wmem_strbuf_get_str(strbuf); + } + +-static int parse_vType(tvbuff_t *tvb, int offset, guint16 *vtype) +-{ +- guint16 tmp_vtype = tvb_get_letohs(tvb, offset); +- guint16 modifier = tmp_vtype & 0xFF00; +- +- switch (tmp_vtype & 0xFF) { +- case VT_EMPTY: +- *vtype = VT_EMPTY; +- break; +- case VT_NULL: +- *vtype = VT_NULL; +- break; +- case VT_I2: +- *vtype = VT_I2; +- break; +- case VT_I4: +- *vtype = VT_I4; +- break; +- case VT_R4: +- *vtype = VT_R4; +- break; +- case VT_R8: +- *vtype = VT_R8; +- break; +- case VT_CY: +- *vtype = VT_CY; +- break; +- case VT_DATE: +- *vtype = VT_DATE; +- break; +- case VT_BSTR: +- *vtype = VT_BSTR; +- break; +- case VT_ERROR: +- *vtype = VT_ERROR; +- break; +- case VT_BOOL: +- *vtype = VT_BOOL; +- break; +- case VT_VARIANT: +- *vtype = VT_VARIANT; +- break; +- case VT_DECIMAL: +- *vtype = VT_DECIMAL; +- break; +- case VT_I1: +- *vtype = VT_I1; +- break; +- case VT_UI1: +- *vtype = VT_UI1; +- break; +- case VT_UI2: +- *vtype = VT_UI2; +- break; +- case VT_UI4: +- *vtype = VT_UI4; +- break; +- case VT_I8: +- *vtype = VT_I8; +- break; +- case VT_UI8: +- *vtype = VT_UI8; +- break; +- case VT_INT: +- *vtype = VT_INT; +- break; +- case VT_UINT: +- *vtype = VT_UINT; +- break; +- case VT_LPSTR: +- *vtype = VT_LPSTR; +- break; +- case VT_LPWSTR: +- *vtype = VT_LPWSTR; +- break; +- case VT_COMPRESSED_LPWSTR: +- *vtype = VT_COMPRESSED_LPWSTR; +- break; +- case VT_FILETIME: +- *vtype = VT_FILETIME; +- break; +- case VT_BLOB: +- *vtype = VT_BLOB; +- break; +- case VT_BLOB_OBJECT: +- *vtype = VT_BLOB_OBJECT; +- break; +- case VT_CLSID: +- *vtype = VT_CLSID; +- break; +- default: +- DISSECTOR_ASSERT(FALSE); +- break; +- } +- if (modifier) { +- switch (modifier) { +- case VT_VECTOR: +- *vtype |= VT_VECTOR; +- break; +- case VT_ARRAY: +- *vtype |= VT_ARRAY; +- break; +- default: +- DISSECTOR_ASSERT(FALSE); +- break; +- } +- } +- return offset + 2; +-} +- +-static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CBaseStorageVariant *value, const char *text) ++static int parse_CBaseStorageVariant(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CBaseStorageVariant *value, const char *text) + { + int i, len; + proto_item *ti, *ti_type, *ti_val; +@@ -4329,9 +4226,19 @@ static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *pare + + tree = proto_tree_add_subtree(parent_tree, tvb, offset, 0, ett_CBaseStorageVariant, &ti, text); + +- parse_vType(tvb, offset, &value->vType); +- value->type = vType_get_type(value->vType); +- DISSECTOR_ASSERT(value->type != NULL); ++ value->vType = tvb_get_letohs(tvb, offset); ++ value->type = vType_get_type(value->vType & 0xFF); ++ if (value->type == NULL) { ++ /* ++ * Not a valid type. ++ */ ++ ti_type = proto_tree_add_string(tree, hf_mswsp_cbasestorvariant_vtype, tvb, offset, 2, "Unknown CBaseStorageVariant type"); ++ offset += 2; ++ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type); ++ ++ THROW_MESSAGE(ReportedBoundsError, "Unknown CBaseStorageVariant type"); ++ return offset; ++ } + + ti_type = proto_tree_add_string(tree, hf_mswsp_cbasestorvariant_vtype, tvb, offset, 2, value->type->str); + offset += 2; +@@ -4452,7 +4359,7 @@ static int parse_CDbColId(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr + return offset; + } + +-static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...) ++static int parse_CDbProp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...) + { + static const value_string EMPTY_VS[] = {{0, NULL}}; + const value_string *vs = (propset && propset->id_map) ? propset->id_map : EMPTY_VS; +@@ -4485,7 +4392,7 @@ static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pro + + offset = parse_CDbColId(tvb, offset, tree, pad_tree, "colid"); + +- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &value, "vValue"); ++ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &value, "vValue"); + + str = str_CBaseStorageVariant(&value, TRUE); + proto_item_append_text(item, " %s", str); +@@ -4494,7 +4401,7 @@ static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pro + return offset; + } + +-static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...) ++static int parse_CDbPropSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...) + { + int i, num; + e_guid_t guid; +@@ -4530,14 +4437,14 @@ static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + + for (i = 0; ivtype & 0x00FF)); + wmem_strbuf_t *strbuf; + +- DISSECTOR_ASSERT(vt_list_type != NULL); + offset = parse_CRowVariantArrayInfo(tvb, offset, tree, is_64bit, variant); + if (is_64bit) { + buf_offset = +@@ -5335,10 +5239,10 @@ static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, g + return offset; + } + +-static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, guint64 base_address, guint32 length _U_, gboolean is_64bit, struct CRowVariant *variant, const char *fmt, ...) ++static int parse_VariantCol(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, guint64 base_address, guint32 length _U_, gboolean is_64bit, struct CRowVariant *variant, const char *fmt, ...) + { + proto_tree *tree; +- proto_item *item; ++ proto_item *item, *ti_type; + + va_list ap; + struct vtype_data *vt_type; +@@ -5354,8 +5258,6 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + + variant->vtype = tvb_get_letohs(tvb, offset); + vt_type = vType_get_type((enum vType)variant->vtype); +- DISSECTOR_ASSERT(vt_type != NULL); +- + vtype_high = (variant->vtype & 0xFF00); + if (vtype_high) { + if (vtype_high == VT_VECTOR) { +@@ -5367,6 +5269,17 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + } + } + ++ if (vt_type == NULL) { ++ /* ++ * Not a valid type. ++ */ ++ ti_type = proto_tree_add_string(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, "Unknown variant column type"); ++ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type); ++ offset += 2; ++ ++ THROW_FORMATTED(ReportedBoundsError, "Unknown variant column type%s", modifier); ++ return offset; ++ } + proto_tree_add_string_format_value(tree, hf_mswsp_rowvariant_vtype, tvb, offset, 2, vt_type->str, "%s%s", vt_type->str, modifier); + offset += 2; + +@@ -5382,7 +5295,7 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + + if (vtype_high == VT_VECTOR || vtype_high == VT_ARRAY) { + offset = parse_VariantColVector(tvb, offset, tree, base_address, +- is_64bit, variant); ++ is_64bit, variant, vt_type); + } else { + wmem_strbuf_t *strbuf = wmem_strbuf_new(wmem_packet_scope(), ""); + if (size != -1) { +@@ -5421,7 +5334,7 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + return offset; + } + +-static int parse_RowsBufferCol(tvbuff_t *tvb, int offset, guint32 row, guint32 col, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean b_is_64bit, proto_tree *parent_tree, const char *fmt, ...) ++static int parse_RowsBufferCol(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 row, guint32 col, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean b_is_64bit, proto_tree *parent_tree, const char *fmt, ...) + { + proto_tree *tree; + proto_item *item; +@@ -5463,13 +5376,13 @@ static int parse_RowsBufferCol(tvbuff_t *tvb, int offset, guint32 row, guint32 c + len = tvb_get_letohs(tvb, buf_offset + pcol->lengthoffset) - pcol->valuesize; + } + if (pcol->vtype == VT_VARIANT) { +- parse_VariantCol(tvb, tmp_offset, tree, base_address, len, b_is_64bit, &variant, "CRowVariant"); ++ parse_VariantCol(tvb, pinfo, tmp_offset, tree, base_address, len, b_is_64bit, &variant, "CRowVariant"); + } + } + return offset; + } + +-static int parse_RowsBuffer(tvbuff_t *tvb, int offset, guint32 num_rows, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean is64bit, proto_tree *parent_tree, const char *fmt, ...) ++static int parse_RowsBuffer(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 num_rows, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean is64bit, proto_tree *parent_tree, const char *fmt, ...) + { + proto_tree *tree; + proto_item *item; +@@ -5488,7 +5401,7 @@ static int parse_RowsBuffer(tvbuff_t *tvb, int offset, guint32 num_rows, struct + proto_tree *row_tree; + row_tree = proto_tree_add_subtree_format(tree, tvb, offset, 0, ett_GetRowsRow, NULL, "Row[%d]", num); + for (col = 0; col < bindingsin->ccolumns; col++) { +- parse_RowsBufferCol(tvb, offset, num, col, bindingsin, rowsin, is64bit, row_tree, "Col[%d]", col); ++ parse_RowsBufferCol(tvb, pinfo, offset, num, col, bindingsin, rowsin, is64bit, row_tree, "Col[%d]", col); + } + } + return offset; +@@ -5557,11 +5470,11 @@ static int dissect_CPMConnect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *par + + offset = parse_padding(tvb, offset, 8, pad_tree, "_paddingcPropSets"); + +- offset = parse_PropertySetArray(tvb, offset, blob_size1_off, tree, pad_tree, "PropSets"); ++ offset = parse_PropertySetArray(tvb, pinfo, offset, blob_size1_off, tree, pad_tree, "PropSets"); + + offset = parse_padding(tvb, offset, 8, pad_tree, "paddingExtPropset"); + +- offset = parse_PropertySetArray(tvb, offset, blob_size2_off, tree, pad_tree, "ExtPropset"); ++ offset = parse_PropertySetArray(tvb, pinfo, offset, blob_size2_off, tree, pad_tree, "ExtPropset"); + + offset = parse_padding(tvb, offset, 8, pad_tree, "???"); + +@@ -5616,7 +5529,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree + offset += 1; + + if (CRestrictionPresent) { +- offset = parse_CRestrictionArray(tvb, offset, tree, pad_tree, "RestrictionArray"); ++ offset = parse_CRestrictionArray(tvb, pinfo, offset, tree, pad_tree, "RestrictionArray"); + } + + CSortSetPresent = tvb_get_guint8(tvb, offset); +@@ -5625,7 +5538,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree + + if (CSortSetPresent) { + offset = parse_padding(tvb, offset, 4, tree, "paddingCSortSetPresent"); +- offset = parse_CInGroupSortAggregSets(tvb, offset, tree, pad_tree, "GroupSortAggregSets"); ++ offset = parse_CInGroupSortAggregSets(tvb, pinfo, offset, tree, pad_tree, "GroupSortAggregSets"); + + } + +@@ -5641,7 +5554,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree + proto_tree_add_uint(tree, hf_mswsp_msg_cpmcreatequery_ccateg_count, tvb, offset, 4, count); + offset += 4; + for (i=0; icbreserved, pad_tree, + "paddingRows"); +- parse_RowsBuffer(tvb, offset, num_rows, bindingsin, rowsin, b_64bit_mode, tree, "Rows"); ++ parse_RowsBuffer(tvb, pinfo, offset, num_rows, bindingsin, rowsin, b_64bit_mode, tree, "Rows"); + } else { + gint nbytes = tvb_reported_length_remaining(tvb, offset); + proto_tree_add_expert_format(tree, pinfo, &ei_missing_msg_context, tvb, offset, nbytes, "Undissected %d bytes (due to missing preceding msg(s))", nbytes); +@@ -5950,7 +5863,7 @@ static int dissect_CPMSetBindings(tvbuff_t *tvb, packet_info *pinfo, proto_tree + sizeof(struct CTableColumn) * num); + for (n=0; n +Date: Fri, 9 Nov 2018 15:16:35 -0500 +Subject: [PATCH] MMSE: catch length overflows to avoid infinite loop. + +After fetching a length from the packet ensure those bytes exist to +avoid integer overflows by callers (while avoiding having to ensure +every caller checks for overflows). + +Also add a check to ensure the loop in question is progressing through +the TVB; report a dissector bug if it doesn't. + +Bug: 15250 +Change-Id: I9434bfe9d530942fd45342690383df2decacdba1 +Reviewed-on: https://code.wireshark.org/review/30560 +Petri-Dish: Jeff Morriss +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-mmse.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-mmse.c b/epan/dissectors/packet-mmse.c +index ffb4faa..1e3d13a 100644 +--- a/epan/dissectors/packet-mmse.c ++++ b/epan/dissectors/packet-mmse.c +@@ -487,6 +487,12 @@ get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count, packet_info *pi + field = tvb_get_guintvar(tvb, offset, byte_count, pinfo, &ei_mmse_oversized_uintvar); + (*byte_count)++; + } ++ ++ /* The packet says there are this many bytes; ensure they're there. ++ * We do this here because several callers do math on the length we ++ * return here and may not catch an overflow. ++ */ ++ tvb_ensure_bytes_exist(tvb, offset, field); + return field; + } + +@@ -689,7 +695,7 @@ static void + dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut, + const char *message_type) + { +- guint offset; ++ guint offset, old_offset; + guint8 field = 0; + const char *strval; + guint length; +@@ -711,6 +717,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut, + proto_tree_add_uint(mmse_tree, hf_mmse_message_type, tvb, 0, 2, pdut); + + offset = 2; /* Skip Message-Type */ ++ old_offset = 1; + + /* + * Cycle through MMS-headers +@@ -1209,6 +1216,11 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut, + break; + } + DebugLog(("\tEnd(case)\n")); ++ ++ if (offset <= old_offset) { ++ REPORT_DISSECTOR_BUG("Offset isn't increasing (offset=%u, old offset=%u)", offset, old_offset); ++ } ++ old_offset = offset; + } + + DebugLog(("\tEnd(switch)\n")); +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-19623.patch b/wireshark-CVE-2018-19623.patch new file mode 100644 index 0000000..e424ebb --- /dev/null +++ b/wireshark-CVE-2018-19623.patch @@ -0,0 +1,75 @@ +From 5797f602741a7505c18c2e0c505e963ca3349153 Mon Sep 17 00:00:00 2001 +From: Peter Wu +Date: Sun, 21 Oct 2018 15:10:57 +0200 +Subject: [PATCH] LBMPDM: fix heap-buffer-overflow (write) in + dissect_segment_ofstable + +id_list and ofs_list contain offsets read directly from the packet. +While the field type is FT_UINT32, it is somehow interpreted as signed +number. This means that ofs_table->offset_list[id_list[idx]]=... could +in fact result in an arbitrary write before "ofs_table->offset_list" due +to id_list[idx] being negative. + +Another way for id_list[idx] to remain negative (-1) is for the loop to +terminate before all "field_count" elements are set. Thus, remove the +"datalen_remaining >= L_LBMPDM_OFFSET_ENTRY_T" check, if the offset is +invalid the proto_tree_add_item accessors will throw an exception. + +Fixes the crash in the linked bug. Regression tested against the 8 +capture files from bug 9718, its dissection results are still the same. + +Bug: 15132 +Change-Id: If5d2f11ee47578acb80bc43ba7ed16adb27e0c02 +Fixes: v1.11.3-rc1-2270-g2f4ca9c8d9 ("Initial checkin of LBM aka 29West dissectors. See Bug 9718.") +Reviewed-on: https://code.wireshark.org/review/30300 +Petri-Dish: Peter Wu +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-lbmpdm.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/epan/dissectors/packet-lbmpdm.c b/epan/dissectors/packet-lbmpdm.c +index a875c8c..6b42e50 100644 +--- a/epan/dissectors/packet-lbmpdm.c ++++ b/epan/dissectors/packet-lbmpdm.c +@@ -12,6 +12,7 @@ + + #include "config.h" + #include ++#include + #include "packet-lbm.h" + + /* Magic number for message header to check if data is big-endian or little-endian. */ +@@ -792,7 +793,6 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi + proto_tree * subtree = NULL; + int datalen = 0; + int seglen = 0; +- int datalen_remaining = 0; + int ofs = 0; + int field_count = 0; + int idx; +@@ -817,9 +817,8 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi + id_list[idx] = -1; + ofs_list[idx] = -1; + } +- datalen_remaining = datalen; + ofs = offset + L_LBMPDM_SEG_HDR_T; +- for (idx = 0; (idx < field_count) && (datalen_remaining >= L_LBMPDM_OFFSET_ENTRY_T); idx++, ofs += L_LBMPDM_OFFSET_ENTRY_T) ++ for (idx = 0; idx < field_count; idx++, ofs += L_LBMPDM_OFFSET_ENTRY_T) + { + proto_item * offset_item = NULL; + proto_tree * offset_tree = NULL; +@@ -830,6 +829,9 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi + id_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding); + proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_offset, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, L_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding); + ofs_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding); ++ if (id_list[idx] < 0 || ofs_list[idx] < 0) { ++ THROW(ReportedBoundsError); ++ } + if (id_list[idx] > max_index) + { + max_index = id_list[idx]; +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-19624.patch b/wireshark-CVE-2018-19624.patch new file mode 100644 index 0000000..36f2de1 --- /dev/null +++ b/wireshark-CVE-2018-19624.patch @@ -0,0 +1,38 @@ +From a8c93de0b0130ed5f4aab59338372783054898ea Mon Sep 17 00:00:00 2001 +From: Gerald Combs +Date: Tue, 27 Nov 2018 12:23:31 -0800 +Subject: [PATCH] pvfs2: Add a pointer check. + +Make sure a pointer isn't NULL before trying to dereference it. + +Bug: 15280 +Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4 +Reviewed-on: https://code.wireshark.org/review/30807 +Reviewed-by: Gerald Combs +Petri-Dish: Gerald Combs +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-pvfs2.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/epan/dissectors/packet-pvfs2.c b/epan/dissectors/packet-pvfs2.c +index e2b61be..1c1012c 100644 +--- a/epan/dissectors/packet-pvfs2.c ++++ b/epan/dissectors/packet-pvfs2.c +@@ -2314,6 +2314,12 @@ dissect_pvfs2_getconfig_response(tvbuff_t *tvb, proto_tree *parent_tree, + /* Get pointer to server config data */ + ptr = tvb_get_ptr(tvb, offset, total_config_bytes); + ++ if (!ptr) ++ { ++ /* Not enough data. Bail out. */ ++ return offset; ++ } ++ + /* Check if all data is available */ + length_remaining = tvb_captured_length_remaining(tvb, offset); + +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-19625.patch b/wireshark-CVE-2018-19625.patch new file mode 100644 index 0000000..9211f0b --- /dev/null +++ b/wireshark-CVE-2018-19625.patch @@ -0,0 +1,51 @@ +From ec5adb0ce98c37c8119feb972a5207e0e1721d9b Mon Sep 17 00:00:00 2001 +From: Peter Wu +Date: Thu, 11 Oct 2018 00:02:26 +0200 +Subject: [PATCH] tvbuff_composite: fix buffer overflow due to wrong offset + adjustment + +The tvb_offset method should return the offset of the buffer within the +backing tvb (ds_tvb). The currently returned non-zero offset is valid +for tvbuff_subset.c, but not for the composite TVB. The backing tvb is +the tvb itself, so the offset should be zero (or "counter" for +consistency with tvbuff_real.c and others). + +This bug is observable with the capture from the bug. In tshark, the +data field in the PDML output has value "field length invalid!" and the +position attribute ("pos") is too large. With the -V option it even +crashes with a buffer overflow (read). In the GUI, the bytes tab shows +range 3199-19642 even if the data source is only 16444 bytes while the +selection should have been 0-16443. + +Bug: 14466 +Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679 +Reviewed-on: https://code.wireshark.org/review/30124 +Petri-Dish: Peter Wu +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/tvbuff_composite.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/epan/tvbuff_composite.c b/epan/tvbuff_composite.c +index f77aace..53cdbca 100644 +--- a/epan/tvbuff_composite.c ++++ b/epan/tvbuff_composite.c +@@ -51,12 +51,9 @@ composite_free(tvbuff_t *tvb) + } + + static guint +-composite_offset(const tvbuff_t *tvb, const guint counter) ++composite_offset(const tvbuff_t *tvb _U_, const guint counter) + { +- const struct tvb_composite *composite_tvb = (const struct tvb_composite *) tvb; +- const tvbuff_t *member = (const tvbuff_t *)composite_tvb->composite.tvbs->data; +- +- return tvb_offset_from_real_beginning_counter(member, counter); ++ return counter; + } + + static const guint8* +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-19626.patch b/wireshark-CVE-2018-19626.patch new file mode 100644 index 0000000..fb72510 --- /dev/null +++ b/wireshark-CVE-2018-19626.patch @@ -0,0 +1,38 @@ +From ec6ace066ae4c889d4c18a0a38a8c6053483877b Mon Sep 17 00:00:00 2001 +From: Peter Wu +Date: Thu, 11 Oct 2018 13:04:03 +0200 +Subject: [PATCH] DCOM: always NUL-terminate dissect_dcom_BSTR results + +All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect +the string to be NUL-terminated, so ensure this to avoid reading +uninitialized memory for the Info column. + +Bug: 15130 +Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40 +Reviewed-on: https://code.wireshark.org/review/30128 +Petri-Dish: Peter Wu +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-dcom.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c +index d12216a..79cf6a6 100644 +--- a/epan/dissectors/packet-dcom.c ++++ b/epan/dissectors/packet-dcom.c +@@ -1725,8 +1725,10 @@ dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo, + offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, + &u32ArraySize); + +- if ((guint32)offset + u32ArraySize*2 > G_MAXINT) ++ if ((guint32)offset + u32ArraySize*2 > G_MAXINT) { ++ pszStr[0] = 0; + return offset; ++ } + + realOffset = offset + u32ArraySize*2; + +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-19627.patch b/wireshark-CVE-2018-19627.patch new file mode 100644 index 0000000..bdc0dde --- /dev/null +++ b/wireshark-CVE-2018-19627.patch @@ -0,0 +1,38 @@ +From 332df929a9966fda2cd3aa30a5a107e5b2bfa360 Mon Sep 17 00:00:00 2001 +From: Gerald Combs +Date: Tue, 27 Nov 2018 13:38:10 -0800 +Subject: [PATCH] IxVeriWave: Fix a buffer boundary. + +Pass the correct buffer size to find_signature so that we don't read +past it. + +Bug: 15279 +Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404 +Reviewed-on: https://code.wireshark.org/review/30809 +Petri-Dish: Gerald Combs +Tested-by: Petri Dish Buildbot +Reviewed-by: Gerald Combs +--- + wiretap/vwr.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/wiretap/vwr.c b/wiretap/vwr.c +index d5b93fa..1e01add 100644 +--- a/wiretap/vwr.c ++++ b/wiretap/vwr.c +@@ -2142,9 +2142,10 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, wtap_rec *record, + end_time = e_time / NS_IN_US; /* convert to microseconds first */ + + /* extract the 32 LSBs of the signature timestamp field */ +- m_ptr = &(rec[stats_offset+8+12]); ++ int m_ptr_offset = stats_offset + 8 + 12; ++ m_ptr = rec + m_ptr_offset; + pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */ +- sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq); ++ sig_off = find_signature(m_ptr, rec_size - m_ptr_offset, pay_off, flow_id, flow_seq); + if (m_ptr[sig_off] == 0xdd) + sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN); + else +-- +1.7.12.4 + diff --git a/wireshark-CVE-2018-19628.patch b/wireshark-CVE-2018-19628.patch new file mode 100644 index 0000000..4717d23 --- /dev/null +++ b/wireshark-CVE-2018-19628.patch @@ -0,0 +1,38 @@ +From d53ff85d409367ee6538326147c8bb545bd4adb3 Mon Sep 17 00:00:00 2001 +From: Gerald Combs +Date: Tue, 27 Nov 2018 12:06:47 -0800 +Subject: [PATCH] ZigBee ZCL: Fix a divide-by-zero. + +Fix a divide-by-zero in decode_color_temperature. + +Bug: 15281 +Change-Id: I9460ffc85f6fe6b954c1810c3a80588c1aa4fec2 +Reviewed-on: https://code.wireshark.org/review/30806 +Reviewed-by: Gerald Combs +Petri-Dish: Gerald Combs +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/packet-zbee-zcl-lighting.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-zbee-zcl-lighting.c b/epan/dissectors/packet-zbee-zcl-lighting.c +index 4a4fc5c..b68a003 100644 +--- a/epan/dissectors/packet-zbee-zcl-lighting.c ++++ b/epan/dissectors/packet-zbee-zcl-lighting.c +@@ -879,7 +879,11 @@ decode_color_xy(gchar *s, guint16 value) + static void + decode_color_temperature(gchar *s, guint16 value) + { +- g_snprintf(s, ITEM_LABEL_LENGTH, "%d [Mired] (%d [K])", value, 1000000/value); ++ if (value == 0) { ++ g_snprintf(s, ITEM_LABEL_LENGTH, "%u [Mired]", value); ++ } else { ++ g_snprintf(s, ITEM_LABEL_LENGTH, "%u [Mired] (%u [K])", value, 1000000/value); ++ } + return; + } /*decode_power_conf_voltage*/ + +-- +1.7.12.4 + diff --git a/wireshark-CVE-2019-5718.patch b/wireshark-CVE-2019-5718.patch new file mode 100644 index 0000000..74aad07 --- /dev/null +++ b/wireshark-CVE-2019-5718.patch @@ -0,0 +1,30 @@ +From cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1 Mon Sep 17 00:00:00 2001 +From: Gerald Combs +Date: Mon, 7 Jan 2019 14:41:29 -0800 +Subject: [PATCH] epan: Add a boundary check to get_t61_string. + +Add a boundary check to make sure we don't go past the end of "ptr". + +Bug: 15373 +Change-Id: I85394e8e6e477b47919362af146051cc8911254b +Reviewed-on: https://code.wireshark.org/review/31440 +Reviewed-by: Gerald Combs +--- + epan/charsets.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/charsets.c b/epan/charsets.c +index 7f298fd..ebeb2dc 100644 +--- a/epan/charsets.c ++++ b/epan/charsets.c +@@ -1382,7 +1382,7 @@ get_t61_string(wmem_allocator_t *scope, const guint8 *ptr, gint length) + for (i = 0, c = ptr; i < length; c++, i++) { + if (!t61_tab[*c]) { + wmem_strbuf_append_unichar(strbuf, UNREPL); +- } else if ((*c & 0xf0) == 0xc0) { ++ } else if (i < length - 1 && (*c & 0xf0) == 0xc0) { + gint j = *c & 0x0f; + /* If this is the end of the string, or if the base + * character is just a space, treat this as a regular +-- +2.7.4 diff --git a/wireshark-CVE-2019-9208.patch b/wireshark-CVE-2019-9208.patch new file mode 100644 index 0000000..71b61a8 --- /dev/null +++ b/wireshark-CVE-2019-9208.patch @@ -0,0 +1,215 @@ +From 34873a20eb489562098c5a58085ae783f869525c Mon Sep 17 00:00:00 2001 +From: Dario Lombardo +Date: Thu, 31 Jan 2019 15:40:24 +0100 +Subject: [PATCH] tcap: check p_tcap_private before dereferencing. + +This caused a NULL pointer dereference on ASAN builds with +malformed packets. + +AddressSanitizer:DEADLYSIGNAL +================================================================= +==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0) +==15485==The signal is caused by a WRITE memory access. +==15485==Hint: address points to the zero page. + #0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf + #1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17 + +Bug: 15464 +Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94 +Reviewed-on: https://code.wireshark.org/review/31840 +Reviewed-by: Pascal Quantin +Petri-Dish: Pascal Quantin +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman +--- + epan/dissectors/asn1/tcap/tcap.cnf | 24 +++++++++++++++-------- + epan/dissectors/packet-tcap.c | 40 +++++++++++++++++++++++--------------- + 2 files changed, 40 insertions(+), 24 deletions(-) + +diff --git a/epan/dissectors/asn1/tcap/tcap.cnf b/epan/dissectors/asn1/tcap/tcap.cnf +index a41be09..0507f71 100644 +--- a/epan/dissectors/asn1/tcap/tcap.cnf ++++ b/epan/dissectors/asn1/tcap/tcap.cnf +@@ -115,20 +115,26 @@ ABRT-apdu/_untag/user-information abrt_user_information + #.FN_BODY AUDT-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid + struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr; + %(DEFAULT_BODY)s +- p_tcap_private->oid= (const void*) cur_oid; +- p_tcap_private->acv=TRUE; ++ if (p_tcap_private) { ++ p_tcap_private->oid= (const void*) cur_oid; ++ p_tcap_private->acv=TRUE; ++ } + #---------------------------------------------------------------------------------------- + #.FN_BODY AARQ-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid + struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr; + %(DEFAULT_BODY)s +- p_tcap_private->oid= (const void*) cur_oid; +- p_tcap_private->acv=TRUE; ++ if (p_tcap_private) { ++ p_tcap_private->oid= (const void*) cur_oid; ++ p_tcap_private->acv=TRUE; ++ } + #---------------------------------------------------------------------------------------- + #.FN_BODY AARE-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid + struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr; + %(DEFAULT_BODY)s +- p_tcap_private->oid= (const void*) cur_oid; +- p_tcap_private->acv=TRUE; ++ if (p_tcap_private) { ++ p_tcap_private->oid= (const void*) cur_oid; ++ p_tcap_private->acv=TRUE; ++ } + #---------------------------------------------------------------------------------------- + #.FN_BODY OrigTransactionID + tvbuff_t *parameter_tvb; +@@ -166,7 +172,8 @@ ABRT-apdu/_untag/user-information abrt_user_information + gp_tcapsrt_info->src_tid=0; + break; + } +- p_tcap_private->src_tid = gp_tcapsrt_info->src_tid; ++ if (p_tcap_private) ++ p_tcap_private->src_tid = gp_tcapsrt_info->src_tid; + + if (len) { + col_append_str(actx->pinfo->cinfo, COL_INFO, "otid("); +@@ -214,7 +221,8 @@ ABRT-apdu/_untag/user-information abrt_user_information + gp_tcapsrt_info->dst_tid=0; + break; + } +- p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid; ++ if (p_tcap_private) ++ p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid; + + if (len) { + col_append_str(actx->pinfo->cinfo, COL_INFO, "dtid("); +diff --git a/epan/dissectors/packet-tcap.c b/epan/dissectors/packet-tcap.c +index 2c1fe4a..fb8d2e7 100644 +--- a/epan/dissectors/packet-tcap.c ++++ b/epan/dissectors/packet-tcap.c +@@ -743,7 +743,7 @@ dissect_tcap_OCTET_STRING_SIZE_1_4(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, + + static int + dissect_tcap_OrigTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 134 "./asn1/tcap/tcap.cnf" ++#line 140 "./asn1/tcap/tcap.cnf" + tvbuff_t *parameter_tvb; + guint8 len, i; + proto_tree *subtree; +@@ -781,7 +781,8 @@ dissect_tcap_OrigTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int + gp_tcapsrt_info->src_tid=0; + break; + } +- p_tcap_private->src_tid = gp_tcapsrt_info->src_tid; ++ if (p_tcap_private) ++ p_tcap_private->src_tid = gp_tcapsrt_info->src_tid; + + if (len) { + col_append_str(actx->pinfo->cinfo, COL_INFO, "otid("); +@@ -807,7 +808,7 @@ static const ber_sequence_t Begin_sequence[] = { + + static int + dissect_tcap_Begin(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 228 "./asn1/tcap/tcap.cnf" ++#line 236 "./asn1/tcap/tcap.cnf" + gp_tcapsrt_info->ope=TC_BEGIN; + + /* Do not change col_add_str() to col_append_str() here: we _want_ this call +@@ -829,7 +830,7 @@ gp_tcapsrt_info->ope=TC_BEGIN; + + static int + dissect_tcap_DestTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 182 "./asn1/tcap/tcap.cnf" ++#line 189 "./asn1/tcap/tcap.cnf" + tvbuff_t *parameter_tvb; + guint8 len , i; + proto_tree *subtree; +@@ -867,7 +868,8 @@ dissect_tcap_DestTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int + gp_tcapsrt_info->dst_tid=0; + break; + } +- p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid; ++ if (p_tcap_private) ++ p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid; + + if (len) { + col_append_str(actx->pinfo->cinfo, COL_INFO, "dtid("); +@@ -892,7 +894,7 @@ static const ber_sequence_t End_sequence[] = { + + static int + dissect_tcap_End(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 242 "./asn1/tcap/tcap.cnf" ++#line 250 "./asn1/tcap/tcap.cnf" + gp_tcapsrt_info->ope=TC_END; + + col_set_str(actx->pinfo->cinfo, COL_INFO, "End "); +@@ -914,7 +916,7 @@ static const ber_sequence_t Continue_sequence[] = { + + static int + dissect_tcap_Continue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 249 "./asn1/tcap/tcap.cnf" ++#line 257 "./asn1/tcap/tcap.cnf" + gp_tcapsrt_info->ope=TC_CONT; + + col_set_str(actx->pinfo->cinfo, COL_INFO, "Continue "); +@@ -985,7 +987,7 @@ static const ber_sequence_t Abort_sequence[] = { + + static int + dissect_tcap_Abort(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 256 "./asn1/tcap/tcap.cnf" ++#line 264 "./asn1/tcap/tcap.cnf" + gp_tcapsrt_info->ope=TC_ABORT; + + col_set_str(actx->pinfo->cinfo, COL_INFO, "Abort "); +@@ -1038,8 +1040,10 @@ dissect_tcap_AUDT_application_context_name(gboolean implicit_tag _U_, tvbuff_t * + struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr; + offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid); + +- p_tcap_private->oid= (const void*) cur_oid; +- p_tcap_private->acv=TRUE; ++ if (p_tcap_private) { ++ p_tcap_private->oid= (const void*) cur_oid; ++ p_tcap_private->acv=TRUE; ++ } + + + return offset; +@@ -1132,12 +1136,14 @@ dissect_tcap_AARQ_protocol_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, + + static int + dissect_tcap_AARQ_application_context_name(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 122 "./asn1/tcap/tcap.cnf" ++#line 124 "./asn1/tcap/tcap.cnf" + struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr; + offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid); + +- p_tcap_private->oid= (const void*) cur_oid; +- p_tcap_private->acv=TRUE; ++ if (p_tcap_private) { ++ p_tcap_private->oid= (const void*) cur_oid; ++ p_tcap_private->acv=TRUE; ++ } + + + return offset; +@@ -1201,12 +1207,14 @@ dissect_tcap_AARE_protocol_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, + + static int + dissect_tcap_AARE_application_context_name(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 128 "./asn1/tcap/tcap.cnf" ++#line 132 "./asn1/tcap/tcap.cnf" + struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr; + offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid); + +- p_tcap_private->oid= (const void*) cur_oid; +- p_tcap_private->acv=TRUE; ++ if (p_tcap_private) { ++ p_tcap_private->oid= (const void*) cur_oid; ++ p_tcap_private->acv=TRUE; ++ } + + + return offset; +-- +1.7.12.4 + diff --git a/wireshark-CVE-2019-9209.patch b/wireshark-CVE-2019-9209.patch new file mode 100644 index 0000000..17af07b --- /dev/null +++ b/wireshark-CVE-2019-9209.patch @@ -0,0 +1,48 @@ +From 3cd5ac36e20d56a43e002b926aec3b99488c85a1 Mon Sep 17 00:00:00 2001 +From: Dario Lombardo +Date: Sat, 26 Jan 2019 17:10:53 +0100 +Subject: [PATCH] BER: don't use invalid time offsets. + +4 digits values could overflow the destination buffer. Skip them +since they're invalid and can only from tainted data. + +Bug: 15447 +Change-Id: Ice6d4f144597499483160ecaa63702025ab86f61 +Reviewed-on: https://code.wireshark.org/review/31751 +Petri-Dish: Peter Wu +Tested-by: Petri Dish Buildbot +Reviewed-by: Peter Wu +--- + epan/dissectors/packet-ber.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c +index 93291d2..925d4c1 100644 +--- a/epan/dissectors/packet-ber.c ++++ b/epan/dissectors/packet-ber.c +@@ -3658,7 +3658,7 @@ dissect_ber_GeneralizedTime(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree + + first_delim[0] = 0; + second_delim[0] = 0; +- ret = sscanf( tmpstr, "%14d%1[.,+-Z]%4d%1[+-Z]%4d", &tmp_int, first_delim, &first_digits, second_delim, &second_digits); ++ ret = sscanf(tmpstr, "%14d%1[.,+-Z]%4d%1[+-Z]%4d", &tmp_int, first_delim, &first_digits, second_delim, &second_digits); + /* tmp_int does not contain valid value because of overflow but we use it just for format checking */ + if (ret < 1) { + /* Nothing matched */ +@@ -3684,9 +3684,11 @@ dissect_ber_GeneralizedTime(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree + /* + * Fraction of a minute or an hour. + */ +- if (ret == 2) { ++ if (ret == 2 || first_digits < 0 || first_digits > 999) { + /* +- * We saw the decimal sign, but didn't see the fraction. ++ * We saw the decimal sign, but didn't see the fraction ++ * or ++ * we got a number outside the valid range. + */ + goto invalid; + } +-- +1.7.12.4 + diff --git a/wireshark.spec b/wireshark.spec new file mode 100644 index 0000000..64ff2ef --- /dev/null +++ b/wireshark.spec @@ -0,0 +1,147 @@ +Name: wireshark +Version: 2.6.2 +Release: 3 +Epoch: 1 +Summary: Network traffic analyzer +License: GPL+ +URL: http://www.wireshark.org/ +Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz +Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt +Source2: 90-wireshark-usbmon.rules + +Patch0001: wireshark-0002-Customize-permission-denied-error.patch +Patch0002: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch +Patch0003: wireshark-0004-Restore-Fedora-specific-groups.patch +Patch0004: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch +Patch0005: wireshark-0006-Move-tmp-to-var-tmp.patch +Patch0006: wireshark-0007-cmakelists.patch + +Patch6000: wireshark-CVE-2018-16057.patch +Patch6001: wireshark-CVE-2018-16058.patch +Patch6002: wireshark-CVE-2018-18225.patch +Patch6003: wireshark-CVE-2018-18226.patch +Patch6004: wireshark-CVE-2018-18227.patch +Patch6005: wireshark-CVE-2018-19622.patch +Patch6006: Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch +Patch6007: wireshark-CVE-2018-19623.patch +Patch6008: wireshark-CVE-2018-19624.patch +Patch6009: wireshark-CVE-2018-19625.patch +Patch6010: wireshark-CVE-2018-19626.patch +Patch6011: wireshark-CVE-2018-19627.patch +Patch6012: wireshark-CVE-2018-19628.patch +Patch6013: wireshark-CVE-2019-9208.patch +Patch6014: wireshark-CVE-2019-9209.patch +Patch6015: wireshark-CVE-2019-5718.patch + +Requires(pre): shadow-utils +Requires(post): systemd-udev +Requires: %{name}-cli = %{epoch}:%{version}-%{release} xdg-utils hicolor-icon-theme +BuildRequires: bzip2-devel c-ares-devel elfutils-devel gcc-c++ glib2-devel gnutls-devel gtk3-devel krb5-devel libcap-devel +BuildRequires: libgcrypt-devel libnl3-devel libpcap-devel >= 0.9 libselinux-devel libsmi-devel openssl-devel desktop-file-utils +BuildRequires: xdg-utils bison flex pcre-devel perl(Pod::Html) perl(Pod::Man) libssh-devel qt5-linguist qt5-qtbase-devel +BuildRequires: qt5-qtmultimedia-devel qt5-qtsvg-devel zlib-devel git cmake +Provides: %{name}-cli = %{epoch}:%{version}-%{release} +Obsoletes: %{name}-cli < %{epoch}:%{version}-%{release} wireshark-qt wireshark-gtk + +%description +Wireshark is an open source tool for profiling network traffic and analyzing +packets. Such a tool is often referred to as a network analyzer, network +protocol analyzer or sniffer. + +Wireshark, formerly known as Ethereal, can be used to examine the details of +traffic at a variety of levels ranging from connection-level information to +the bits that make up a single packet. Packet capture can provide a network +administrator with information about individual packets such as transmit time, +source, destination, protocol type and header data. This information can be +useful for evaluating security events and troubleshooting network security +device issues. + +%package devel +Summary: Development headers and libraries for wireshark +Requires: %{name} = %{epoch}:%{version}-%{release} glibc-devel glib2-devel + +%description devel +The wireshark-devel package includes header files and libraries necessary +for the wireshark library. + +%package help +Summary: This package contains help documents +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description help +Files for help with wireshark. + +%prep +%autosetup -n %{name}-%{version} -S git -p1 + +%build +%cmake -G "Unix Makefiles" -DDISABLE_WERROR=ON -DBUILD_wireshark=ON -DENABLE_QT5=ON -DENABLE_LUA=OFF \ +-DBUILD_mmdbresolve=OFF -DBUILD_randpktdump=OFF -DBUILD_androiddump=OFF -DENABLE_SMI=ON -DENABLE_PORTAUDIO=OFF \ +-DENABLE_PLUGINS=ON -DENABLE_NETLINK=ON -DBUILD_dcerpcidl2wrs=OFF +%make_build + +%install +%make_install +desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop +install -d -m 0755 %{buildroot}%{_includedir}/wireshark +IDIR="%{buildroot}%{_includedir}/wireshark" +install -d "${IDIR}/epan/crypt" "${IDIR}/epan/ftypes" "${IDIR}/epan/dfilter" "${IDIR}/epan/dissectors" +install -d "${IDIR}/epan/wmem" "${IDIR}/wiretap" "${IDIR}/wsutil" +install -d %{buildroot}%{_udevrulesdir} +install -m 644 config.h epan/register.h cfile.h file.h ws_symbol_export.h ws_diag_control.h "${IDIR}/" +install -m 644 epan/*.h "${IDIR}/epan/" +install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt" +install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes" +install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter" +install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors" +install -m 644 epan/wmem/*.h "${IDIR}/epan/wmem" +install -m 644 wiretap/*.h "${IDIR}/wiretap" +install -m 644 wsutil/*.h "${IDIR}/wsutil" +install -m 644 %{SOURCE2} %{buildroot}%{_udevrulesdir} +touch %{buildroot}%{_bindir}/%{name} +%delete_la + +%pre +getent group wireshark >/dev/null || groupadd -r wireshark +getent group usbmon >/dev/null || groupadd -r usbmon + +%post +/sbin/ldconfig +/usr/bin/udevadm trigger --subsystem-match=usbmon + +%postun +/sbin/ldconfig + +%files +%{_datadir}/appdata/%{name}.appdata.xml +%{_datadir}/applications/wireshark.desktop +%{_datadir}/icons/hicolor/*/apps/* +%{_datadir}/icons/hicolor/*/mimetypes/* +%{_datadir}/mime/packages/wireshark.xml +%doc COPYING +%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap +%{_bindir}/* +%{_udevrulesdir}/90-wireshark-usbmon.rules +%{_libdir}/lib*.so.* +%{_libdir}/wireshark/extcap/* +%{_libdir}/wireshark/*.cmake +%{_libdir}/wireshark/plugins/2.6/epan/*.so +%{_libdir}/wireshark/plugins/2.6/wiretap/*.so +%{_libdir}/wireshark/plugins/2.6/codecs/*.so +%{_datadir}/wireshark/* + +%files devel +%{_includedir}/wireshark +%{_libdir}/lib*.so +%{_libdir}/pkgconfig/%{name}.pc + +%files help +%doc AUTHORS INSTALL NEWS README* doc/README.* ChangeLog +%{_mandir}/man?/* + +%changelog +* Mon Nov 25 2019 gulining - 2.6.2-3 +- revise obsoletes + +* Tue Nov 13 2019 gulining - 2.6.2-2 +- Pakcage init