packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wireshark:openEuler init

Browse Source
This commit is contained in:
gu-gu-gu 2019-12-02 20:44:06 +08:00
commit 2cdf36b8a8
27 changed files with 2523 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
90-wireshark-usbmon.rules Normal file
View File

@ -0,0 +1 @@
SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="640"

218
Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch Normal file
View File

@ -0,0 +1,218 @@
From d477e9a935aadd5f4c740511009454a2c26e1e7b Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Tue, 10 Apr 2018 03:05:20 -0700
Subject: [PATCH] Replace lbmpdm_fetch_uintN_encoded() with tvb_get_guintN().
They do the same thing.
Change-Id: I0ff800efca9e6812ae416677023c955869bbc0cc
Reviewed-on: https://code.wireshark.org/review/26850
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
epan/dissectors/packet-lbmpdm.c | 85 ++++++++++-------------------------------
1 file changed, 20 insertions(+), 65 deletions(-)
diff --git a/epan/dissectors/packet-lbmpdm.c b/epan/dissectors/packet-lbmpdm.c
index 0df5932..70bb649 100644
--- a/epan/dissectors/packet-lbmpdm.c
+++ b/epan/dissectors/packet-lbmpdm.c
@@ -454,57 +454,12 @@ static const value_string lbmpdm_field_fixed_length[] =
{ 0x0, NULL }
};
-static guint64 lbmpdm_fetch_uint64_encoded(tvbuff_t * tvb, int offset, int encoding)
-{
- guint64 value = 0;
-
- if (encoding == ENC_BIG_ENDIAN)
- {
- value = tvb_get_ntoh64(tvb, offset);
- }
- else
- {
- value = tvb_get_letoh64(tvb, offset);
- }
- return (value);
-}
-
-static guint32 lbmpdm_fetch_uint32_encoded(tvbuff_t * tvb, int offset, int encoding)
-{
- guint32 value = 0;
-
- if (encoding == ENC_BIG_ENDIAN)
- {
- value = tvb_get_ntohl(tvb, offset);
- }
- else
- {
- value = tvb_get_letohl(tvb, offset);
- }
- return (value);
-}
-
-static guint16 lbmpdm_fetch_uint16_encoded(tvbuff_t * tvb, int offset, int encoding)
-{
- guint16 value = 0;
-
- if (encoding == ENC_BIG_ENDIAN)
- {
- value = tvb_get_ntohs(tvb, offset);
- }
- else
- {
- value = tvb_get_letohs(tvb, offset);
- }
- return (value);
-}
-
static int lbmpdm_get_segment_length(tvbuff_t * tvb, int offset, int encoding, int * data_length)
{
guint32 datalen = 0;
int seglen = 0;
- datalen = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, encoding);
+ datalen = tvb_get_guint32(tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, encoding);
seglen = ((int)datalen) + L_LBMPDM_SEG_HDR_T;
*data_length = (int) datalen;
return (seglen);
@@ -629,7 +584,7 @@ static void dissect_field_value(tvbuff_t * tvb, int offset, proto_tree * tree, g
gint8 shift_count;
exponent = (gint8)tvb_get_guint8(tvb, offset);
- mantissa = (gint64)lbmpdm_fetch_uint64_encoded(tvb, offset + 1, encoding);
+ mantissa = (gint64)tvb_get_guint64(tvb, offset + 1, encoding);
if (exponent >= 0)
{
whole = mantissa;
@@ -676,8 +631,8 @@ static void dissect_field_value(tvbuff_t * tvb, int offset, proto_tree * tree, g
{
nstime_t timestamp;
- timestamp.secs = (time_t)lbmpdm_fetch_uint32_encoded(tvb, offset, encoding);
- timestamp.nsecs = (int)(lbmpdm_fetch_uint32_encoded(tvb, offset + 4, encoding) * 1000);
+ timestamp.secs = (time_t)tvb_get_guint32(tvb, offset, encoding);
+ timestamp.nsecs = (int)(tvb_get_guint32(tvb, offset + 4, encoding) * 1000);
proto_tree_add_time(tree, hf_lbmpdm_field_value_timestamp, tvb, offset, field_length, &timestamp);
}
break;
@@ -755,7 +710,7 @@ static int dissect_field(tvbuff_t * tvb, int offset, proto_tree * tree, lbmpdm_d
if (field->fixed == PDM_DEFN_VARIABLE_LENGTH_FIELD)
{
proto_tree_add_item(field_tree, hf_lbmpdm_field_length, tvb, ofs, 4, encoding);
- value_len = lbmpdm_fetch_uint32_encoded(tvb, ofs, encoding);
+ value_len = tvb_get_guint32(tvb, ofs, encoding);
field_len = value_len + 4;
value_offset += 4;
}
@@ -872,9 +827,9 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
offset_item = proto_tree_add_item(subtree, hf_lbmpdm_offset_entry, tvb, ofs, L_LBMPDM_OFFSET_ENTRY_T, ENC_NA);
offset_tree = proto_item_add_subtree(offset_item, ett_lbmpdm_offset_entry);
proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_id, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, L_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
- id_list[idx] = (gint32)lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
+ id_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_offset, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, L_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
- ofs_list[idx] = (gint32)lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
+ ofs_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
if (id_list[idx] > max_index)
{
max_index = id_list[idx];
@@ -936,7 +891,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
proto_tree_add_item(subtree, hf_lbmpdm_segment_len, tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, L_LBMPDM_SEG_HDR_T_LEN, encoding);
ofs = offset + L_LBMPDM_SEG_HDR_T;
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_id, tvb, ofs + O_LBMPDM_DEFN_T_ID, L_LBMPDM_DEFN_T_ID, encoding);
- def_id = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_ID, encoding);
+ def_id = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_ID, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_num_fields, tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, L_LBMPDM_DEFN_T_NUM_FIELDS, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_field_names_type, tvb, ofs + O_LBMPDM_DEFN_T_FIELD_NAMES_TYPE, L_LBMPDM_DEFN_T_FIELD_NAMES_TYPE, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_finalized, tvb, ofs + O_LBMPDM_DEFN_T_FINALIZED, L_LBMPDM_DEFN_T_FINALIZED, encoding);
@@ -950,7 +905,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
{
string_field_name = TRUE;
}
- num_fields = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, encoding);
+ num_fields = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, encoding);
if (add_definition)
{
def = lbmpdm_definition_find(channel, def_id, vers_major, vers_minor);
@@ -959,7 +914,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
def = lbmpdm_definition_add(channel, def_id, vers_major, vers_minor);
def->num_fields = num_fields;
def->field_names_type = tvb_get_guint8(tvb, ofs + O_LBMPDM_DEFN_T_FIELD_NAMES_TYPE);
- def->fixed_req_section_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_FIXED_REQ_SECTION_LEN, encoding);
+ def->fixed_req_section_len = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_FIXED_REQ_SECTION_LEN, encoding);
def->first_fixed_required = NULL;
def->fixed_required_count = 0;
}
@@ -978,7 +933,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
if (string_field_name)
{
- def_len = lbmpdm_fetch_uint32_encoded(tvb, ofs, encoding) + 4;
+ def_len = tvb_get_guint32(tvb, ofs, encoding) + 4;
}
field_item = proto_tree_add_item(subtree, hf_lbmpdm_segment_def_field, tvb, ofs, def_len, ENC_NA);
field_tree = proto_item_add_subtree(field_item, ett_lbmpdm_segment_def_field);
@@ -998,7 +953,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
proto_tree_add_item(field_tree, hf_lbmpdm_segment_def_field_str_name_len, tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, L_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding);
if (string_field_name)
{
- string_name_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding);
+ string_name_len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding);
if (string_name_len > 0)
{
string_name_ofs = ofs + def_ofs + L_LBMPDM_FIELD_INFO_T;
@@ -1012,19 +967,19 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
lbmpdm_definition_field_t * field = NULL;
guint32 field_id;
- field_id = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_ID, encoding);
+ field_id = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_ID, encoding);
field = lbmpdm_definition_field_find(def, field_id);
if (field == NULL)
{
field = lbmpdm_definition_field_add(def, field_id);
if (field != NULL)
{
- field->len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_LEN, encoding);
- field->fixed_string_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED_STR_LEN, encoding);
- field->num_array_elem = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_NUM_ARR_ELEM, encoding);
+ field->len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_LEN, encoding);
+ field->fixed_string_len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED_STR_LEN, encoding);
+ field->num_array_elem = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_NUM_ARR_ELEM, encoding);
field->required = tvb_get_guint8(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_REQ);
field->fixed = tvb_get_guint8(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED);
- field->field_int_name = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FLD_INT_NAME, encoding);
+ field->field_int_name = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FLD_INT_NAME, encoding);
if (string_field_name && (string_name_len > 0))
{
field->field_string_name_len = string_name_len;
@@ -1035,7 +990,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
field->field_string_name_len = 0;
field->field_string_name = NULL;
}
- field->field_type = lbmpdm_fetch_uint16_encoded(tvb, ofs + type_ofs, encoding);
+ field->field_type = tvb_get_guint16(tvb, ofs + type_ofs, encoding);
switch (field->field_type)
{
case PDM_TYPE_BOOLEAN:
@@ -1213,7 +1168,7 @@ gboolean lbmpdm_verify_payload(tvbuff_t * tvb, int offset, int * encoding, int *
return (FALSE);
break;
}
- len = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, *encoding);
+ len = tvb_get_guint32(tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, *encoding);
if (len > G_MAXINT)
{
return (FALSE);
@@ -1265,7 +1220,7 @@ int lbmpdm_dissect_lbmpdm_payload(tvbuff_t * tvb, int offset, packet_info * pinf
proto_tree_add_item(subtree, hf_lbmpdm_def_minor_ver, tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_MINOR_VER, L_LBMPDM_MSG_HDR_T_DEF_MINOR_VER, encoding);
msgid.ver_minor = tvb_get_guint8(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_MINOR_VER);
proto_tree_add_item(subtree, hf_lbmpdm_def_id, tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, L_LBMPDM_MSG_HDR_T_DEF_ID, encoding);
- msgid.msg_def_id = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, encoding);
+ msgid.msg_def_id = tvb_get_guint32(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_len, tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, L_LBMPDM_MSG_HDR_T_LEN, encoding);
next_hdr = tvb_get_guint8(tvb, offset + O_LBMPDM_MSG_HDR_T_NEXT_HDR);
--
1.7.12.4

60
SIGNATURES-2.6.2.txt Normal file
View File

@ -0,0 +1,60 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
wireshark-2.6.2.tar.xz: 28392140 bytes
SHA256(wireshark-2.6.2.tar.xz)=49b2895ee3ba17ef9ef0aebfdc4d32a778e0f36ccadde184516557d5f3357094
RIPEMD160(wireshark-2.6.2.tar.xz)=e9b782d49d9a063ba556320e9f2c08dea079967d
SHA1(wireshark-2.6.2.tar.xz)=52517c30926211b0b718815b51a3f06a18d8f5da
Wireshark-win64-2.6.2.exe: 59963968 bytes
SHA256(Wireshark-win64-2.6.2.exe)=88aa2ca018090fc73ffb273aa1ba9f690ec06deb77d1ec7ff9b39fe646ca2877
RIPEMD160(Wireshark-win64-2.6.2.exe)=3b947ada3e64bfb1c1b16a470926d94ed9db391b
SHA1(Wireshark-win64-2.6.2.exe)=90217eb0ed020a53a9ae80682c0881d347d11b4a
Wireshark-win32-2.6.2.exe: 54249888 bytes
SHA256(Wireshark-win32-2.6.2.exe)=3d886e435570b7326f53d00996040ef65b9e2a5bffe48645ce29ea5a23930801
RIPEMD160(Wireshark-win32-2.6.2.exe)=c2c5afa101559976439f36401ea1cc4564fa624e
SHA1(Wireshark-win32-2.6.2.exe)=eb7c50e80d6e7ec834599c1facfd6a3fd66aebf8
Wireshark-win32-2.6.2.msi: 43728896 bytes
SHA256(Wireshark-win32-2.6.2.msi)=99d5d94345a20e177736533840ff59859a76e864247a8146a73fca227f004043
RIPEMD160(Wireshark-win32-2.6.2.msi)=7f21412e4d335f6e797356b968fbef14afb03b8c
SHA1(Wireshark-win32-2.6.2.msi)=05f1f9c4b9bed8c4447e5e31f907c578f52cf067
Wireshark-win64-2.6.2.msi: 49364992 bytes
SHA256(Wireshark-win64-2.6.2.msi)=381076d09c757038072f761f7eee9d5aa45fa8423b771ba34ddbd8b56f2c429c
RIPEMD160(Wireshark-win64-2.6.2.msi)=a080eec0f8bd089f493d0c76837d7fe03c1fa0dd
SHA1(Wireshark-win64-2.6.2.msi)=2c6b5bf555729d1e5ee3a1dda8d2b14d3bb01759
WiresharkPortable_2.6.2.paf.exe: 37482552 bytes
SHA256(WiresharkPortable_2.6.2.paf.exe)=d36727bdb8cc3a72bfb80084d3c634c3bfa4661f4de68d644b43ef5d41c52b69
RIPEMD160(WiresharkPortable_2.6.2.paf.exe)=a98756bf5a67e47e1ca9ecd8836f2e6913a56f27
SHA1(WiresharkPortable_2.6.2.paf.exe)=dd11e62f34212be77abee9d2227a2fd3b613b0a5
Wireshark 2.6.2 Intel 64.dmg: 169012317 bytes
SHA256(Wireshark 2.6.2 Intel 64.dmg)=ef54b04a73df4069e29e77bc1940f3b767ee498c4e28f739eabda78ef71ab4a9
RIPEMD160(Wireshark 2.6.2 Intel 64.dmg)=f93d2cc4057337ca76d1aa435b0039a60927bebb
SHA1(Wireshark 2.6.2 Intel 64.dmg)=3a46de720848b286e7c115c75c7b00bcd08155aa
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAltPqKQACgkQgiRKeOb+
rurNbg//dw5903/0W2vw1a6u8F9JVvXfctb9/t1IOD2yT2omPXFTfqEkcwcY5c8W
FoSsflHM6g4rf8jqpqyipSPb6lYRJjm1fZGDzTilVPe+pcAV/HZ2QSdwOgw9FiAs
sV2eZdqPMVqdeLgDGtC4aHHabwsytFNaWtZLVyKr4ojdUfJNIBa40iUrItxXfgxA
GDCnVpdapuygk4rMeDpi3qZtvEKmgZ9Yj5aseX+wBYIT21EShP/gHSKNSA8x3gGz
xnpvOrz2qyJmWB6sBmIQndEXrYdazKr14Fzhmc2ajFMOJLwTGIZg5wl+UDnmPikW
6R1gRzSwkjEtgTKlZ9Gcel8eg6fNjW9HC9d4VjZzG4N693YrYwlpu0FIvaK+QGxE
yEJKPJnlaCi37Q6GBiKIpC5NUkTnt38Gb5DJ4/N3tk4P2LGlSyyMxLc5U096Zd8V
KCE/OVUuZs/4NsgIYaTYWDyTeNjjN2ZXnyx0N3x8yzWHcB6gYVPJc2lKouZe9XqZ
9Gz1Fr0/LEbx+r0iFOEm9pX/W8a5pzZnMn5YYUeTue61ZZp/yBOf7oTqjCVvSPHU
rZhsHMLcZnBNFoYKr03dcvukgSNsndTJPXvAEIX9FVmQUcQAEsdXRFO/csihG7l/
7KWgNjReI7eoWkBUH8sx7J+4wZVy9leWjHTtkZKTeOo6OO1vJx4=
=OiJq
-----END PGP SIGNATURE-----

18
wireshark-0001-enable-Lua-support.patch Normal file
View File

@ -0,0 +1,18 @@
From: =?UTF-8?q?Radek=20Vok=C3=A1l?= <rvokal@fedoraproject.org>
Date: Tue, 15 Dec 2009 08:36:27 +0000
Subject: [PATCH] enable Lua support
diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua
index 3fe2aca..2b48f9b 100644
--- a/epan/wslua/template-init.lua
+++ b/epan/wslua/template-init.lua
@@ -41,7 +41,7 @@ if running_superuser then
local disabled_lib = {}
setmetatable(disabled_lib,{ __index = function() error("this package ".. hint) end } );
- dofile = function() error("dofile " .. hint) end
+-- dofile = function() error("dofile " .. hint) end
loadfile = function() error("loadfile " .. hint) end
loadlib = function() error("loadlib " .. hint) end
require = function() error("require " .. hint) end

57
wireshark-0002-Customize-permission-denied-error.patch Normal file
View File

@ -0,0 +1,57 @@
From: Jan Safranek <jsafrane@redhat.com>
Date: Fri, 26 Nov 2010 14:30:45 +0300
Subject: [PATCH] Customize 'permission denied' error.
Add Fedora-specific message to error output when dumpcap cannot be started
because of permissions.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c
index 2f9d2cc..b18e47f 100644
--- a/capchild/capture_sync.c
+++ b/capchild/capture_sync.c
@@ -375,6 +375,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
gchar *signal_pipe_name;
#else
char errmsg[1024+1];
+ const char *securitymsg = "";
int sync_pipe[2]; /* pipe used to send messages from child to parent */
enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
#endif
@@ -728,8 +729,11 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
dup2(sync_pipe[PIPE_WRITE], 2);
ws_close(sync_pipe[PIPE_READ]);
execv(argv[0], argv);
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
- argv[0], g_strerror(errno));
+ if (errno == EPERM || errno == EACCES)
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+ argv[0], g_strerror(errno), securitymsg);
+
sync_pipe_errmsg_to_parent(2, errmsg, "");
/* Exit with "_exit()", so that we don't close the connection
@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
int i;
#else
char errmsg[1024+1];
+ const char *securitymsg = "";
int sync_pipe[2]; /* pipe used to send messages from child to parent */
int data_pipe[2]; /* pipe used to send data from child to parent */
#endif
@@ -1003,8 +1008,11 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
ws_close(sync_pipe[PIPE_READ]);
ws_close(sync_pipe[PIPE_WRITE]);
execv(argv[0], argv);
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
- argv[0], g_strerror(errno));
+ execv(argv[0], (gpointer)argv);
+ if (errno == EPERM || errno == EACCES)
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+ argv[0], g_strerror(errno), securitymsg);
sync_pipe_errmsg_to_parent(2, errmsg, "");
/* Exit with "_exit()", so that we don't close the connection

18
wireshark-0003-fix-string-overrun-in-plugins-profinet.patch Normal file
View File

@ -0,0 +1,18 @@
From: Peter Hatina <phatina@redhat.com>
Date: Wed, 4 Sep 2013 10:03:57 +0200
Subject: [PATCH] fix string overrun in plugins/profinet
diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c
index 0f1658a..f7fd322 100644
--- a/plugins/epan/profinet/packet-dcom-cba.c
+++ b/plugins/epan/profinet/packet-dcom-cba.c
@@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 u32Pointer;
- gchar szStr[1000];
+ gchar szStr[1000] = "";
guint32 u32MaxStr = sizeof(szStr);
gchar *call;

15
wireshark-0004-Restore-Fedora-specific-groups.patch Normal file
View File

@ -0,0 +1,15 @@
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Fri, 13 Sep 2013 14:36:55 +0400
Subject: [PATCH] Restore Fedora-specific groups
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/wireshark.desktop b/wireshark.desktop
index 334db48..669c6f1 100644
--- a/wireshark.desktop
+++ b/wireshark.desktop
@@ -108,4 +108,4 @@ Terminal=false
MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr;
# Category entry according to:
# http://standards.freedesktop.org/menu-spec/1.0/
-Categories=Network;Monitor;Qt;
+Categories=Application;Network;Monitor;Qt;

20
wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch Normal file
View File

@ -0,0 +1,20 @@
From: Kenneth Soerensen <knnthsrnsn@gmail.com>
Date: Wed, 29 Jan 2014 16:04:12 +0400
Subject: [PATCH] Fix paths in a wireshark.desktop file
diff --git a/wireshark.desktop b/wireshark.desktop
index 669c6f1..f7df1f3 100644
--- a/wireshark.desktop
+++ b/wireshark.desktop
@@ -102,8 +102,8 @@ Comment[tr]=Ağ trafiği çözümleyicisi
Comment[vi]=Trình phân tích giao thông mạng
Comment[uk]=Аналізатор мережевого трафіку
Icon=wireshark
-TryExec=wireshark
-Exec=wireshark %f
+TryExec=/usr/bin/wireshark
+Exec=/usr/bin/wireshark %f
Terminal=false
MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr;
# Category entry according to:

330
wireshark-0006-Move-tmp-to-var-tmp.patch Normal file
View File

@ -0,0 +1,330 @@
From cb54210f7f02b07768cfbf49ae266d487f580e1b Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 29 Jun 2017 15:32:58 +0200
Subject: [PATCH] Move /tmp to /var/tmp
Fedora is using tmpfs which is limited by the size of RAM, thus we need
to use different directory on different filesystem.
---
ui/gtk/about_dlg.c | 3 +-
ui/qt/about_dialog.cpp | 3 +-
ui/qt/iax2_analysis_dialog.cpp | 5 +--
ui/qt/rtp_analysis_dialog.cpp | 5 +--
ui/qt/rtp_audio_stream.cpp | 3 +-
wsutil/Makefile.am | 6 ++--
wsutil/tempfile.c | 9 +++---
wsutil/tempfile.h | 4 +--
wsutil/wstmpdir.c | 70 ++++++++++++++++++++++++++++++++++++++++++
wsutil/wstmpdir.h | 39 +++++++++++++++++++++++
10 files changed, 132 insertions(+), 15 deletions(-)
create mode 100644 wsutil/wstmpdir.c
create mode 100644 wsutil/wstmpdir.h
diff --git a/ui/gtk/about_dlg.c b/ui/gtk/about_dlg.c
index 22ca841..6bcb527 100644
--- a/ui/gtk/about_dlg.c
+++ b/ui/gtk/about_dlg.c
@@ -28,6 +28,7 @@
#include <gtk/gtk.h>
#include <wsutil/filesystem.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <wsutil/copyright_info.h>
#include <version_info.h>
#ifdef HAVE_LIBSMI
@@ -427,7 +428,7 @@ about_folders_page_new(void)
"capture files");
/* temp */
- about_folders_row(table, "Temp", g_get_tmp_dir(),
+ about_folders_row(table, "Temp", get_tmp_dir(),
"untitled capture files");
/* pers conf */
diff --git a/ui/qt/about_dialog.cpp b/ui/qt/about_dialog.cpp
index 31dc581..2f74285 100644
--- a/ui/qt/about_dialog.cpp
+++ b/ui/qt/about_dialog.cpp
@@ -26,6 +26,7 @@
#include "wireshark_application.h"
#include <wsutil/filesystem.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QDesktopServices>
#include <QUrl>
@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent):
appendRow( QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files"));
/* temp */
- appendRow( QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files"));
+ appendRow( QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files"));
/* pers conf */
appendRow( QStringList() << tr("Personal configuration")
diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp
index ee4e5fd..fe17a95 100644
--- a/ui/qt/iax2_analysis_dialog.cpp
+++ b/ui/qt/iax2_analysis_dialog.cpp
@@ -37,6 +37,7 @@
#include "ui/rtp_stream.h"
#endif
#include <wsutil/utf8_entities.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <wsutil/g711.h>
#include <wsutil/pint.h>
@@ -271,10 +272,10 @@ Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) :
// We keep our temp files open for the lifetime of the dialog. The GTK+
// UI opens and closes at various points.
- QString tempname = QString("%1/wireshark_iax2_f").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_iax2_f").arg(get_tmp_dir());
fwd_tempfile_ = new QTemporaryFile(tempname, this);
fwd_tempfile_->open();
- tempname = QString("%1/wireshark_iax2_r").arg(QDir::tempPath());
+ tempname = QString("%1/wireshark_iax2_r").arg(get_tmp_dir());
rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open();
diff --git a/ui/qt/rtp_analysis_dialog.cpp b/ui/qt/rtp_analysis_dialog.cpp
index 5d82e46..8008984 100644
--- a/ui/qt/rtp_analysis_dialog.cpp
+++ b/ui/qt/rtp_analysis_dialog.cpp
@@ -37,6 +37,7 @@
#include <wsutil/g711.h>
#include <wsutil/pint.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QMessageBox>
#include <QPushButton>
@@ -331,10 +332,10 @@ RtpAnalysisDialog::RtpAnalysisDialog(QWidget &parent, CaptureFile &cf, struct _r
// We keep our temp files open for the lifetime of the dialog. The GTK+
// UI opens and closes at various points.
- QString tempname = QString("%1/wireshark_rtp_f").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_rtp_f").arg(get_tmp_dir());
fwd_tempfile_ = new QTemporaryFile(tempname, this);
fwd_tempfile_->open();
- tempname = QString("%1/wireshark_rtp_r").arg(QDir::tempPath());
+ tempname = QString("%1/wireshark_rtp_r").arg(get_tmp_dir());
rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open();
diff --git a/ui/qt/rtp_audio_stream.cpp b/ui/qt/rtp_audio_stream.cpp
index fde66c8..b9531d2 100644
--- a/ui/qt/rtp_audio_stream.cpp
+++ b/ui/qt/rtp_audio_stream.cpp
@@ -37,6 +37,7 @@
#include <ui/rtp_stream.h>
#include <wsutil/nstime.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QAudioFormat>
#include <QAudioOutput>
@@ -76,7 +77,7 @@ RtpAudioStream::RtpAudioStream(QObject *parent, _rtp_stream_info *rtp_stream) :
visual_sample_rate_, SPEEX_RESAMPLER_QUALITY_MIN, NULL);
speex_resampler_skip_zeros(visual_resampler_);
- QString tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir());
tempfile_ = new QTemporaryFile(tempname, this);
tempfile_->open();
diff --git a/wsutil/Makefile.am b/wsutil/Makefile.am
index 2af1b6c..aa149a2 100644
--- a/wsutil/Makefile.am
+++ b/wsutil/Makefile.am
@@ -90,6 +90,7 @@ WSUTIL_PUBLIC_INCLUDES = \
ws_pipe.h \
ws_printf.h \
wsjsmn.h \
+ wstmpdir.h \
wsgcrypt.h \
wsgetopt.h \
wspcap.h \
@@ -168,6 +169,7 @@ libwsutil_la_SOURCES = \
ws_pipe.c \
wsgcrypt.c \
wsjsmn.c \
+ wstmpdir.c \
xtea.c
if HAVE_PLUGINS
diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c
index 8e1f8dc..dcf2f78 100644
--- a/wsutil/tempfile.c
+++ b/wsutil/tempfile.c
@@ -36,6 +36,7 @@
#include "tempfile.h"
#include <wsutil/file_util.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#ifndef __set_errno
#define __set_errno(x) errno=(x)
@@ -83,13 +83,14 @@ mkstemps(char *path_template, int suffixlen)
*/
char *get_tempfile_path(const char *filename)
{
- return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", g_get_tmp_dir(), filename);
+ return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", get_tmp_dir(), filename);
}
#define MAX_TEMPFILES 3
/**
- * Create a tempfile with the given prefix (e.g. "wireshark").
+ * Create a tempfile with the given prefix (e.g. "wireshark"). The path
+ * is created using get_tmp_dir and mkdtemp
*
* @param namebuf If not NULL, receives the full path of the temp file.
* Should NOT be freed.
@@ -199,7 +200,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx)
tf[idx].path = (char *)g_malloc(tf[idx].len);
}
- tmp_dir = g_get_tmp_dir();
+ tmp_dir = get_tmp_dir();
#ifdef _WIN32
_tzset();
diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h
index 1dca2df..bb3160c 100644
--- a/wsutil/tempfile.h
+++ b/wsutil/tempfile.h
@@ -45,7 +45,7 @@ WS_DLL_PUBLIC char *get_tempfile_path(const char *filename);
/**
* Create a tempfile with the given prefix (e.g. "wireshark"). The path
- * is created using g_get_tmp_dir and mkstemp.
+ * is created using get_tmp_dir and mkstemp.
*
* @param namebuf [in,out] If not NULL, receives the full path of the temp file.
* Must NOT be freed.
diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c
new file mode 100644
index 0000000..d8b733b
--- /dev/null
+++ b/wsutil/wstmpdir.c
@@ -0,0 +1,70 @@
+/* wstmpdir.c
+ *
+ * Copyright (C) 2013 Red Hat, Inc. All right reserved.
+ *
+ * Temporary directory routine
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Author: Peter Hatina <phatina@redhat.com>
+ */
+
+#include "config.h"
+
+#include <glib.h>
+#include "wstmpdir.h"
+
+/**
+ * Gets the directory to use for temporary files.
+ *
+ * Inspired by glib-2.0. If no TMP, TEMP or TMPDIR is set,
+ * /var/tmp is returned (Fedora specific).
+ *
+ * Returns: the directory to use for temporary files.
+ */
+const char *get_tmp_dir(void)
+{
+ static gchar *tmp_dir;
+
+ if (g_once_init_enter(&tmp_dir)) {
+ gchar *tmp;
+
+ tmp = g_strdup(g_getenv("TEMP"));
+ if (tmp == NULL || *tmp == '\0') {
+ g_free(tmp);
+ tmp = g_strdup(g_getenv("TMPDIR"));
+ }
+
+#ifdef P_tmpdir
+ if (tmp == NULL || *tmp == '\0') {
+ gsize k;
+ g_free(tmp);
+ tmp = g_strdup(P_tmpdir);
+ k = strlen(tmp);
+ if (k > 1 && G_IS_DIR_SEPARATOR(tmp[k - 1]))
+ tmp[k - 1] = '\0';
+ }
+#endif /* P_tmpdir */
+
+ if (tmp == NULL || *tmp == '\0') {
+ g_free(tmp);
+ tmp = g_strdup("/var/tmp");
+ }
+
+ g_once_init_leave(&tmp_dir, tmp);
+ }
+
+ return tmp_dir;
+}
diff --git a/wsutil/wstmpdir.h b/wsutil/wstmpdir.h
new file mode 100644
index 0000000..07ac583
--- /dev/null
+++ b/wsutil/wstmpdir.h
@@ -0,0 +1,39 @@
+/* wstmpdir.c
+ *
+ * Copyright (C) 2013 Red Hat, Inc. All right reserved.
+ *
+ * Temporary directory routine
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Author: Peter Hatina <phatina@redhat.com>
+ */
+
+#ifndef __WS_TMP_DIR_H__
+#define __WS_TMP_DIR_H__
+
+#include "ws_symbol_export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+WS_DLL_PUBLIC const char *get_tmp_dir(void);
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif
--
2.13.0

33
wireshark-0007-cmakelists.patch Normal file
View File

@ -0,0 +1,33 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9e3b555..b0abd84 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3069,7 +3069,7 @@ if(RPMBUILD_EXECUTABLE AND GIT_EXECUTABLE)
endif()
execute_process(
- COMMAND git describe --abbrev=8 --match v[1-9]*
+ COMMAND git describe --always --abbrev=8 --match v[1-9]*
OUTPUT_VARIABLE _git_description
OUTPUT_STRIP_TRAILING_WHITESPACE
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt
index 0367cd1..6382a2c 100644
--- a/wsutil/CMakeLists.txt
+++ b/wsutil/CMakeLists.txt
@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS
ws_mempbrk_int.h
ws_pipe.h
ws_printf.h
+ wstmpdir.h
wsjsmn.h
xtea.h
)
@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES
unicode-utils.c
ws_mempbrk.c
ws_pipe.c
+ wstmpdir.c
wsgcrypt.c
wsjsmn.c
xtea.c

BIN
wireshark-2.6.2.tar.xz Normal file
View File

Binary file not shown.

46
wireshark-CVE-2018-16057.patch Normal file
View File

@ -0,0 +1,46 @@
From 739eebd3d2e39db63c959eb99291edf59647ed6d Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Wed, 8 Aug 2018 16:45:21 +0200
Subject: [PATCH] 802.11 Radiotap: add more bound checks in
ieee80211_radiotap_iterator_next()
Bug: 15022
Change-Id: Ife413312c88b8d78926c78bdb6707903257e7964
Reviewed-on: https://code.wireshark.org/review/29017
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
---
epan/dissectors/packet-ieee80211-radiotap-iter.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/epan/dissectors/packet-ieee80211-radiotap-iter.c b/epan/dissectors/packet-ieee80211-radiotap-iter.c
index 167cb39..e10fdaf 100644
--- a/epan/dissectors/packet-ieee80211-radiotap-iter.c
+++ b/epan/dissectors/packet-ieee80211-radiotap-iter.c
@@ -132,6 +132,7 @@ int ieee80211_radiotap_iterator_init(
iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
iterator->_arg = (guint8 *)radiotap_header + sizeof(*radiotap_header);
iterator->_reset_on_ext = 0;
+ iterator->_next_ns_data = NULL;
iterator->_next_bitmap = &radiotap_header->it_present;
iterator->_next_bitmap++;
iterator->_vns = vns;
@@ -288,9 +289,14 @@ int ieee80211_radiotap_iterator_next(
}
if (!align) {
/* skip all subsequent data */
+ if (!iterator->_next_ns_data)
+ return -EINVAL;
iterator->_arg = iterator->_next_ns_data;
/* give up on this namespace */
iterator->current_namespace = NULL;
+ iterator->_next_ns_data = NULL;
+ if (!ITERATOR_VALID(iterator, 0))
+ return -EINVAL;
goto next_entry;
}
break;
--
1.7.12.4

37
wireshark-CVE-2018-16058.patch Normal file
View File

@ -0,0 +1,37 @@
From c48d6a6d60c5c9111838a945966b6cb8750777be Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Tue, 14 Aug 2018 11:03:09 +0200
Subject: [PATCH] BT A2DP: fully initialize sep_entry_t structure
Bug: 14884
Change-Id: Id409563d5e8869596db7b479132045bf8cf88f16
Reviewed-on: https://code.wireshark.org/review/29128
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-btavdtp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-btavdtp.c b/epan/dissectors/packet-btavdtp.c
index afdac33..c21308b 100644
--- a/epan/dissectors/packet-btavdtp.c
+++ b/epan/dissectors/packet-btavdtp.c
@@ -719,13 +719,11 @@ dissect_sep(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset,
key[6].length = 0;
key[6].key = NULL;
- sep_data = wmem_new(wmem_file_scope(), sep_entry_t);
+ sep_data = wmem_new0(wmem_file_scope(), sep_entry_t);
sep_data->seid = seid;
sep_data->type = type;
sep_data->media_type = media_type;
- sep_data->int_seid = 0;
sep_data->codec = -1;
- sep_data->content_protection_type = 0;
if (in_use) {
sep_data->state = SEP_STATE_IN_USE;
} else {
--
1.7.12.4

56
wireshark-CVE-2018-18225.patch Normal file
View File

@ -0,0 +1,56 @@
From 5a2aafef7a8ad4b3917823133c2e3534951fc4d3 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 9 Oct 2018 19:18:34 +0200
Subject: [PATCH] coap: ensure that piv_len matches piv
In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).
Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-coap.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/epan/dissectors/packet-coap.c b/epan/dissectors/packet-coap.c
index b034042..40331af 100644
--- a/epan/dissectors/packet-coap.c
+++ b/epan/dissectors/packet-coap.c
@@ -451,8 +451,11 @@ dissect_coap_opt_object_security(tvbuff_t *tvb, proto_item *head_item, proto_tre
coinfo->object_security = TRUE;
coinfo->oscore_info->piv = NULL;
+ coinfo->oscore_info->piv_len = 0;
coinfo->oscore_info->kid_context = NULL;
+ coinfo->oscore_info->kid_context_len = 0;
coinfo->oscore_info->kid = NULL;
+ coinfo->oscore_info->kid_len = 0;
if (opt_length == 0) { /* option length is zero, means flag byte is 0x00*/
/* add info to the head of the packet detail */
@@ -1148,11 +1151,9 @@ dissect_coap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* d
/* Indicate to OSCORE that this response contains its own PIV */
coinfo->oscore_info->piv_in_response = TRUE;
coap_trans->oscore_info->piv_in_response = TRUE;
- } else {
- if (coap_trans->oscore_info->piv) {
- /* Use the PIV from the request */
- coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
- }
+ } else if (coap_trans->oscore_info->piv_len > 0) {
+ /* Use the PIV from the request */
+ coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
coinfo->oscore_info->piv_len = coap_trans->oscore_info->piv_len;
}
coinfo->oscore_info->response = TRUE;
--
1.7.12.4

81
wireshark-CVE-2018-18226.patch Normal file
View File

@ -0,0 +1,81 @@
From f3986c24728f03a346a10388fd6c15ea9ae16d41 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 9 Oct 2018 18:16:11 +0200
Subject: [PATCH] steam-ihs: fix memleak on exception
When protobuf_dissect_unknown_field throws an exception,
steamdiscover_dissect_body_status will leak memory as
wmem_destroy_allocator is not called. Capture fuzz-2018-10-06-3104.pcap
from the linked bug leaks 64kiB memory in each frame 14 and 36.
Bug: 15171
Change-Id: I930d0738fde61799ab4ef2310f8ff11c1bcb032b
Fixes: v2.5.1rc0-130-g7ae954c7ac ("steam-ihs: Add dissector for the Steam IHS Discovery Protocol")
Reviewed-on: https://code.wireshark.org/review/30098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-steam-ihs-discovery.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/epan/dissectors/packet-steam-ihs-discovery.c b/epan/dissectors/packet-steam-ihs-discovery.c
index 1bec81e..9d238f4 100644
--- a/epan/dissectors/packet-steam-ihs-discovery.c
+++ b/epan/dissectors/packet-steam-ihs-discovery.c
@@ -491,9 +491,7 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree
protobuf_desc_t pb = { tvb, offset, bytes_left };
protobuf_desc_t pb2 = { tvb, 0, 0 };
protobuf_tag_t tag = { 0, 0, 0 };
- wmem_allocator_t* strpool;
guint8 *hostname;
- strpool = wmem_allocator_new(WMEM_ALLOCATOR_SIMPLE);
nstime_t timestamp;
proto_tree *user_tree;
proto_item *user_it;
@@ -522,7 +520,7 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree
value = get_varint64(pb.tvb, pb.offset, pb.bytes_left, &len);
proto_tree_add_item(tree, hf_steam_ihs_discovery_body_status_hostname, pb.tvb,
pb.offset+len, (gint)value, ENC_UTF_8|ENC_NA);
- hostname = tvb_get_string_enc(strpool, pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
+ hostname = tvb_get_string_enc(wmem_packet_scope(), pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
if(hostname && strlen(hostname)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s from %s", hf_steam_ihs_discovery_header_msgtype_strings[STEAMDISCOVER_MSGTYPE_CLIENTBROADCASTMSGSTATUS].strptr, hostname);
}
@@ -615,7 +613,6 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree
}
protobuf_seek_forward(&pb, len);
}
- wmem_destroy_allocator(strpool);
}
/* Dissect a CMsgRemoteDeviceAuthorizationRequest protobuf message body.
@@ -648,8 +645,6 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_
gint64 value;
protobuf_desc_t pb = { tvb, offset, bytes_left };
protobuf_tag_t tag = { 0, 0, 0 };
- wmem_allocator_t *strpool;
- strpool = wmem_allocator_new(WMEM_ALLOCATOR_SIMPLE);
guint8* devicename;
while (protobuf_iter_next(&pb, &tag)) {
switch(tag.field_number) {
@@ -665,7 +660,7 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_
value = get_varint64(pb.tvb, pb.offset, pb.bytes_left, &len);
proto_tree_add_item(tree, hf_steam_ihs_discovery_body_authrequest_devicename, pb.tvb,
pb.offset+len, (gint)value, ENC_UTF_8|ENC_NA);
- devicename = tvb_get_string_enc(strpool, pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
+ devicename = tvb_get_string_enc(wmem_packet_scope(), pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
if (devicename && strlen(devicename)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " from %s", devicename);
}
@@ -684,7 +679,6 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_
}
protobuf_seek_forward(&pb, len);
}
- wmem_destroy_allocator(strpool);
}
/* Dissect a CMsgRemoteDeviceAuthorizationResponse protobuf message body.
--
1.7.12.4

744
wireshark-CVE-2018-18227.patch Normal file
View File

@ -0,0 +1,744 @@
From f4d2dffd8be1df30a832647a2f188507076f0fed Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Sun, 9 Sep 2018 10:45:56 -0700
Subject: [PATCH] Fix handling of invalid type values.
If vType_get_type() returns NULL, that means that the packet is bad, not
that the dissector is bad. Report it as such.
Bug: 15119
Change-Id: I8e66fcece2b526ef9edbf948862f8fc5bea25d74
Reviewed-on: https://code.wireshark.org/review/29511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
epan/dissectors/packet-mswsp.c | 284 ++++++++++++++---------------------------
1 file changed, 99 insertions(+), 185 deletions(-)
diff --git a/epan/dissectors/packet-mswsp.c b/epan/dissectors/packet-mswsp.c
index 4217130..295192a 100644
--- a/epan/dissectors/packet-mswsp.c
+++ b/epan/dissectors/packet-mswsp.c
@@ -359,6 +359,7 @@ static int SMB2 = 2;
void proto_reg_handoff_mswsp(void);
+static expert_field ei_mswsp_invalid_variant_type = EI_INIT;
static expert_field ei_missing_msg_context = EI_INIT;
static expert_field ei_mswsp_msg_cpmsetbinding_ccolumns = EI_INIT;
@@ -3068,7 +3069,7 @@ static int parse_lcid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, const
/*****************************************************************************************/
/* 2.2.1.1 CBaseStorageVariant */
-static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CBaseStorageVariant *value, const char *text);
+static int parse_CBaseStorageVariant(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CBaseStorageVariant *value, const char *text);
/* 2.2.1.2 CFullPropSpec */
static int parse_CFullPropSpec(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *pad_tree, struct CFullPropSpec *v, const char *fmt, ...);
@@ -3080,10 +3081,10 @@ static int parse_CContentRestriction(tvbuff_t *tvb, int offset, proto_tree *pare
static int parse_CNatLanguageRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNatLanguageRestriction *v, const char *fmt, ...);
/* 2.2.1.6 CNodeRestriction */
-static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char* fmt, ...);
+static int parse_CNodeRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char* fmt, ...);
/* 2.2.1.7 CPropertyRestriction */
-static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...);
+static int parse_CPropertyRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...);
/* 2.2.1.8 CReuseWhere */
static int parse_CReuseWhere(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CReuseWhere *v, const char *fmt, ...);
@@ -3092,27 +3093,27 @@ static int parse_CReuseWhere(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
static int parse_CSort(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, const char *fmt, ...);
/* 2.2.1.12 CCoercionRestriction */
-static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...);
+static int parse_CCoercionRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...);
/* 2.2.1.16 CRestrictionArray */
-static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CRestrictionArray(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.17 CRestriction */
-static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...);
+static int parse_CRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...);
/* 2.2.1.18 CColumnSet */
static int parse_CColumnSet(tvbuff_t *tvb, int offset, proto_tree *tree, const char *fmt, ...);
/* 2.2.1.20 CCategorizationSpec */
-static int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CCategorizationSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.21 CCategSpec */
-static int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.22 CRangeCategSpec */
-static int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CRangeCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.23 RANGEBOUNDARY */
-static int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_RANGEBOUNDARY(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.24 CAggregSet */
static int parse_CAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
@@ -3127,19 +3128,19 @@ static int parse_CSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tr
static int parse_CAggregSortKey(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.28 CInGroupSortAggregSets */
-static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.29 CInGroupSortAggregSet */
-static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.30 CDbColId */
static int parse_CDbColId(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *text);
/* 2.2.1.31 CDbProp */
-static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...);
+static int parse_CDbProp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...);
/* 2.2.1.32 CDbPropSet */
-static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CDbPropSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.33 CPidMapper */
static int parse_CPidMapper(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
@@ -3157,7 +3158,7 @@ static int parse_CRowsetProperties(tvbuff_t *tvb, int offset, proto_tree *parent
static int parse_CSortSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.44 CTableColumn */
-static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...);
+static int parse_CTableColumn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...);
/*
@@ -3231,11 +3232,11 @@ static int parse_CSortSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
return offset;
}
-static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...)
+static int parse_CTableColumn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...)
{
- proto_item *item;
+ proto_item *item, *ti_type;
proto_tree *tree;
va_list ap;
struct vtype_data *type;
@@ -3266,8 +3267,14 @@ static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree
}
}
type = vType_get_type(vtype_val);
- DISSECTOR_ASSERT(type != NULL);
- proto_tree_add_string_format_value(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, type->str, "%s%s", type->str, modifier);
+ if (type == NULL) {
+ /*
+ * Not a valid type.
+ */
+ ti_type = proto_tree_add_string(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, "Unknown CTableColumn type");
+ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type);
+ } else
+ proto_tree_add_string_format_value(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, type->str, "%s%s", type->str, modifier);
offset += 4;
used = tvb_get_guint8(tvb, offset);
@@ -3487,7 +3494,7 @@ static int parse_relop(tvbuff_t *tvb, int offset, proto_tree *tree, guint32 *re
}
return offset + 4;
}
-static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...)
+static int parse_CPropertyRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3505,7 +3512,7 @@ static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *par
offset = parse_CFullPropSpec(tvb, offset, tree, pad_tree, &v->property, "Property");
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &v->prval, "prval");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &v->prval, "prval");
offset = parse_padding(tvb, offset, 4, pad_tree, "padding_lcid");
@@ -3517,7 +3524,7 @@ static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *par
return offset;
}
-static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...)
+static int parse_CCoercionRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3535,7 +3542,7 @@ static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *par
offset += 4;
- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &v->child, "child");
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &v->child, "child");
proto_item_set_end(item, tvb, offset);
return offset;
@@ -3732,7 +3739,7 @@ static int parse_rType(tvbuff_t *tvb, int offset, proto_tree *tree, enum rType *
return offset + 4;
}
-static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...)
+static int parse_CRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3761,18 +3768,18 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree
case RTProximity:
case RTPhrase: {
v->u.RTAnd = EP_ALLOC(struct CNodeRestriction);
- offset = parse_CNodeRestriction(tvb, offset, tree, pad_tree, v->u.RTAnd, "CNodeRestriction");
+ offset = parse_CNodeRestriction(tvb, pinfo, offset, tree, pad_tree, v->u.RTAnd, "CNodeRestriction");
break;
}
case RTNot: {
v->u.RTNot = EP_ALLOC(struct CRestriction);
- offset = parse_CRestriction(tvb, offset, tree, pad_tree,
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree,
v->u.RTNot, "CRestriction");
break;
}
case RTProperty: {
v->u.RTProperty = EP_ALLOC(struct CPropertyRestriction);
- offset = parse_CPropertyRestriction(tvb, offset, tree, pad_tree,
+ offset = parse_CPropertyRestriction(tvb, pinfo, offset, tree, pad_tree,
v->u.RTProperty, "CPropertyRestriction");
break;
}
@@ -3780,7 +3787,7 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree
case RTCoerce_Multiply:
case RTCoerce_Absolute: {
v->u.RTCoerce_Add = EP_ALLOC(struct CCoercionRestriction);
- offset = parse_CCoercionRestriction(tvb, offset, tree, pad_tree,
+ offset = parse_CCoercionRestriction(tvb, pinfo, offset, tree, pad_tree,
v->u.RTCoerce_Add, "CCoercionRestriction");
break;
}
@@ -3810,7 +3817,7 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree
return offset;
}
-static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CRestrictionArray(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
guint8 present, count;
@@ -3840,14 +3847,14 @@ static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent
for (i=0; i<count; i++) {
struct CRestriction r;
- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &r, "Restriction[%d]", i);
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &r, "Restriction[%d]", i);
}
}
proto_item_set_end(item, tvb, offset);
return offset;
}
-static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char *fmt, ...)
+static int parse_CNodeRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3867,7 +3874,7 @@ static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_
for (i=0; i<v->cNode; i++) {
struct CRestriction r;
ZERO_STRUCT(r);
- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &r, "paNode[%u]", i);
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &r, "paNode[%u]", i);
offset = parse_padding(tvb, offset, 4, tree, "padding_paNode[%u]", i); /*at begin or end of loop ????*/
}
@@ -4208,117 +4215,7 @@ static const char *str_CBaseStorageVariant(struct CBaseStorageVariant *value, gb
return wmem_strbuf_get_str(strbuf);
}
-static int parse_vType(tvbuff_t *tvb, int offset, guint16 *vtype)
-{
- guint16 tmp_vtype = tvb_get_letohs(tvb, offset);
- guint16 modifier = tmp_vtype & 0xFF00;
-
- switch (tmp_vtype & 0xFF) {
- case VT_EMPTY:
- *vtype = VT_EMPTY;
- break;
- case VT_NULL:
- *vtype = VT_NULL;
- break;
- case VT_I2:
- *vtype = VT_I2;
- break;
- case VT_I4:
- *vtype = VT_I4;
- break;
- case VT_R4:
- *vtype = VT_R4;
- break;
- case VT_R8:
- *vtype = VT_R8;
- break;
- case VT_CY:
- *vtype = VT_CY;
- break;
- case VT_DATE:
- *vtype = VT_DATE;
- break;
- case VT_BSTR:
- *vtype = VT_BSTR;
- break;
- case VT_ERROR:
- *vtype = VT_ERROR;
- break;
- case VT_BOOL:
- *vtype = VT_BOOL;
- break;
- case VT_VARIANT:
- *vtype = VT_VARIANT;
- break;
- case VT_DECIMAL:
- *vtype = VT_DECIMAL;
- break;
- case VT_I1:
- *vtype = VT_I1;
- break;
- case VT_UI1:
- *vtype = VT_UI1;
- break;
- case VT_UI2:
- *vtype = VT_UI2;
- break;
- case VT_UI4:
- *vtype = VT_UI4;
- break;
- case VT_I8:
- *vtype = VT_I8;
- break;
- case VT_UI8:
- *vtype = VT_UI8;
- break;
- case VT_INT:
- *vtype = VT_INT;
- break;
- case VT_UINT:
- *vtype = VT_UINT;
- break;
- case VT_LPSTR:
- *vtype = VT_LPSTR;
- break;
- case VT_LPWSTR:
- *vtype = VT_LPWSTR;
- break;
- case VT_COMPRESSED_LPWSTR:
- *vtype = VT_COMPRESSED_LPWSTR;
- break;
- case VT_FILETIME:
- *vtype = VT_FILETIME;
- break;
- case VT_BLOB:
- *vtype = VT_BLOB;
- break;
- case VT_BLOB_OBJECT:
- *vtype = VT_BLOB_OBJECT;
- break;
- case VT_CLSID:
- *vtype = VT_CLSID;
- break;
- default:
- DISSECTOR_ASSERT(FALSE);
- break;
- }
- if (modifier) {
- switch (modifier) {
- case VT_VECTOR:
- *vtype |= VT_VECTOR;
- break;
- case VT_ARRAY:
- *vtype |= VT_ARRAY;
- break;
- default:
- DISSECTOR_ASSERT(FALSE);
- break;
- }
- }
- return offset + 2;
-}
-
-static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CBaseStorageVariant *value, const char *text)
+static int parse_CBaseStorageVariant(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CBaseStorageVariant *value, const char *text)
{
int i, len;
proto_item *ti, *ti_type, *ti_val;
@@ -4329,9 +4226,19 @@ static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *pare
tree = proto_tree_add_subtree(parent_tree, tvb, offset, 0, ett_CBaseStorageVariant, &ti, text);
- parse_vType(tvb, offset, &value->vType);
- value->type = vType_get_type(value->vType);
- DISSECTOR_ASSERT(value->type != NULL);
+ value->vType = tvb_get_letohs(tvb, offset);
+ value->type = vType_get_type(value->vType & 0xFF);
+ if (value->type == NULL) {
+ /*
+ * Not a valid type.
+ */
+ ti_type = proto_tree_add_string(tree, hf_mswsp_cbasestorvariant_vtype, tvb, offset, 2, "Unknown CBaseStorageVariant type");
+ offset += 2;
+ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type);
+
+ THROW_MESSAGE(ReportedBoundsError, "Unknown CBaseStorageVariant type");
+ return offset;
+ }
ti_type = proto_tree_add_string(tree, hf_mswsp_cbasestorvariant_vtype, tvb, offset, 2, value->type->str);
offset += 2;
@@ -4452,7 +4359,7 @@ static int parse_CDbColId(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
return offset;
}
-static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...)
+static int parse_CDbProp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...)
{
static const value_string EMPTY_VS[] = {{0, NULL}};
const value_string *vs = (propset && propset->id_map) ? propset->id_map : EMPTY_VS;
@@ -4485,7 +4392,7 @@ static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pro
offset = parse_CDbColId(tvb, offset, tree, pad_tree, "colid");
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &value, "vValue");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &value, "vValue");
str = str_CBaseStorageVariant(&value, TRUE);
proto_item_append_text(item, " %s", str);
@@ -4494,7 +4401,7 @@ static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pro
return offset;
}
-static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CDbPropSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
int i, num;
e_guid_t guid;
@@ -4530,14 +4437,14 @@ static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
for (i = 0; i<num; i++) {
offset = parse_padding(tvb, offset, 4, pad_tree, "aProp[%d]", i);
- offset = parse_CDbProp(tvb, offset, tree, pad_tree, pset, "aProp[%d]", i);
+ offset = parse_CDbProp(tvb, pinfo, offset, tree, pad_tree, pset, "aProp[%d]", i);
}
proto_item_set_end(item, tvb, offset);
return offset;
}
-static int parse_PropertySetArray(tvbuff_t *tvb, int offset, int size_offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_PropertySetArray(tvbuff_t *tvb, packet_info *pinfo, int offset, int size_offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
const int offset_in = offset;
guint32 size, num;
@@ -4563,7 +4470,7 @@ static int parse_PropertySetArray(tvbuff_t *tvb, int offset, int size_offset, pr
offset += 4;
for (i = 0; i < (int)num; i++) {
- offset = parse_CDbPropSet(tvb, offset, tree, pad_tree, "PropertySet[%d]", i);
+ offset = parse_CDbPropSet(tvb, pinfo, offset, tree, pad_tree, "PropertySet[%d]", i);
}
proto_item_set_end(item, tvb, offset);
@@ -4601,7 +4508,7 @@ int parse_CColumnSet(tvbuff_t *tvb, int offset, proto_tree *tree, const char *fm
}
/* 2.2.1.23 RANGEBOUNDARY */
-int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_RANGEBOUNDARY(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
guint32 ulType;
guint8 labelPresent;
@@ -4622,7 +4529,7 @@ int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, prot
offset += 4;
ZERO_STRUCT(prval);
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &prval, "prVal");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &prval, "prVal");
labelPresent = tvb_get_guint8(tvb, offset);
proto_tree_add_item(tree, hf_mswsp_rangeboundry_labelpresent, tvb, offset, 1, ENC_LITTLE_ENDIAN);
@@ -4650,7 +4557,7 @@ int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, prot
/* 2.2.1.22 CRangeCategSpec */
-int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_CRangeCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4671,7 +4578,7 @@ int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
offset += 4;
for (i=0; i<cRange; i++) {
- offset = parse_RANGEBOUNDARY(tvb, offset, tree, pad_tree, "aRangeBegin[%u]", i);
+ offset = parse_RANGEBOUNDARY(tvb, pinfo, offset, tree, pad_tree, "aRangeBegin[%u]", i);
}
@@ -4680,7 +4587,7 @@ int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
}
/* 2.2.1.21 CCategSpec */
-int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_CCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4700,7 +4607,7 @@ int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_t
offset = parse_CSort(tvb, offset, tree, pad_tree, "CSort");
- offset = parse_CRangeCategSpec(tvb, offset, tree, pad_tree, "CRangeCategSpec");
+ offset = parse_CRangeCategSpec(tvb, pinfo, offset, tree, pad_tree, "CRangeCategSpec");
proto_item_set_end(item, tvb, offset);
return offset;
@@ -4867,7 +4774,7 @@ static int parse_CInGroupSortAggregSet_type(tvbuff_t *tvb, int offset, proto_tre
}
/* 2.2.1.29 CInGroupSortAggregSet */
-static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4885,7 +4792,7 @@ static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *pa
if (type == GroupIdValue) {
struct CBaseStorageVariant id;
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &id, "inGroupId");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &id, "inGroupId");
}
offset = parse_CSortSet(tvb, offset, tree, pad_tree, "SortSet");
@@ -4896,7 +4803,7 @@ static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *pa
/* 2.2.1.28 CInGroupSortAggregSets */
-static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
guint32 cCount, i;
proto_item *item;
@@ -4916,7 +4823,7 @@ static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *p
for (i=0; i<cCount; i++) {
/* 2.2.1.29 CInGroupSortAggregSet */
- offset = parse_CInGroupSortAggregSet(tvb, offset, tree, pad_tree, "SortSets[%u]", i);
+ offset = parse_CInGroupSortAggregSet(tvb, pinfo, offset, tree, pad_tree, "SortSets[%u]", i);
}
proto_item_set_end(item, tvb, offset);
@@ -4924,7 +4831,7 @@ static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *p
}
/* 2.2.1.20 CCategorizationSpec */
-int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_CCategorizationSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4941,7 +4848,7 @@ int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree
offset = parse_CColumnSet(tvb, offset, tree, "csColumns");
/* 2.2.1.21 CCategSpec */
- offset = parse_CCategSpec(tvb, offset, tree, pad_tree, "Spec");
+ offset = parse_CCategSpec(tvb, pinfo, offset, tree, pad_tree, "Spec");
/* 2.2.1.24 CAggregSet */
offset = parse_CAggregSet(tvb, offset, tree, pad_tree, "AggregSet");
@@ -4950,7 +4857,7 @@ int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree
offset = parse_CSortAggregSet(tvb, offset, tree, pad_tree, "SortAggregSet");
/* 2.2.1.28 CInGroupSortAggregSets */
- offset = parse_CInGroupSortAggregSets(tvb, offset, tree, pad_tree, "InGroupSortAggregSets");
+ offset = parse_CInGroupSortAggregSets(tvb, pinfo, offset, tree, pad_tree, "InGroupSortAggregSets");
proto_tree_add_item(tree, hf_mswsp_categorizationspec_cmaxres, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
@@ -5273,17 +5180,14 @@ static int parse_CRowVariantArrayInfo(tvbuff_t *tvb, int offset, proto_tree *tre
return offset;
}
-static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, guint64 base_address, gboolean is_64bit, struct CRowVariant *variant)
+static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, guint64 base_address, gboolean is_64bit, struct CRowVariant *variant, struct vtype_data *vt_list_type)
{
guint32 i = 0;
guint64 count = 0;
int buf_offset = 0;
proto_tree *sub_tree;
- struct vtype_data *vt_list_type =
- vType_get_type((enum vType)(variant->vtype & 0x00FF));
wmem_strbuf_t *strbuf;
- DISSECTOR_ASSERT(vt_list_type != NULL);
offset = parse_CRowVariantArrayInfo(tvb, offset, tree, is_64bit, variant);
if (is_64bit) {
buf_offset =
@@ -5335,10 +5239,10 @@ static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, g
return offset;
}
-static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, guint64 base_address, guint32 length _U_, gboolean is_64bit, struct CRowVariant *variant, const char *fmt, ...)
+static int parse_VariantCol(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, guint64 base_address, guint32 length _U_, gboolean is_64bit, struct CRowVariant *variant, const char *fmt, ...)
{
proto_tree *tree;
- proto_item *item;
+ proto_item *item, *ti_type;
va_list ap;
struct vtype_data *vt_type;
@@ -5354,8 +5258,6 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
variant->vtype = tvb_get_letohs(tvb, offset);
vt_type = vType_get_type((enum vType)variant->vtype);
- DISSECTOR_ASSERT(vt_type != NULL);
-
vtype_high = (variant->vtype & 0xFF00);
if (vtype_high) {
if (vtype_high == VT_VECTOR) {
@@ -5367,6 +5269,17 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
}
}
+ if (vt_type == NULL) {
+ /*
+ * Not a valid type.
+ */
+ ti_type = proto_tree_add_string(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, "Unknown variant column type");
+ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type);
+ offset += 2;
+
+ THROW_FORMATTED(ReportedBoundsError, "Unknown variant column type%s", modifier);
+ return offset;
+ }
proto_tree_add_string_format_value(tree, hf_mswsp_rowvariant_vtype, tvb, offset, 2, vt_type->str, "%s%s", vt_type->str, modifier);
offset += 2;
@@ -5382,7 +5295,7 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
if (vtype_high == VT_VECTOR || vtype_high == VT_ARRAY) {
offset = parse_VariantColVector(tvb, offset, tree, base_address,
- is_64bit, variant);
+ is_64bit, variant, vt_type);
} else {
wmem_strbuf_t *strbuf = wmem_strbuf_new(wmem_packet_scope(), "");
if (size != -1) {
@@ -5421,7 +5334,7 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
return offset;
}
-static int parse_RowsBufferCol(tvbuff_t *tvb, int offset, guint32 row, guint32 col, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean b_is_64bit, proto_tree *parent_tree, const char *fmt, ...)
+static int parse_RowsBufferCol(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 row, guint32 col, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean b_is_64bit, proto_tree *parent_tree, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -5463,13 +5376,13 @@ static int parse_RowsBufferCol(tvbuff_t *tvb, int offset, guint32 row, guint32 c
len = tvb_get_letohs(tvb, buf_offset + pcol->lengthoffset) - pcol->valuesize;
}
if (pcol->vtype == VT_VARIANT) {
- parse_VariantCol(tvb, tmp_offset, tree, base_address, len, b_is_64bit, &variant, "CRowVariant");
+ parse_VariantCol(tvb, pinfo, tmp_offset, tree, base_address, len, b_is_64bit, &variant, "CRowVariant");
}
}
return offset;
}
-static int parse_RowsBuffer(tvbuff_t *tvb, int offset, guint32 num_rows, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean is64bit, proto_tree *parent_tree, const char *fmt, ...)
+static int parse_RowsBuffer(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 num_rows, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean is64bit, proto_tree *parent_tree, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -5488,7 +5401,7 @@ static int parse_RowsBuffer(tvbuff_t *tvb, int offset, guint32 num_rows, struct
proto_tree *row_tree;
row_tree = proto_tree_add_subtree_format(tree, tvb, offset, 0, ett_GetRowsRow, NULL, "Row[%d]", num);
for (col = 0; col < bindingsin->ccolumns; col++) {
- parse_RowsBufferCol(tvb, offset, num, col, bindingsin, rowsin, is64bit, row_tree, "Col[%d]", col);
+ parse_RowsBufferCol(tvb, pinfo, offset, num, col, bindingsin, rowsin, is64bit, row_tree, "Col[%d]", col);
}
}
return offset;
@@ -5557,11 +5470,11 @@ static int dissect_CPMConnect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *par
offset = parse_padding(tvb, offset, 8, pad_tree, "_paddingcPropSets");
- offset = parse_PropertySetArray(tvb, offset, blob_size1_off, tree, pad_tree, "PropSets");
+ offset = parse_PropertySetArray(tvb, pinfo, offset, blob_size1_off, tree, pad_tree, "PropSets");
offset = parse_padding(tvb, offset, 8, pad_tree, "paddingExtPropset");
- offset = parse_PropertySetArray(tvb, offset, blob_size2_off, tree, pad_tree, "ExtPropset");
+ offset = parse_PropertySetArray(tvb, pinfo, offset, blob_size2_off, tree, pad_tree, "ExtPropset");
offset = parse_padding(tvb, offset, 8, pad_tree, "???");
@@ -5616,7 +5529,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree
offset += 1;
if (CRestrictionPresent) {
- offset = parse_CRestrictionArray(tvb, offset, tree, pad_tree, "RestrictionArray");
+ offset = parse_CRestrictionArray(tvb, pinfo, offset, tree, pad_tree, "RestrictionArray");
}
CSortSetPresent = tvb_get_guint8(tvb, offset);
@@ -5625,7 +5538,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree
if (CSortSetPresent) {
offset = parse_padding(tvb, offset, 4, tree, "paddingCSortSetPresent");
- offset = parse_CInGroupSortAggregSets(tvb, offset, tree, pad_tree, "GroupSortAggregSets");
+ offset = parse_CInGroupSortAggregSets(tvb, pinfo, offset, tree, pad_tree, "GroupSortAggregSets");
}
@@ -5641,7 +5554,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree
proto_tree_add_uint(tree, hf_mswsp_msg_cpmcreatequery_ccateg_count, tvb, offset, 4, count);
offset += 4;
for (i=0; i<count; i++) {
- offset = parse_CCategorizationSpec(tvb, offset, tree, pad_tree, "categories[%u]", i);
+ offset = parse_CCategorizationSpec(tvb, pinfo, offset, tree, pad_tree, "categories[%u]", i);
}
}
@@ -5803,7 +5716,7 @@ static int dissect_CPMGetRows(tvbuff_t *tvb, packet_info *pinfo, proto_tree *par
if (b_has_arch && bindingsin && rowsin) {
offset = parse_padding(tvb, offset, rowsin->cbreserved, pad_tree,
"paddingRows");
- parse_RowsBuffer(tvb, offset, num_rows, bindingsin, rowsin, b_64bit_mode, tree, "Rows");
+ parse_RowsBuffer(tvb, pinfo, offset, num_rows, bindingsin, rowsin, b_64bit_mode, tree, "Rows");
} else {
gint nbytes = tvb_reported_length_remaining(tvb, offset);
proto_tree_add_expert_format(tree, pinfo, &ei_missing_msg_context, tvb, offset, nbytes, "Undissected %d bytes (due to missing preceding msg(s))", nbytes);
@@ -5950,7 +5863,7 @@ static int dissect_CPMSetBindings(tvbuff_t *tvb, packet_info *pinfo, proto_tree
sizeof(struct CTableColumn) * num);
for (n=0; n<num; n++) {
offset = parse_padding(tvb, offset, 4, pad_tree, "padding_aColumns[%u]", n);
- offset = parse_CTableColumn(tvb, offset, tree, pad_tree, &request.acolumns[n],"aColumns[%u]", n);
+ offset = parse_CTableColumn(tvb, pinfo, offset, tree, pad_tree, &request.acolumns[n],"aColumns[%u]", n);
}
data = find_or_create_message_data(ct, pinfo,0xD0,in, private_data);
if (data) {
@@ -8051,6 +7964,7 @@ proto_register_mswsp(void)
};
static ei_register_info ei[] = {
+ { &ei_mswsp_invalid_variant_type, { "mswsp.invalid_variant_type", PI_PROTOCOL, PI_ERROR, "Invalid variant type", EXPFILL }},
{ &ei_missing_msg_context, { "mswsp.msg.cpmgetrows.missing_msg_context", PI_SEQUENCE, PI_WARN, "previous messages needed for context not captured", EXPFILL }},
{ &ei_mswsp_msg_cpmsetbinding_ccolumns, { "mswsp.msg.cpmsetbinding.ccolumns.invalude", PI_PROTOCOL, PI_WARN, "Invalid number of cColumns for packet", EXPFILL }}
};
--
1.7.12.4

71
wireshark-CVE-2018-19622.patch Normal file
View File

@ -0,0 +1,71 @@
From 1ddaf1a0944ffe95d69717ac9fdc60824932f676 Mon Sep 17 00:00:00 2001
From: Jeff Morriss <jeff.morriss.ws@gmail.com>
Date: Fri, 9 Nov 2018 15:16:35 -0500
Subject: [PATCH] MMSE: catch length overflows to avoid infinite loop.
After fetching a length from the packet ensure those bytes exist to
avoid integer overflows by callers (while avoiding having to ensure
every caller checks for overflows).
Also add a check to ensure the loop in question is progressing through
the TVB; report a dissector bug if it doesn't.
Bug: 15250
Change-Id: I9434bfe9d530942fd45342690383df2decacdba1
Reviewed-on: https://code.wireshark.org/review/30560
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-mmse.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-mmse.c b/epan/dissectors/packet-mmse.c
index ffb4faa..1e3d13a 100644
--- a/epan/dissectors/packet-mmse.c
+++ b/epan/dissectors/packet-mmse.c
@@ -487,6 +487,12 @@ get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count, packet_info *pi
field = tvb_get_guintvar(tvb, offset, byte_count, pinfo, &ei_mmse_oversized_uintvar);
(*byte_count)++;
}
+
+ /* The packet says there are this many bytes; ensure they're there.
+ * We do this here because several callers do math on the length we
+ * return here and may not catch an overflow.
+ */
+ tvb_ensure_bytes_exist(tvb, offset, field);
return field;
}
@@ -689,7 +695,7 @@ static void
dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
const char *message_type)
{
- guint offset;
+ guint offset, old_offset;
guint8 field = 0;
const char *strval;
guint length;
@@ -711,6 +717,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
proto_tree_add_uint(mmse_tree, hf_mmse_message_type, tvb, 0, 2, pdut);
offset = 2; /* Skip Message-Type */
+ old_offset = 1;
/*
* Cycle through MMS-headers
@@ -1209,6 +1216,11 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
break;
}
DebugLog(("\tEnd(case)\n"));
+
+ if (offset <= old_offset) {
+ REPORT_DISSECTOR_BUG("Offset isn't increasing (offset=%u, old offset=%u)", offset, old_offset);
+ }
+ old_offset = offset;
}
DebugLog(("\tEnd(switch)\n"));
--
1.7.12.4

75
wireshark-CVE-2018-19623.patch Normal file
View File

@ -0,0 +1,75 @@
From 5797f602741a7505c18c2e0c505e963ca3349153 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sun, 21 Oct 2018 15:10:57 +0200
Subject: [PATCH] LBMPDM: fix heap-buffer-overflow (write) in
dissect_segment_ofstable
id_list and ofs_list contain offsets read directly from the packet.
While the field type is FT_UINT32, it is somehow interpreted as signed
number. This means that ofs_table->offset_list[id_list[idx]]=... could
in fact result in an arbitrary write before "ofs_table->offset_list" due
to id_list[idx] being negative.
Another way for id_list[idx] to remain negative (-1) is for the loop to
terminate before all "field_count" elements are set. Thus, remove the
"datalen_remaining >= L_LBMPDM_OFFSET_ENTRY_T" check, if the offset is
invalid the proto_tree_add_item accessors will throw an exception.
Fixes the crash in the linked bug. Regression tested against the 8
capture files from bug 9718, its dissection results are still the same.
Bug: 15132
Change-Id: If5d2f11ee47578acb80bc43ba7ed16adb27e0c02
Fixes: v1.11.3-rc1-2270-g2f4ca9c8d9 ("Initial checkin of LBM aka 29West dissectors. See Bug 9718.")
Reviewed-on: https://code.wireshark.org/review/30300
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-lbmpdm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-lbmpdm.c b/epan/dissectors/packet-lbmpdm.c
index a875c8c..6b42e50 100644
--- a/epan/dissectors/packet-lbmpdm.c
+++ b/epan/dissectors/packet-lbmpdm.c
@@ -12,6 +12,7 @@
#include "config.h"
#include <epan/packet.h>
+#include <epan/exceptions.h>
#include "packet-lbm.h"
/* Magic number for message header to check if data is big-endian or little-endian. */
@@ -792,7 +793,6 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
proto_tree * subtree = NULL;
int datalen = 0;
int seglen = 0;
- int datalen_remaining = 0;
int ofs = 0;
int field_count = 0;
int idx;
@@ -817,9 +817,8 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
id_list[idx] = -1;
ofs_list[idx] = -1;
}
- datalen_remaining = datalen;
ofs = offset + L_LBMPDM_SEG_HDR_T;
- for (idx = 0; (idx < field_count) && (datalen_remaining >= L_LBMPDM_OFFSET_ENTRY_T); idx++, ofs += L_LBMPDM_OFFSET_ENTRY_T)
+ for (idx = 0; idx < field_count; idx++, ofs += L_LBMPDM_OFFSET_ENTRY_T)
{
proto_item * offset_item = NULL;
proto_tree * offset_tree = NULL;
@@ -830,6 +829,9 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
id_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_offset, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, L_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
ofs_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
+ if (id_list[idx] < 0 || ofs_list[idx] < 0) {
+ THROW(ReportedBoundsError);
+ }
if (id_list[idx] > max_index)
{
max_index = id_list[idx];
--
1.7.12.4

38
wireshark-CVE-2018-19624.patch Normal file
View File

@ -0,0 +1,38 @@
From a8c93de0b0130ed5f4aab59338372783054898ea Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 27 Nov 2018 12:23:31 -0800
Subject: [PATCH] pvfs2: Add a pointer check.
Make sure a pointer isn't NULL before trying to dereference it.
Bug: 15280
Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4
Reviewed-on: https://code.wireshark.org/review/30807
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-pvfs2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/epan/dissectors/packet-pvfs2.c b/epan/dissectors/packet-pvfs2.c
index e2b61be..1c1012c 100644
--- a/epan/dissectors/packet-pvfs2.c
+++ b/epan/dissectors/packet-pvfs2.c
@@ -2314,6 +2314,12 @@ dissect_pvfs2_getconfig_response(tvbuff_t *tvb, proto_tree *parent_tree,
/* Get pointer to server config data */
ptr = tvb_get_ptr(tvb, offset, total_config_bytes);
+ if (!ptr)
+ {
+ /* Not enough data. Bail out. */
+ return offset;
+ }
+
/* Check if all data is available */
length_remaining = tvb_captured_length_remaining(tvb, offset);
--
1.7.12.4

51
wireshark-CVE-2018-19625.patch Normal file
View File

@ -0,0 +1,51 @@
From ec5adb0ce98c37c8119feb972a5207e0e1721d9b Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 11 Oct 2018 00:02:26 +0200
Subject: [PATCH] tvbuff_composite: fix buffer overflow due to wrong offset
adjustment
The tvb_offset method should return the offset of the buffer within the
backing tvb (ds_tvb). The currently returned non-zero offset is valid
for tvbuff_subset.c, but not for the composite TVB. The backing tvb is
the tvb itself, so the offset should be zero (or "counter" for
consistency with tvbuff_real.c and others).
This bug is observable with the capture from the bug. In tshark, the
data field in the PDML output has value "field length invalid!" and the
position attribute ("pos") is too large. With the -V option it even
crashes with a buffer overflow (read). In the GUI, the bytes tab shows
range 3199-19642 even if the data source is only 16444 bytes while the
selection should have been 0-16443.
Bug: 14466
Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679
Reviewed-on: https://code.wireshark.org/review/30124
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/tvbuff_composite.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/epan/tvbuff_composite.c b/epan/tvbuff_composite.c
index f77aace..53cdbca 100644
--- a/epan/tvbuff_composite.c
+++ b/epan/tvbuff_composite.c
@@ -51,12 +51,9 @@ composite_free(tvbuff_t *tvb)
}
static guint
-composite_offset(const tvbuff_t *tvb, const guint counter)
+composite_offset(const tvbuff_t *tvb _U_, const guint counter)
{
- const struct tvb_composite *composite_tvb = (const struct tvb_composite *) tvb;
- const tvbuff_t *member = (const tvbuff_t *)composite_tvb->composite.tvbs->data;
-
- return tvb_offset_from_real_beginning_counter(member, counter);
+ return counter;
}
static const guint8*
--
1.7.12.4

38
wireshark-CVE-2018-19626.patch Normal file
View File

@ -0,0 +1,38 @@
From ec6ace066ae4c889d4c18a0a38a8c6053483877b Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 11 Oct 2018 13:04:03 +0200
Subject: [PATCH] DCOM: always NUL-terminate dissect_dcom_BSTR results
All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.
Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-dcom.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c
index d12216a..79cf6a6 100644
--- a/epan/dissectors/packet-dcom.c
+++ b/epan/dissectors/packet-dcom.c
@@ -1725,8 +1725,10 @@ dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep,
&u32ArraySize);
- if ((guint32)offset + u32ArraySize*2 > G_MAXINT)
+ if ((guint32)offset + u32ArraySize*2 > G_MAXINT) {
+ pszStr[0] = 0;
return offset;
+ }
realOffset = offset + u32ArraySize*2;
--
1.7.12.4

38
wireshark-CVE-2018-19627.patch Normal file
View File

@ -0,0 +1,38 @@
From 332df929a9966fda2cd3aa30a5a107e5b2bfa360 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 27 Nov 2018 13:38:10 -0800
Subject: [PATCH] IxVeriWave: Fix a buffer boundary.
Pass the correct buffer size to find_signature so that we don't read
past it.
Bug: 15279
Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404
Reviewed-on: https://code.wireshark.org/review/30809
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
wiretap/vwr.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/wiretap/vwr.c b/wiretap/vwr.c
index d5b93fa..1e01add 100644
--- a/wiretap/vwr.c
+++ b/wiretap/vwr.c
@@ -2142,9 +2142,10 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, wtap_rec *record,
end_time = e_time / NS_IN_US; /* convert to microseconds first */
/* extract the 32 LSBs of the signature timestamp field */
- m_ptr = &(rec[stats_offset+8+12]);
+ int m_ptr_offset = stats_offset + 8 + 12;
+ m_ptr = rec + m_ptr_offset;
pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */
- sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq);
+ sig_off = find_signature(m_ptr, rec_size - m_ptr_offset, pay_off, flow_id, flow_seq);
if (m_ptr[sig_off] == 0xdd)
sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN);
else
--
1.7.12.4

38
wireshark-CVE-2018-19628.patch Normal file
View File

@ -0,0 +1,38 @@
From d53ff85d409367ee6538326147c8bb545bd4adb3 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 27 Nov 2018 12:06:47 -0800
Subject: [PATCH] ZigBee ZCL: Fix a divide-by-zero.
Fix a divide-by-zero in decode_color_temperature.
Bug: 15281
Change-Id: I9460ffc85f6fe6b954c1810c3a80588c1aa4fec2
Reviewed-on: https://code.wireshark.org/review/30806
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-zbee-zcl-lighting.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-zbee-zcl-lighting.c b/epan/dissectors/packet-zbee-zcl-lighting.c
index 4a4fc5c..b68a003 100644
--- a/epan/dissectors/packet-zbee-zcl-lighting.c
+++ b/epan/dissectors/packet-zbee-zcl-lighting.c
@@ -879,7 +879,11 @@ decode_color_xy(gchar *s, guint16 value)
static void
decode_color_temperature(gchar *s, guint16 value)
{
- g_snprintf(s, ITEM_LABEL_LENGTH, "%d [Mired] (%d [K])", value, 1000000/value);
+ if (value == 0) {
+ g_snprintf(s, ITEM_LABEL_LENGTH, "%u [Mired]", value);
+ } else {
+ g_snprintf(s, ITEM_LABEL_LENGTH, "%u [Mired] (%u [K])", value, 1000000/value);
+ }
return;
} /*decode_power_conf_voltage*/
--
1.7.12.4

30
wireshark-CVE-2019-5718.patch Normal file
View File

@ -0,0 +1,30 @@
From cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 7 Jan 2019 14:41:29 -0800
Subject: [PATCH] epan: Add a boundary check to get_t61_string.
Add a boundary check to make sure we don't go past the end of "ptr".
Bug: 15373
Change-Id: I85394e8e6e477b47919362af146051cc8911254b
Reviewed-on: https://code.wireshark.org/review/31440
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/charsets.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/epan/charsets.c b/epan/charsets.c
index 7f298fd..ebeb2dc 100644
--- a/epan/charsets.c
+++ b/epan/charsets.c
@@ -1382,7 +1382,7 @@ get_t61_string(wmem_allocator_t *scope, const guint8 *ptr, gint length)
for (i = 0, c = ptr; i < length; c++, i++) {
if (!t61_tab[*c]) {
wmem_strbuf_append_unichar(strbuf, UNREPL);
- } else if ((*c & 0xf0) == 0xc0) {
+ } else if (i < length - 1 && (*c & 0xf0) == 0xc0) {
gint j = *c & 0x0f;
/* If this is the end of the string, or if the base
* character is just a space, treat this as a regular
--
2.7.4

215
wireshark-CVE-2019-9208.patch Normal file
View File

@ -0,0 +1,215 @@
From 34873a20eb489562098c5a58085ae783f869525c Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Thu, 31 Jan 2019 15:40:24 +0100
Subject: [PATCH] tcap: check p_tcap_private before dereferencing.
This caused a NULL pointer dereference on ASAN builds with
malformed packets.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0)
==15485==The signal is caused by a WRITE memory access.
==15485==Hint: address points to the zero page.
#0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf
#1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17
Bug: 15464
Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94
Reviewed-on: https://code.wireshark.org/review/31840
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/asn1/tcap/tcap.cnf | 24 +++++++++++++++--------
epan/dissectors/packet-tcap.c | 40 +++++++++++++++++++++++---------------
2 files changed, 40 insertions(+), 24 deletions(-)
diff --git a/epan/dissectors/asn1/tcap/tcap.cnf b/epan/dissectors/asn1/tcap/tcap.cnf
index a41be09..0507f71 100644
--- a/epan/dissectors/asn1/tcap/tcap.cnf
+++ b/epan/dissectors/asn1/tcap/tcap.cnf
@@ -115,20 +115,26 @@ ABRT-apdu/_untag/user-information abrt_user_information
#.FN_BODY AUDT-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
%(DEFAULT_BODY)s
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
#----------------------------------------------------------------------------------------
#.FN_BODY AARQ-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
%(DEFAULT_BODY)s
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
#----------------------------------------------------------------------------------------
#.FN_BODY AARE-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
%(DEFAULT_BODY)s
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
#----------------------------------------------------------------------------------------
#.FN_BODY OrigTransactionID
tvbuff_t *parameter_tvb;
@@ -166,7 +172,8 @@ ABRT-apdu/_untag/user-information abrt_user_information
gp_tcapsrt_info->src_tid=0;
break;
}
- p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
+ if (p_tcap_private)
+ p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "otid(");
@@ -214,7 +221,8 @@ ABRT-apdu/_untag/user-information abrt_user_information
gp_tcapsrt_info->dst_tid=0;
break;
}
- p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
+ if (p_tcap_private)
+ p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "dtid(");
diff --git a/epan/dissectors/packet-tcap.c b/epan/dissectors/packet-tcap.c
index 2c1fe4a..fb8d2e7 100644
--- a/epan/dissectors/packet-tcap.c
+++ b/epan/dissectors/packet-tcap.c
@@ -743,7 +743,7 @@ dissect_tcap_OCTET_STRING_SIZE_1_4(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_tcap_OrigTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 134 "./asn1/tcap/tcap.cnf"
+#line 140 "./asn1/tcap/tcap.cnf"
tvbuff_t *parameter_tvb;
guint8 len, i;
proto_tree *subtree;
@@ -781,7 +781,8 @@ dissect_tcap_OrigTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
gp_tcapsrt_info->src_tid=0;
break;
}
- p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
+ if (p_tcap_private)
+ p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "otid(");
@@ -807,7 +808,7 @@ static const ber_sequence_t Begin_sequence[] = {
static int
dissect_tcap_Begin(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 228 "./asn1/tcap/tcap.cnf"
+#line 236 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_BEGIN;
/* Do not change col_add_str() to col_append_str() here: we _want_ this call
@@ -829,7 +830,7 @@ gp_tcapsrt_info->ope=TC_BEGIN;
static int
dissect_tcap_DestTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 182 "./asn1/tcap/tcap.cnf"
+#line 189 "./asn1/tcap/tcap.cnf"
tvbuff_t *parameter_tvb;
guint8 len , i;
proto_tree *subtree;
@@ -867,7 +868,8 @@ dissect_tcap_DestTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
gp_tcapsrt_info->dst_tid=0;
break;
}
- p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
+ if (p_tcap_private)
+ p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "dtid(");
@@ -892,7 +894,7 @@ static const ber_sequence_t End_sequence[] = {
static int
dissect_tcap_End(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 242 "./asn1/tcap/tcap.cnf"
+#line 250 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_END;
col_set_str(actx->pinfo->cinfo, COL_INFO, "End ");
@@ -914,7 +916,7 @@ static const ber_sequence_t Continue_sequence[] = {
static int
dissect_tcap_Continue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 249 "./asn1/tcap/tcap.cnf"
+#line 257 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_CONT;
col_set_str(actx->pinfo->cinfo, COL_INFO, "Continue ");
@@ -985,7 +987,7 @@ static const ber_sequence_t Abort_sequence[] = {
static int
dissect_tcap_Abort(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 256 "./asn1/tcap/tcap.cnf"
+#line 264 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_ABORT;
col_set_str(actx->pinfo->cinfo, COL_INFO, "Abort ");
@@ -1038,8 +1040,10 @@ dissect_tcap_AUDT_application_context_name(gboolean implicit_tag _U_, tvbuff_t *
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid);
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
return offset;
@@ -1132,12 +1136,14 @@ dissect_tcap_AARQ_protocol_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_tcap_AARQ_application_context_name(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 122 "./asn1/tcap/tcap.cnf"
+#line 124 "./asn1/tcap/tcap.cnf"
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid);
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
return offset;
@@ -1201,12 +1207,14 @@ dissect_tcap_AARE_protocol_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_tcap_AARE_application_context_name(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 128 "./asn1/tcap/tcap.cnf"
+#line 132 "./asn1/tcap/tcap.cnf"
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid);
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
return offset;
--
1.7.12.4

48
wireshark-CVE-2019-9209.patch Normal file
View File

@ -0,0 +1,48 @@
From 3cd5ac36e20d56a43e002b926aec3b99488c85a1 Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Sat, 26 Jan 2019 17:10:53 +0100
Subject: [PATCH] BER: don't use invalid time offsets.
4 digits values could overflow the destination buffer. Skip them
since they're invalid and can only from tainted data.
Bug: 15447
Change-Id: Ice6d4f144597499483160ecaa63702025ab86f61
Reviewed-on: https://code.wireshark.org/review/31751
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
---
epan/dissectors/packet-ber.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c
index 93291d2..925d4c1 100644
--- a/epan/dissectors/packet-ber.c
+++ b/epan/dissectors/packet-ber.c
@@ -3658,7 +3658,7 @@ dissect_ber_GeneralizedTime(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree
first_delim[0] = 0;
second_delim[0] = 0;
- ret = sscanf( tmpstr, "%14d%1[.,+-Z]%4d%1[+-Z]%4d", &tmp_int, first_delim, &first_digits, second_delim, &second_digits);
+ ret = sscanf(tmpstr, "%14d%1[.,+-Z]%4d%1[+-Z]%4d", &tmp_int, first_delim, &first_digits, second_delim, &second_digits);
/* tmp_int does not contain valid value because of overflow but we use it just for format checking */
if (ret < 1) {
/* Nothing matched */
@@ -3684,9 +3684,11 @@ dissect_ber_GeneralizedTime(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree
/*
* Fraction of a minute or an hour.
*/
- if (ret == 2) {
+ if (ret == 2 || first_digits < 0 || first_digits > 999) {
/*
- * We saw the decimal sign, but didn't see the fraction.
+ * We saw the decimal sign, but didn't see the fraction
+ * or
+ * we got a number outside the valid range.
*/
goto invalid;
}
--
1.7.12.4

147
wireshark.spec Normal file
View File

@ -0,0 +1,147 @@
Name: wireshark
Version: 2.6.2
Release: 3
Epoch: 1
Summary: Network traffic analyzer
License: GPL+
URL: http://www.wireshark.org/
Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz
Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt
Source2: 90-wireshark-usbmon.rules
Patch0001: wireshark-0002-Customize-permission-denied-error.patch
Patch0002: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
Patch0003: wireshark-0004-Restore-Fedora-specific-groups.patch
Patch0004: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
Patch0005: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch0006: wireshark-0007-cmakelists.patch
Patch6000: wireshark-CVE-2018-16057.patch
Patch6001: wireshark-CVE-2018-16058.patch
Patch6002: wireshark-CVE-2018-18225.patch
Patch6003: wireshark-CVE-2018-18226.patch
Patch6004: wireshark-CVE-2018-18227.patch
Patch6005: wireshark-CVE-2018-19622.patch
Patch6006: Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch
Patch6007: wireshark-CVE-2018-19623.patch
Patch6008: wireshark-CVE-2018-19624.patch
Patch6009: wireshark-CVE-2018-19625.patch
Patch6010: wireshark-CVE-2018-19626.patch
Patch6011: wireshark-CVE-2018-19627.patch
Patch6012: wireshark-CVE-2018-19628.patch
Patch6013: wireshark-CVE-2019-9208.patch
Patch6014: wireshark-CVE-2019-9209.patch
Patch6015: wireshark-CVE-2019-5718.patch
Requires(pre): shadow-utils
Requires(post): systemd-udev
Requires: %{name}-cli = %{epoch}:%{version}-%{release} xdg-utils hicolor-icon-theme
BuildRequires: bzip2-devel c-ares-devel elfutils-devel gcc-c++ glib2-devel gnutls-devel gtk3-devel krb5-devel libcap-devel
BuildRequires: libgcrypt-devel libnl3-devel libpcap-devel >= 0.9 libselinux-devel libsmi-devel openssl-devel desktop-file-utils
BuildRequires: xdg-utils bison flex pcre-devel perl(Pod::Html) perl(Pod::Man) libssh-devel qt5-linguist qt5-qtbase-devel
BuildRequires: qt5-qtmultimedia-devel qt5-qtsvg-devel zlib-devel git cmake
Provides: %{name}-cli = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-cli < %{epoch}:%{version}-%{release} wireshark-qt wireshark-gtk
%description
Wireshark is an open source tool for profiling network traffic and analyzing
packets. Such a tool is often referred to as a network analyzer, network
protocol analyzer or sniffer.
Wireshark, formerly known as Ethereal, can be used to examine the details of
traffic at a variety of levels ranging from connection-level information to
the bits that make up a single packet. Packet capture can provide a network
administrator with information about individual packets such as transmit time,
source, destination, protocol type and header data. This information can be
useful for evaluating security events and troubleshooting network security
device issues.
%package devel
Summary: Development headers and libraries for wireshark
Requires: %{name} = %{epoch}:%{version}-%{release} glibc-devel glib2-devel
%description devel
The wireshark-devel package includes header files and libraries necessary
for the wireshark library.
%package help
Summary: This package contains help documents
Requires: %{name} = %{epoch}:%{version}-%{release}
%description help
Files for help with wireshark.
%prep
%autosetup -n %{name}-%{version} -S git -p1
%build
%cmake -G "Unix Makefiles" -DDISABLE_WERROR=ON -DBUILD_wireshark=ON -DENABLE_QT5=ON -DENABLE_LUA=OFF \
-DBUILD_mmdbresolve=OFF -DBUILD_randpktdump=OFF -DBUILD_androiddump=OFF -DENABLE_SMI=ON -DENABLE_PORTAUDIO=OFF \
-DENABLE_PLUGINS=ON -DENABLE_NETLINK=ON -DBUILD_dcerpcidl2wrs=OFF
%make_build
%install
%make_install
desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop
install -d -m 0755 %{buildroot}%{_includedir}/wireshark
IDIR="%{buildroot}%{_includedir}/wireshark"
install -d "${IDIR}/epan/crypt" "${IDIR}/epan/ftypes" "${IDIR}/epan/dfilter" "${IDIR}/epan/dissectors"
install -d "${IDIR}/epan/wmem" "${IDIR}/wiretap" "${IDIR}/wsutil"
install -d %{buildroot}%{_udevrulesdir}
install -m 644 config.h epan/register.h cfile.h file.h ws_symbol_export.h ws_diag_control.h "${IDIR}/"
install -m 644 epan/*.h "${IDIR}/epan/"
install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt"
install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes"
install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter"
install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors"
install -m 644 epan/wmem/*.h "${IDIR}/epan/wmem"
install -m 644 wiretap/*.h "${IDIR}/wiretap"
install -m 644 wsutil/*.h "${IDIR}/wsutil"
install -m 644 %{SOURCE2} %{buildroot}%{_udevrulesdir}
touch %{buildroot}%{_bindir}/%{name}
%delete_la
%pre
getent group wireshark >/dev/null || groupadd -r wireshark
getent group usbmon >/dev/null || groupadd -r usbmon
%post
/sbin/ldconfig
/usr/bin/udevadm trigger --subsystem-match=usbmon
%postun
/sbin/ldconfig
%files
%{_datadir}/appdata/%{name}.appdata.xml
%{_datadir}/applications/wireshark.desktop
%{_datadir}/icons/hicolor/*/apps/*
%{_datadir}/icons/hicolor/*/mimetypes/*
%{_datadir}/mime/packages/wireshark.xml
%doc COPYING
%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap
%{_bindir}/*
%{_udevrulesdir}/90-wireshark-usbmon.rules
%{_libdir}/lib*.so.*
%{_libdir}/wireshark/extcap/*
%{_libdir}/wireshark/*.cmake
%{_libdir}/wireshark/plugins/2.6/epan/*.so
%{_libdir}/wireshark/plugins/2.6/wiretap/*.so
%{_libdir}/wireshark/plugins/2.6/codecs/*.so
%{_datadir}/wireshark/*
%files devel
%{_includedir}/wireshark
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/%{name}.pc
%files help
%doc AUTHORS INSTALL NEWS README* doc/README.* ChangeLog
%{_mandir}/man?/*
%changelog
* Mon Nov 25 2019 gulining<gulining1@huawei.com> - 2.6.2-3
- revise obsoletes
* Tue Nov 13 2019 gulining<gulining1@huawei.com> - 2.6.2-2
- Pakcage init