packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 3.6.3

Browse Source
This commit is contained in:
wk333 2022-04-19 17:48:10 +08:00
parent 5bf785c8f8
commit e59924bf5e
65 changed files with 333 additions and 5760 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
90-wireshark-usbmon.rules Normal file
View File

@ -0,0 +1 @@
SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="640"

103
CVE-2018-16056.patch
View File

@ -1,103 +0,0 @@
From 10db757c350b5427eb668ad8a20607a9ea28c099 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Sun, 22 Jul 2018 10:18:19 -0700
Subject: [PATCH] Don't assume a given btgatt.uuid0xXXXX dissector exists.
They're not guaranteed to have been registered.
Bug: 14994
Change-Id: I11c2b2d4d8a7dd020a0ef3d700b29b0859bc68ca
Reviewed-on: https://code.wireshark.org/review/28805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit f98fbce64cb230e94a2cafc410a3cedad657b485)
Reviewed-on: https://code.wireshark.org/review/28806
---
epan/dissectors/packet-btatt.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/epan/dissectors/packet-btatt.c b/epan/dissectors/packet-btatt.c
index 803ed14f92..10375c0046 100644
--- a/epan/dissectors/packet-btatt.c
+++ b/epan/dissectors/packet-btatt.c
@@ -4205,6 +4205,19 @@ dissect_handle(proto_tree *tree, packet_info *pinfo, gint hf,
static gint
btatt_dissect_attribute_handle(guint16 handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, btatt_data_t *att_data);
+static int
+btatt_call_dissector_by_dissector_name_with_data(const char *dissector_name,
+ tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
+{
+ dissector_handle_t handle;
+
+ handle = find_dissector(dissector_name);
+ if (handle != NULL)
+ return call_dissector_with_data(handle, tvb, pinfo, tree, data);
+ else
+ return call_data_dissector(tvb, pinfo, tree);
+}
+
static gint
dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *pinfo, tvbuff_t *old_tvb,
gint old_offset, gint length, guint16 handle, bluetooth_uuid_t uuid, btatt_data_t *att_data)
@@ -4728,7 +4741,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
proto_tree_add_item(tree, hf_btatt_value_trigger_setting_analog, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
} else if (value == 4) {
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a56"), tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a56", tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
offset += 1;
} else if (value == 5 || value == 6) {
proto_tree_add_item(tree, hf_btatt_value_trigger_setting_analog_one, tvb, offset, 2, ENC_LITTLE_ENDIAN);
@@ -6443,10 +6456,10 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
if (bluetooth_gatt_has_no_parameter(att_data->opcode))
break;
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a56"), tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a56", tvb_new_subset_length_caplen(tvb, offset, 1, 1), pinfo, tree, att_data);
offset += 1;
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a58"), tvb_new_subset_length_caplen(tvb, offset, 2, 2), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a58", tvb_new_subset_length_caplen(tvb, offset, 2, 2), pinfo, tree, att_data);
offset += 2;
break;
@@ -6543,7 +6556,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
sub_item = proto_tree_add_item(tree, hf_btatt_plx_spot_check_measurement_timestamp, tvb, offset, 7, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_btatt_value);
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
offset += 7;
}
@@ -9116,7 +9129,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
sub_item = proto_tree_add_item(tree, hf_btatt_ots_object_first_created, tvb, offset, 7, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_btatt_value);
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
offset += 7;
break;
@@ -9135,7 +9148,7 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
sub_item = proto_tree_add_item(tree, hf_btatt_ots_object_last_modified, tvb, offset, 7, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_btatt_value);
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, sub_tree, att_data);
offset += 7;
break;
@@ -9342,10 +9355,10 @@ dissect_attribute_value(proto_tree *tree, proto_item *patron_item, packet_info *
break;
case 0x06: /* Created Between */
case 0x07: /* Modified Between */
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
offset += 7;
- call_dissector_with_data(find_dissector("btgatt.uuid0x2a08"), tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
+ btatt_call_dissector_by_dissector_name_with_data("btgatt.uuid0x2a08", tvb_new_subset_length_caplen(tvb, offset, 7, 7), pinfo, tree, att_data);
offset += 7;
break;

46
CVE-2019-10894.patch
View File

@ -1,46 +0,0 @@
diff -Nurp wireshark-2.6.2/epan/dissectors/packet-gssapi.c wireshark-2.6.2-bak/epan/dissectors/packet-gssapi.c
--- wireshark-2.6.2/epan/dissectors/packet-gssapi.c 2018-07-18 15:39:22.000000000 -0400
+++ wireshark-2.6.2-bak/epan/dissectors/packet-gssapi.c 2019-08-14 18:44:52.909000000 -0400
@@ -370,16 +370,34 @@ dissect_gssapi_work(tvbuff_t *tvb, packe
} else {
tvbuff_t *oid_tvb_local;
- oid_tvb_local = tvb_new_subset_remaining(gss_tvb, start_offset);
- if (is_verifier)
+ if (is_verifier) {
handle = oidvalue->wrap_handle;
- else
+ if (handle != NULL) {
+ oid_tvb_local = tvb_new_subset_remaining(gss_tvb, start_offset);
+ len = call_dissector_with_data(handle, oid_tvb_local, pinfo, subtree, encrypt_info);
+ if (len == 0)
+ return_offset = tvb_captured_length(gss_tvb);
+ else
+ return_offset = start_offset + len;
+ } else {
+ proto_tree_add_item(subtree, hf_gssapi_auth_verifier, gss_tvb, offset, -1, ENC_NA);
+ return_offset = tvb_captured_length(gss_tvb);
+ }
+ } else {
handle = oidvalue->handle;
- len = call_dissector_with_data(handle, oid_tvb_local, pinfo, subtree, encrypt_info);
- if (len == 0)
- return_offset = tvb_captured_length(gss_tvb);
- else
- return_offset = start_offset + len;
+ if (handle != NULL) {
+ oid_tvb_local = tvb_new_subset_remaining(gss_tvb, start_offset);
+ len = call_dissector_with_data(handle, oid_tvb_local, pinfo, subtree, encrypt_info);
+ if (len == 0)
+ return_offset = tvb_captured_length(gss_tvb);
+ else
+ return_offset = start_offset + len;
+ } else {
+ proto_tree_add_item(subtree, hf_gssapi_auth_credentials, gss_tvb, offset, -1, ENC_NA);
+ return_offset = tvb_captured_length(gss_tvb);
+ }
+ }
+
goto done; /* We are finished here */
}
}

67
CVE-2019-10895.patch
View File

@ -1,67 +0,0 @@
From 2fbbde780e5d5d82e31dca656217daf278cf62bb Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Tue, 5 Mar 2019 17:25:24 +0100
Subject: [PATCH] netscaler: add more sanity checks.
Fix more crashes found in the provided bug report.
Bug: 15497
Change-Id: If84498fa879ad56c8677f8c1442a8dc0e5906003
Reviewed-on: https://code.wireshark.org/review/32333
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 134a513dd59315d67866f238459fdee6347f1055)
Reviewed-on: https://code.wireshark.org/review/32422
(cherry picked from commit fc8367a50516e832be960a9001ccdb09ced9b27f)
Reviewed-on: https://code.wireshark.org/review/32430
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
wiretap/netscaler.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
index c88c082..fc350e2 100644
--- a/wiretap/netscaler.c
+++ b/wiretap/netscaler.c
@@ -653,6 +653,20 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const struct wtap_pkthdr *phdr,
#define GET_READ_PAGE_SIZE(remaining_file_size) ((gint32)((remaining_file_size>NSPR_PAGESIZE)?NSPR_PAGESIZE:remaining_file_size))
#define GET_READ_PAGE_SIZEV3(remaining_file_size) ((gint32)((remaining_file_size>NSPR_PAGESIZE_TRACE)?NSPR_PAGESIZE_TRACE:remaining_file_size))
+/*
+ * Check whether we have enough room to retrieve the data in the caller.
+ * If not, we have a malformed file.
+ */
+static gboolean nstrace_ensure_buflen(nstrace_t* nstrace, guint offset, guint len, int *err, gchar** err_info)
+{
+ if (offset > nstrace->nstrace_buflen || nstrace->nstrace_buflen - offset < len) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup("nstrace: malformed file");
+ return FALSE;
+ }
+ return TRUE;
+}
+
static guint64 ns_hrtime2nsec(guint32 tm)
{
guint32 val = tm & NSPR_HRTIME_MASKTM;
@@ -940,6 +940,8 @@ nspm_signature_version(wtap *wth, gchar *nstrace_buf, gint32 len)
switch (nspr_getv##ver##recordtype(fp))\
{\
case NSPR_ABSTIME_V##ver:\
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_abstime_v##ver##_t), err, err_info))\
+ return FALSE;\
ns_setabstime(nstrace, pletoh32(&((nspr_abstime_v##ver##_t *) fp)->abs_Time), pletoh16(&((nspr_abstime_v##ver##_t *) fp)->abs_RelTime));\
nstrace->nstrace_buf_offset = nstrace_buf_offset + nspr_getv##ver##recordsize(fp);\
nstrace->nstrace_buflen = nstrace_buflen;\
@@ -1330,6 +1332,8 @@ static gboolean nstrace_read_v20(wtap *wth, int *err, gchar **err_info, gint64 *
case NSPR_RELTIME_V20:
{
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_hd_v20_t), err, err_info))
+ return FALSE;
nspr_pktracefull_v20_t *fp20 = (nspr_pktracefull_v20_t *) &nstrace_buf[nstrace_buf_offset];
if (nspr_getv20recordsize((nspr_hd_v20_t *)fp20) == 0) {
*err = WTAP_ERR_BAD_FILE;
--
2.7.4

44
CVE-2019-10896.patch
View File

@ -1,44 +0,0 @@
From 651cd91b16b01e3da698b04542da376d946bc54b Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Wed, 3 Apr 2019 09:41:36 -0700
Subject: [PATCH] DOF: Fix alias binding dissection.
When adding generated IID and OID bytes to the tree, use a zero offset
and length like we do elsewhere in the dissector.
Bug: 15617
Change-Id: Id900f2aeeef7926706b417622d452ffa72949e8a
(cherry picked from commit ecf03bb37b3345e684890f7eee031cb17a247939)
Reviewed-on: https://code.wireshark.org/review/32723
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/dissectors/packet-dof.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-dof.c b/epan/dissectors/packet-dof.c
index 2663eed..9770deb 100644
--- a/epan/dissectors/packet-dof.c
+++ b/epan/dissectors/packet-dof.c
@@ -1379,16 +1379,17 @@ static int oap_1_tree_add_alias(dof_api_data *api_data, oap_1_packet_data *oap_p
key.sender = packet->sender_id;
key.alias = alias;
binding = oap_1_resolve_alias(&key);
+
if (binding)
{
options_tree = proto_item_add_subtree(ti, ett_oap_1_alias);
/* Decode the Interface */
- ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_interfaceid, tvb, offset, alias_length, binding->iid, "%s", dof_iid_create_standard_string(binding->iid_length, binding->iid));
+ ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_interfaceid, tvb, 0, 0, binding->iid, "%s", dof_iid_create_standard_string(binding->iid_length, binding->iid));
PROTO_ITEM_SET_GENERATED(ti);
/* Decode the Object ID */
- ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_objectid, tvb, offset, alias_length, binding->oid, "%s", dof_oid_create_standard_string(binding->oid_length, binding->oid));
+ ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_objectid, tvb, 0, 0, binding->oid, "%s", dof_oid_create_standard_string(binding->oid_length, binding->oid));
PROTO_ITEM_SET_GENERATED(ti);
proto_tree_add_uint_format(options_tree, hf_oap_1_alias_frame,
--
2.7.4

39
CVE-2019-10899.patch
View File

@ -1,39 +0,0 @@
From f43ac1291b80bbccdd1ef3e6118f72e08dc8beac Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Fri, 1 Mar 2019 11:18:53 +0100
Subject: [PATCH] srvloc: check buffer index to prevent heap overflow.
Bug: 15546
Change-Id: I35eee1f6e1127db74339ec7218d7681bd93de59c
Reviewed-on: https://code.wireshark.org/review/32285
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 8f15ebed65ceea5c856fce055b5d83fb0c4b597b)
Reviewed-on: https://code.wireshark.org/review/32340
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
---
epan/dissectors/packet-srvloc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/epan/dissectors/packet-srvloc.c b/epan/dissectors/packet-srvloc.c
index 629ca78..d0ecf88 100644
--- a/epan/dissectors/packet-srvloc.c
+++ b/epan/dissectors/packet-srvloc.c
@@ -444,9 +444,13 @@ unicode_to_bytes(tvbuff_t *tvb, int offset, int length, gboolean endianness)
for (i = length; i > 0; i--) {
c_char = ascii_text[i];
if (c_char != 0) {
+ if (i == 0)
+ break;
i--;
c_char1 = ascii_text[i];
if (c_char1 == 0) {
+ if (i == 0)
+ break;
i--;
c_char1 = ascii_text[i];
}
--
2.7.4

90
CVE-2019-10901.patch
View File

@ -1,90 +0,0 @@
From 6c3467945cd9bf1242a2dcd4a8fbff32b885391e Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Wed, 3 Apr 2019 09:10:38 +0200
Subject: [PATCH] ldss: add checks on file digest.
Bug: 15620
Change-Id: I600c262f42414dd50c0cf4c1230acfb2a8042212
Reviewed-on: https://code.wireshark.org/review/32520
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/dissectors/packet-ldss.c | 19 +++----------------
1 file changed, 3 insertions(+), 16 deletions(-)
diff --git a/epan/dissectors/packet-ldss.c b/epan/dissectors/packet-ldss.c
index 861fccd..68e6e54 100644
--- a/epan/dissectors/packet-ldss.c
+++ b/epan/dissectors/packet-ldss.c
@@ -466,13 +466,10 @@ dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
* Compression: 0
* (remote end sends the file identified by the digest) */
guint offset = 0;
- gboolean already_dissected = TRUE;
col_set_str(pinfo->cinfo, COL_INFO, "LDSS File Transfer (Requesting file - pull)");
if (transfer_info->req == NULL) {
-
- already_dissected = FALSE;
transfer_info->req = wmem_new0(wmem_file_scope(), ldss_file_request_t);
transfer_info->req->file = wmem_new0(wmem_file_scope(), ldss_file_t);
}
@@ -490,8 +487,7 @@ dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
gint next_offset;
const guint8 *line;
int linelen;
- gboolean is_digest_line;
- guint digest_type_len;
+ guint digest_type_len = 0;
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
@@ -502,28 +498,19 @@ dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
ett_ldss_transfer_req, NULL,
tvb_format_text(tvb, offset, next_offset-offset));
- /* Reduce code duplication processing digest lines.
- * There are too many locals to pass to a function - the signature
- * looked pretty ugly when I tried! */
- is_digest_line = FALSE;
-
if (strncmp(line,"md5:",4)==0) {
- is_digest_line = TRUE;
digest_type_len = 4;
transfer_info->file->digest_type = DIGEST_TYPE_MD5;
}
else if (strncmp(line, "sha1:", 5)==0) {
- is_digest_line = TRUE;
digest_type_len = 5;
transfer_info->file->digest_type = DIGEST_TYPE_SHA1;
}
else if (strncmp(line, "sha256:", 7)==0) {
- is_digest_line = TRUE;
digest_type_len = 7;
transfer_info->file->digest_type = DIGEST_TYPE_SHA256;
}
else if (strncmp(line, "unknown:", 8)==0) {
- is_digest_line = TRUE;
digest_type_len = 8;
transfer_info->file->digest_type = DIGEST_TYPE_UNKNOWN;
}
@@ -555,12 +542,12 @@ dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
proto_tree_add_expert(line_tree, pinfo, &ei_ldss_unrecognized_line, tvb, offset, linelen);
}
- if (is_digest_line) {
+ if (digest_type_len > 0) {
proto_item *tii = NULL;
/* Sample digest-type/digest line:
* md5:0123456789ABCDEF\n */
- if (!already_dissected) {
+ if (!transfer_info->file->digest) {
GByteArray *digest_bytes;
digest_bytes = g_byte_array_new();
--
2.7.4

56
CVE-2019-10903.patch
View File

@ -1,56 +0,0 @@
From 5aba3ed0cdebc1ec960261e3e9eda87c8408259f Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Sun, 17 Mar 2019 00:47:02 +0100
Subject: [PATCH] dcerpc: ensure the length in the packet doesn't overcome the
boundaries.
The spoolss dissector creates a new source using the length from the packet
data. If it overcomes the ends of the packet we hit a crash. In this case
add an expert info and stop the dissection
Bug: 15568
Change-Id: Idfb0b54c1f41842170d3d03c80897a3b7edc9400
Reviewed-on: https://code.wireshark.org/review/32449
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-dcerpc-spoolss.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c
index 2bf8cc8..46b3d34 100644
--- a/epan/dissectors/packet-dcerpc-spoolss.c
+++ b/epan/dissectors/packet-dcerpc-spoolss.c
@@ -315,6 +315,7 @@ static expert_field ei_driver_info_level = EI_INIT;
static expert_field ei_level = EI_INIT;
static expert_field ei_notify_info_data_type = EI_INIT;
static expert_field ei_enumprinterdataex_value = EI_INIT;
+static expert_field ei_buffer_size_too_long = EI_INIT;
/* Registry data types */
@@ -441,6 +442,13 @@ dissect_spoolss_buffer_data(tvbuff_t *tvb, int offset, packet_info *pinfo,
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_buffer_size, &size);
+ /* Before going any further, we must ensure the bytes
+ actually esist in the tvb */
+ if ((guint32)tvb_reported_length_remaining(tvb, offset) < size) {
+ expert_add_info(pinfo, tree, &ei_buffer_size_too_long);
+ return offset;
+ }
+
offset = dissect_ndr_uint8s(tvb, offset, pinfo, NULL, di, drep,
hf_buffer_data, size, &data);
@@ -8315,6 +8323,7 @@ proto_register_dcerpc_spoolss(void)
{ &ei_level, { "spoolss.level.unknown", PI_PROTOCOL, PI_WARN, "Info level unknown", EXPFILL }},
{ &ei_notify_info_data_type, { "spoolss.notify_info_data.type.unknown", PI_PROTOCOL, PI_WARN, "Unknown notify type", EXPFILL }},
{ &ei_enumprinterdataex_value, { "spoolss.enumprinterdataex.val_unknown", PI_PROTOCOL, PI_WARN, "Unknown value type", EXPFILL }},
+ { &ei_buffer_size_too_long, { "spoolss.buffer.size.invalid", PI_PROTOCOL, PI_ERROR, "Buffer size too long", EXPFILL }},
};
expert_module_t* expert_dcerpc_spoolss;
--
2.7.4

54
CVE-2019-12295.patch
View File

@ -1,54 +0,0 @@
From be9bdfda02a2498c6f65122d80e3a8b4235dc7f5 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 21 May 2019 10:41:41 -0700
Subject: [PATCH] Add dissection recursion checks.
Enforce a maximum layer limit in call_dissector_work and
dissector_try_heuristic.
Bug: 15778
Change-Id: I691868e980384b76a64f88de4db5bb7340a7c4aa
Reviewed-on: https://code.wireshark.org/review/33301
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/packet.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/epan/packet.c b/epan/packet.c
index 62b102da33e..f44809a27e8 100644
--- a/epan/packet.c
+++ b/epan/packet.c
@@ -729,6 +729,13 @@ static int
call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
packet_info *pinfo_arg, proto_tree *tree, void *);
+/*
+ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
+ * 100 elsewhere in the code. We should arguably use the same value here,
+ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
+ */
+#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
+
static int
call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
proto_tree *tree, gboolean add_proto_name, void *data)
@@ -751,6 +758,7 @@ call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo
saved_proto = pinfo->current_proto;
saved_can_desegment = pinfo->can_desegment;
saved_layers_len = wmem_list_count(pinfo->layers);
+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
/*
* can_desegment is set to 2 by anyone which offers the
@@ -2724,6 +2732,8 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
saved_layers_len = wmem_list_count(pinfo->layers);
*heur_dtbl_entry = NULL;
+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
+
for (entry = sub_dissectors->dissectors; entry != NULL;
entry = g_slist_next(entry)) {
/* XXX - why set this now and above? */

33
CVE-2019-13619.patch
View File

@ -1,33 +0,0 @@
From 7e90aed666e809c0db5de9d1816802a7dcea28d9 Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Mon, 24 Jun 2019 23:36:15 +0200
Subject: [PATCH] asn1: don't increment a buffer beyond its end.
Bug: 15870
Change-Id: I04cbb822f0e77c8e0ac8513e3a5c13116920ca6e
Reviewed-on: https://code.wireshark.org/review/33731
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 45a3d0787f3c9f6f5fb5b53a8c29771b3f28e406)
Reviewed-on: https://code.wireshark.org/review/33736
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/asn1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/epan/asn1.c b/epan/asn1.c
index bf30529cc6..1faef845ee 100644
--- a/epan/asn1.c
+++ b/epan/asn1.c
@@ -234,6 +234,9 @@ double asn1_get_real(const guint8 *real_ptr, gint len) {
DISSECTOR_ASSERT_NOT_REACHED();
}
+ /* Ensure the buffer len and its content are coherent */
+ DISSECTOR_ASSERT(lenE < len - 1);
+
Eneg = (*p) & 0x80 ? TRUE : FALSE;
for (i = 0; i < lenE; i++) {
if(Eneg) {

33
CVE-2019-16319.patch
View File

@ -1,33 +0,0 @@
From 627917faff4889f763bf8e6570f62d66656047bd Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Wed, 28 Aug 2019 22:27:58 -0400
Subject: [PATCH] Gryphon: Prevent endless loop
Bug: 16020
Change-Id: I59c24d3bdb3f3a85f6e498683594ee12db9642a8
Reviewed-on: https://code.wireshark.org/review/34392
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
plugins/epan/gryphon/packet-gryphon.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/plugins/epan/gryphon/packet-gryphon.c b/plugins/epan/gryphon/packet-gryphon.c
index 82d14eaca4..334c47611a 100644
--- a/plugins/epan/gryphon/packet-gryphon.c
+++ b/plugins/epan/gryphon/packet-gryphon.c
@@ -1193,7 +1193,11 @@ dissect_gryphon_message_with_offset(tvbuff_t *tvb, int offset, packet_info *pinf
* Unknown message type.
*/
proto_tree_add_item(gryphon_tree, hf_gryphon_data, tvb, offset, msglen, ENC_NA);
- offset += msglen;
+ if (msglen != 0) {
+ offset += msglen;
+ } else {
+ offset = tvb_reported_length_remaining(tvb, offset);
+ }
return offset;
}

197
CVE-2019-19553.patch
View File

@ -1,197 +0,0 @@
From 34d2e0d5318d0a7e9889498c721639e5cbf4ce45 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal@wireshark.org>
Date: Mon, 4 Nov 2019 15:08:22 +0100
Subject: [PATCH] CMS: reset object_identifier_id after dissecting ContentInfo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bug: 15961
Change-Id: I3d6b3e96103b69f88fcb512da81fa20ff6a1c40e
Reviewed-on: https://code.wireshark.org/review/34960
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
(cherry picked from commit 23850a3342d64b9c9808f14c20bfea6d22b7dc08)
Conflicts:
epan/dissectors/packet-cms.c
Reviewed-on: https://code.wireshark.org/review/34975
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
---
epan/dissectors/asn1/cms/cms.cnf | 1 +
.../dissectors/asn1/cms/packet-cms-template.c | 2 +-
epan/dissectors/packet-cms.c | 31 ++++++++++---------
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/epan/dissectors/asn1/cms/cms.cnf b/epan/dissectors/asn1/cms/cms.cnf
index 06ff8d239f..4384fd0ae7 100644
--- a/epan/dissectors/asn1/cms/cms.cnf
+++ b/epan/dissectors/asn1/cms/cms.cnf
@@ -97,6 +97,7 @@ FirmwarePackageLoadError/version fwErrorVersion
top_tree = tree;
%(DEFAULT_BODY)s
content_tvb = NULL;
+ object_identifier_id = NULL;
top_tree = NULL;
#.FN_PARS ContentType
diff --git a/epan/dissectors/asn1/cms/packet-cms-template.c b/epan/dissectors/asn1/cms/packet-cms-template.c
index b03c96421b..199353cd85 100644
--- a/epan/dissectors/asn1/cms/packet-cms-template.c
+++ b/epan/dissectors/asn1/cms/packet-cms-template.c
@@ -43,7 +43,7 @@ static int hf_cms_ci_contentType = -1;
static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2wrs stops generating these silly wrappers */
-static const char *object_identifier_id;
+static const char *object_identifier_id = NULL;
static tvbuff_t *content_tvb = NULL;
static proto_tree *top_tree=NULL;
diff --git a/epan/dissectors/packet-cms.c b/epan/dissectors/packet-cms.c
index c62c92be44..592af2dad0 100644
--- a/epan/dissectors/packet-cms.c
+++ b/epan/dissectors/packet-cms.c
@@ -309,7 +309,7 @@ static gint ett_cms_FirmwarePackageMessageDigest = -1;
static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2wrs stops generating these silly wrappers */
-static const char *object_identifier_id;
+static const char *object_identifier_id = NULL;
static tvbuff_t *content_tvb = NULL;
static proto_tree *top_tree=NULL;
@@ -371,7 +371,7 @@ cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, const char *alg, tvbuff
int
dissect_cms_ContentType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 106 "./asn1/cms/cms.cnf"
+#line 107 "./asn1/cms/cms.cnf"
const char *name = NULL;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &object_identifier_id);
@@ -391,7 +391,7 @@ dissect_cms_ContentType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_cms_T_content(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 116 "./asn1/cms/cms.cnf"
+#line 117 "./asn1/cms/cms.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
@@ -415,6 +415,7 @@ dissect_cms_ContentInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
ContentInfo_sequence, hf_index, ett_cms_ContentInfo);
content_tvb = NULL;
+ object_identifier_id = NULL;
top_tree = NULL;
@@ -468,7 +469,7 @@ dissect_cms_DigestAlgorithmIdentifiers(gboolean implicit_tag _U_, tvbuff_t *tvb
static int
dissect_cms_T_eContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 120 "./asn1/cms/cms.cnf"
+#line 121 "./asn1/cms/cms.cnf"
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &content_tvb);
@@ -502,7 +503,7 @@ dissect_cms_EncapsulatedContentInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
static int
dissect_cms_T_attrType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 150 "./asn1/cms/cms.cnf"
+#line 151 "./asn1/cms/cms.cnf"
const char *name = NULL;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_cms_attrType, &object_identifier_id);
@@ -522,7 +523,7 @@ dissect_cms_T_attrType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_cms_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 160 "./asn1/cms/cms.cnf"
+#line 161 "./asn1/cms/cms.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
@@ -784,7 +785,7 @@ dissect_cms_T_otherRevInfoFormat(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i
static int
dissect_cms_T_otherRevInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 144 "./asn1/cms/cms.cnf"
+#line 145 "./asn1/cms/cms.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
@@ -1121,7 +1122,7 @@ dissect_cms_T_keyAttrId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_cms_T_keyAttr(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 139 "./asn1/cms/cms.cnf"
+#line 140 "./asn1/cms/cms.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
@@ -1309,7 +1310,7 @@ dissect_cms_T_oriType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _
static int
dissect_cms_T_oriValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 133 "./asn1/cms/cms.cnf"
+#line 134 "./asn1/cms/cms.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
@@ -1386,14 +1387,14 @@ dissect_cms_ContentEncryptionAlgorithmIdentifier(gboolean implicit_tag _U_, tvbu
static int
dissect_cms_EncryptedContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 210 "./asn1/cms/cms.cnf"
+#line 211 "./asn1/cms/cms.cnf"
tvbuff_t *encrypted_tvb;
proto_item *item;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
&encrypted_tvb);
-#line 215 "./asn1/cms/cms.cnf"
+#line 216 "./asn1/cms/cms.cnf"
item = actx->created_item;
@@ -1551,7 +1552,7 @@ dissect_cms_AuthenticatedData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_cms_MessageDigest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 164 "./asn1/cms/cms.cnf"
+#line 165 "./asn1/cms/cms.cnf"
proto_item *pi;
int old_offset = offset;
@@ -1626,7 +1627,7 @@ dissect_cms_Countersignature(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_cms_RC2ParameterVersion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 200 "./asn1/cms/cms.cnf"
+#line 201 "./asn1/cms/cms.cnf"
guint32 length = 0;
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
@@ -1694,7 +1695,7 @@ dissect_cms_DigestInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_cms_T_capability(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 182 "./asn1/cms/cms.cnf"
+#line 183 "./asn1/cms/cms.cnf"
const char *name = NULL;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_cms_attrType, &object_identifier_id);
@@ -1715,7 +1716,7 @@ dissect_cms_T_capability(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
static int
dissect_cms_T_parameters(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 193 "./asn1/cms/cms.cnf"
+#line 194 "./asn1/cms/cms.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);

45
CVE-2019-5716.patch
View File

@ -1,45 +0,0 @@
From 2b2eea1793dbff813896e1ae9dff1bedb39ee010 Mon Sep 17 00:00:00 2001
From: Jeff Morriss <jeff.morriss.ws@gmail.com>
Date: Wed, 2 Jan 2019 16:45:05 -0500
Subject: [PATCH] 6lowpan: don't try to use (new) TVB that wasn't created.
If the IPHC TVB wasn't created then bail out of dissection before trying
to use it.
Bug: 15217
Change-Id: I6e297590cdf86e13b0185f75f1d409888f2498d8
Reviewed-on: https://code.wireshark.org/review/31308
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit 62e81562e4e3a33dad705b1b66a3407afbde3242)
Reviewed-on: https://code.wireshark.org/review/31311
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-6lowpan.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-6lowpan.c b/epan/dissectors/packet-6lowpan.c
index 6ac3a63..7daa8e8 100644
--- a/epan/dissectors/packet-6lowpan.c
+++ b/epan/dissectors/packet-6lowpan.c
@@ -1218,6 +1218,7 @@ dissect_6lowpan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
next = dissect_6lowpan_6loRH(next, offset, lowpan_tree);
if (tvb_get_bits8(next, 0, LOWPAN_PATTERN_IPHC_BITS) == LOWPAN_PATTERN_IPHC) {
next = dissect_6lowpan_iphc(next, pinfo, lowpan_tree, -1, src_iid, dst_iid);
+ if (!next) return tvb_captured_length(tvb);
}
if (tvb_get_bits8(next, 0, LOWPAN_PATTERN_HC1_BITS) == LOWPAN_PATTERN_HC1) {
next = dissect_6lowpan_hc1(next, pinfo, lowpan_tree, -1, src_iid, dst_iid);
@@ -1816,7 +1817,7 @@ dissect_6lowpan_hc1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint dg
* siid ; Source Interface ID.
* diid ; Destination Interface ID.
* RETURNS
- * tvbuff_t * ; The remaining payload to be parsed.
+ * tvbuff_t * ; The remaining payload to be parsed or NULL on error.
*---------------------------------------------------------------
*/
static tvbuff_t *
--
2.7.4

70
CVE-2019-5717.patch
View File

@ -1,70 +0,0 @@
From bf9272a92f3df1e4ccfaad434e123222ae5313f7 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Stig=20Bj=C3=B8rlykke?= <stig@bjorlykke.org>
Date: Sun, 9 Dec 2018 21:54:18 +0100
Subject: [PATCH] p_mul: Detect Data PDU sequence number 0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Data PDU sequence number 0 is illegal, add an expert info for this.
Don't include this packet in SEQ/ACK analysis.
Bug: 15337
Change-Id: I476088531e8a3605393ee1dedf1e8b159dac342b
Reviewed-on: https://code.wireshark.org/review/30980
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 3cccd4ec5b922e79afd134db4f0c9acb10bf7202)
Reviewed-on: https://code.wireshark.org/review/30987
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
---
epan/dissectors/packet-p_mul.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-p_mul.c b/epan/dissectors/packet-p_mul.c
index 35edde7..2dd6f15 100644
--- a/epan/dissectors/packet-p_mul.c
+++ b/epan/dissectors/packet-p_mul.c
@@ -163,6 +163,7 @@ static gint ett_msg_fragments = -1;
static expert_field ei_more_data = EI_INIT;
static expert_field ei_checksum_bad = EI_INIT;
+static expert_field ei_illegal_seq_no = EI_INIT;
static expert_field ei_tot_miss_seq_no = EI_INIT;
static expert_field ei_miss_seq_no = EI_INIT;
static expert_field ei_analysis_ack_missing = EI_INIT;
@@ -368,6 +369,11 @@ static p_mul_seq_val *register_p_mul_id (packet_info *pinfo, address *addr, guin
return NULL;
}
+ if (pdu_type == Data_PDU && seq_no == 0) {
+ /* Illegal sequence number for Data PDU */
+ return NULL;
+ }
+
nstime_set_zero(&addr_time);
nstime_set_zero(&prev_time);
@@ -877,7 +883,10 @@ static int dissect_p_mul (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, v
case Data_PDU:
/* Sequence Number of PDUs */
seq_no = tvb_get_ntohs (tvb, offset);
- proto_tree_add_item (p_mul_tree, hf_seq_no, tvb, offset, 2, ENC_BIG_ENDIAN);
+ en = proto_tree_add_item (p_mul_tree, hf_seq_no, tvb, offset, 2, ENC_BIG_ENDIAN);
+ if (seq_no == 0) {
+ expert_add_info(pinfo, en, &ei_illegal_seq_no);
+ }
proto_item_append_text (ti, ", Seq no: %u", seq_no);
break;
@@ -1548,6 +1557,7 @@ void proto_register_p_mul (void)
{ &ei_miss_seq_range, { "p_mul.missing_seq_range.invalid", PI_UNDECODED, PI_WARN, "Invalid missing sequence range", EXPFILL }},
{ &ei_miss_seq_no, { "p_mul.missing_seq_no.invalid", PI_UNDECODED, PI_WARN, "Invalid missing seq number", EXPFILL }},
{ &ei_tot_miss_seq_no, { "p_mul.no_missing_seq_no.expert", PI_RESPONSE_CODE, PI_NOTE, "Missing seq numbers", EXPFILL }},
+ { &ei_illegal_seq_no, { "p_mul.seq_no.illegal", PI_PROTOCOL, PI_WARN, "Illegal seq number", EXPFILL }},
{ &ei_length, { "p_mul.length.invalid", PI_MALFORMED, PI_WARN, "Incorrect length field", EXPFILL }},
{ &ei_more_data, { "p_mul.more_data", PI_MALFORMED, PI_WARN, "More data in packet", EXPFILL }},
};
--
2.7.4

92
CVE-2019-5719.patch
View File

@ -1,92 +0,0 @@
From b5b02f2a9b8772d8814096f86c60a32889d61f2c Mon Sep 17 00:00:00 2001
From: Jaap Keuter <jaap.keuter@xs4all.nl>
Date: Mon, 24 Dec 2018 23:15:26 +0100
Subject: [PATCH] ISAKMP: Fix a crash when no decryption data block is there
Don't try to (re)set parameters in a struct when its pointer
points to NULL.
Bug: 15374
Change-Id: I953e82795990fde5fce2ad6d955781b372a9e405
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31189
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit c9cfae7fecd4bc21b8b4f48328d08e104d47dd52)
Reviewed-on: https://code.wireshark.org/review/31220
Petri-Dish: Michael Mann <mmann78@netscape.net>
---
epan/dissectors/packet-isakmp.c | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c
index 8b9ba85db5..e134ca8632 100644
--- a/epan/dissectors/packet-isakmp.c
+++ b/epan/dissectors/packet-isakmp.c
@@ -3741,8 +3741,7 @@ dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_t
/* Returns the number of bytes consumed by this attribute. */
static int
-dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr
-)
+dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr)
{
guint headerlen, value_len, attr_type;
proto_item *attr_item;
@@ -3765,22 +3764,22 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
case IKE_ATTR_ENCRYPTION_ALGORITHM:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d"));
- decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
+ if (decr) decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
break;
case IKE_ATTR_HASH_ALGORITHM:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d"));
- decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
+ if (decr) decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
break;
case IKE_ATTR_AUTHENTICATION_METHOD:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
- decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
+ if (decr) decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
break;
case IKE_ATTR_GROUP_DESCRIPTION:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
- decr->group = tvb_get_ntohs(tvb, offset);
+ if (decr) decr->group = tvb_get_ntohs(tvb, offset);
break;
case IKE_ATTR_GROUP_TYPE:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
@@ -3814,7 +3813,7 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
case IKE_ATTR_KEY_LENGTH:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
- decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
+ if (decr) decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
break;
case IKE_ATTR_FIELD_SIZE:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA);
@@ -3950,12 +3949,14 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro
offset += 2;
if (protocol_id == 1 && transform_id == 1) {
- /* Allow detection of missing IKE transform attributes:
- * Make sure their values are not carried over from another transform
- * dissected previously. */
- decr->ike_encr_alg = 0;
- decr->ike_encr_keylen = 0;
- decr->ike_hash_alg = 0;
+ if (decr) {
+ /* Allow detection of missing IKE transform attributes:
+ * Make sure their values are not carried over from another transform
+ * dissected previously. */
+ decr->ike_encr_alg = 0;
+ decr->ike_encr_keylen = 0;
+ decr->ike_hash_alg = 0;
+ }
while (offset < offset_end) {
offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr);
}

97
CVE-2020-11647.patch
View File

@ -1,97 +0,0 @@
From 6f56fc9496db158218243ea87e3660c874a0bab0 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 6 Apr 2020 10:15:31 -0700
Subject: [PATCH] BACapp: Add a nesting / recursion check.
Track our recursion depth in fAbstractSyntaxNType. It calls several
functions which in turn call it, which makes it easy to overflow the
stack.
Bug: 16474
Change-Id: Ibad29272f99449bfa13b7422692e20ba8a79e19c
Reviewed-on: https://code.wireshark.org/review/36725
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 15dc2f6bd4c9a674333cbc97260362524d5364de)
Reviewed-on: https://code.wireshark.org/review/36736
---
epan/dissectors/packet-bacapp.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/epan/dissectors/packet-bacapp.c b/epan/dissectors/packet-bacapp.c
index 133783b..308da49 100644
--- a/epan/dissectors/packet-bacapp.c
+++ b/epan/dissectors/packet-bacapp.c
@@ -19,6 +19,7 @@
#include <epan/to_str.h>
#include <epan/reassemble.h>
#include <epan/expert.h>
+#include <epan/proto_data.h>
#include <epan/stats_tree.h>
#include "packet-bacapp.h"
@@ -43,6 +44,7 @@ static int bacapp_tap = -1;
#define BACAPP_SEGMENT_NAK 0x02
#define BACAPP_SENT_BY 0x01
+#define BACAPP_MAX_RECURSION_DEPTH 100 // Arbitrary
/**
* dissect_bacapp ::= CHOICE {
@@ -5862,6 +5864,7 @@ static gint ett_bacapp_value = -1;
static expert_field ei_bacapp_bad_length = EI_INIT;
static expert_field ei_bacapp_bad_tag = EI_INIT;
static expert_field ei_bacapp_opening_tag = EI_INIT;
+static expert_field ei_bacapp_max_recursion_depth_reached = EI_INIT;
static gint32 propertyIdentifier = -1;
static gint32 propertyArrayIndex = -1;
@@ -7849,6 +7852,14 @@ fAbstractSyntaxNType(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint
} else {
g_snprintf(ar, sizeof(ar), "Abstract Type: ");
}
+
+ unsigned recursion_depth = GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_bacapp, 0));
+ if (++recursion_depth >= BACAPP_MAX_RECURSION_DEPTH) {
+ proto_tree_add_expert(tree, pinfo, &ei_bacapp_max_recursion_depth_reached, tvb, 0, 0);
+ return offset;
+ }
+ p_add_proto_data(pinfo->pool, pinfo, proto_bacapp, 0, GUINT_TO_POINTER(recursion_depth));
+
while (tvb_reported_length_remaining(tvb, offset) > 0) { /* exit loop if nothing happens inside */
lastoffset = offset;
fTagHeader(tvb, pinfo, offset, &tag_no, &tag_info, &lvt);
@@ -8502,6 +8513,9 @@ fAbstractSyntaxNType(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint
}
if (offset <= lastoffset) break; /* nothing happened, exit loop */
}
+ recursion_depth = GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_bacapp, 0));
+ recursion_depth--;
+ p_add_proto_data(pinfo->pool, pinfo, proto_bacapp, 0, GUINT_TO_POINTER(recursion_depth));
return offset;
}
@@ -13974,6 +13988,9 @@ dissect_bacapp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _
bacinfo.instance_ident = NULL;
bacinfo.object_ident = NULL;
+ /* Recursion depth */
+ p_add_proto_data(pinfo->pool, pinfo, proto_bacapp, 0, GUINT_TO_POINTER(0));
+
switch (bacapp_type) {
case BACAPP_TYPE_CONFIRMED_SERVICE_REQUEST:
/* segmented messages have 2 additional bytes */
@@ -14426,6 +14443,8 @@ proto_register_bacapp(void)
{ &ei_bacapp_bad_length, { "bacapp.bad_length", PI_MALFORMED, PI_ERROR, "Wrong length indicated", EXPFILL }},
{ &ei_bacapp_bad_tag, { "bacapp.bad_tag", PI_MALFORMED, PI_ERROR, "Wrong tag found", EXPFILL }},
{ &ei_bacapp_opening_tag, { "bacapp.bad_opening_tag", PI_MALFORMED, PI_ERROR, "Expected Opening Tag!", EXPFILL }},
+ { &ei_bacapp_max_recursion_depth_reached, { "bacapp.max_recursion_depth_reached",
+ PI_PROTOCOL, PI_WARN, "Maximum allowed recursion depth reached. Dissection stopped.", EXPFILL }}
};
expert_module_t* expert_bacapp;
--
2.23.0

115
CVE-2020-13164.patch
View File

@ -1,115 +0,0 @@
From e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 14 Apr 2020 17:10:44 -0700
Subject: [PATCH] NFS: Add filesystem cycle detection.
Detect cycles and large depths when snooping full names.
Bug: 16476
Change-Id: I4cddf3d6e6c58d1d382a3ea3b3ed09644562c352
Reviewed-on: https://code.wireshark.org/review/36847
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit fc6763989c7a7c4e4b0522b12b955e5a285d388a)
Reviewed-on: https://code.wireshark.org/review/36855
---
epan/dissectors/packet-nfs.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
index 715ee82..60aff65 100644
--- a/epan/dissectors/packet-nfs.c
+++ b/epan/dissectors/packet-nfs.c
@@ -20,6 +20,7 @@
#include <epan/prefs.h>
#include <epan/exceptions.h>
#include <epan/expert.h>
+#include <epan/proto_data.h>
#include <epan/to_str.h>
#include <epan/decode_as.h>
#include <epan/crc16-tvb.h>
@@ -899,6 +900,7 @@ static expert_field ei_nfs_not_vnx_file = EI_INIT;
static expert_field ei_protocol_violation = EI_INIT;
static expert_field ei_nfs_too_many_bitmaps = EI_INIT;
static expert_field ei_nfs4_stateid_deprecated = EI_INIT;
+static expert_field ei_nfs_file_system_cycle = EI_INIT;
static const true_false_string tfs_read_write = { "Read", "Write" };
@@ -936,6 +938,7 @@ typedef struct nfs_name_snoop {
unsigned char *parent;
int full_name_len;
char *full_name;
+ gboolean fs_cycle;
} nfs_name_snoop_t;
typedef struct nfs_name_snoop_key {
@@ -1199,9 +1202,10 @@ nfs_name_snoop_add_fh(int xid, tvbuff_t *tvb, int fh_offset, int fh_length)
g_hash_table_replace(nfs_name_snoop_matched, key, nns);
}
+#define NFS_MAX_FS_DEPTH 100
static void
-nfs_full_name_snoop(nfs_name_snoop_t *nns, int *len, char **name, char **pos)
+nfs_full_name_snoop(packet_info *pinfo, nfs_name_snoop_t *nns, int *len, char **name, char **pos)
{
nfs_name_snoop_t *parent_nns = NULL;
nfs_name_snoop_key_t key;
@@ -1230,13 +1234,22 @@ nfs_full_name_snoop(nfs_name_snoop_t *nns, int *len, char **name, char **pos)
parent_nns = (nfs_name_snoop_t *)g_hash_table_lookup(nfs_name_snoop_matched, &key);
if (parent_nns) {
- nfs_full_name_snoop(parent_nns, len, name, pos);
+ unsigned fs_depth = GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_nfs, 0));
+ if (++fs_depth >= NFS_MAX_FS_DEPTH) {
+ nns->fs_cycle = TRUE;
+ return;
+ }
+ p_add_proto_data(pinfo->pool, pinfo, proto_nfs, 0, GUINT_TO_POINTER(fs_depth));
+
+ nfs_full_name_snoop(pinfo, parent_nns, len, name, pos);
if (*name) {
/* make sure components are '/' separated */
*pos += g_snprintf(*pos, (*len+1) - (gulong)(*pos-*name), "%s%s",
((*pos)[-1] != '/')?"/":"", nns->name);
DISSECTOR_ASSERT((*pos-*name) <= *len);
}
+ fs_depth--;
+ p_add_proto_data(pinfo->pool, pinfo, proto_nfs, 0, GUINT_TO_POINTER(fs_depth));
return;
}
@@ -1278,7 +1291,7 @@ nfs_name_snoop_fh(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int fh_of
char *name = NULL, *pos = NULL;
int len = 0;
- nfs_full_name_snoop(nns, &len, &name, &pos);
+ nfs_full_name_snoop(pinfo, nns, &len, &name, &pos);
if (name) {
nns->full_name = name;
nns->full_name_len = len;
@@ -1330,6 +1343,10 @@ nfs_name_snoop_fh(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int fh_of
}
PROTO_ITEM_SET_GENERATED(fh_item);
}
+
+ if (nns->fs_cycle) {
+ proto_tree_add_expert(tree, pinfo, &ei_nfs_file_system_cycle, tvb, 0, 0);
+ }
}
}
@@ -14236,6 +14253,7 @@ proto_register_nfs(void)
"Per RFCs 3530 and 5661 an attribute mask is required but was not provided.", EXPFILL }},
{ &ei_nfs_too_many_bitmaps, { "nfs.too_many_bitmaps", PI_PROTOCOL, PI_NOTE, "Too many bitmap array items", EXPFILL }},
{ &ei_nfs4_stateid_deprecated, { "nfs.stateid.deprecated", PI_PROTOCOL, PI_WARN, "State ID deprecated in CLOSE responses [RFC7530 16.2.5]", EXPFILL }},
+ { &ei_nfs_file_system_cycle, { "nfs.file_system_cycle", PI_PROTOCOL, PI_WARN, "Possible file system cycle detected", EXPFILL }},
};
module_t *nfs_module;
--
2.7.4

144
CVE-2020-15466.patch
View File

@ -1,144 +0,0 @@
From d70bd4489feed4035c3a35cd2e76cdf877b3f485 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 29 Jun 2020 15:19:19 -0700
Subject: [PATCH] GVCP: Fix an infinite loop.
Remove an "if(tree)" test in order to ensure that our offset always
advances.
Bug: 16029
Change-Id: I5bb38f2eccfbf3c44a06682a17aafcba9d8fa0c6
Reviewed-on: https://code.wireshark.org/review/37611
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-gvcp.c | 101 +++++++++++++++++-----------------
1 file changed, 51 insertions(+), 50 deletions(-)
diff --git a/epan/dissectors/packet-gvcp.c b/epan/dissectors/packet-gvcp.c
index 4b5d950..3a58cfa 100644
--- a/epan/dissectors/packet-gvcp.c
+++ b/epan/dissectors/packet-gvcp.c
@@ -1803,66 +1803,67 @@ static void dissect_eventdata_cmd(proto_tree *gvcp_telegram_tree, tvbuff_t *tvb,
/* fill in Info column in Wireshark GUI */
col_append_fstr(pinfo->cinfo, COL_INFO, "[ID: 0x%04X]", eventid);
- if (gvcp_telegram_tree != NULL)
+ /* If extended ID, then we have event_size here (2.1) */
+ if (extendedblockids)
{
- /* If extended ID, then we have event_size here (2.1) */
- if (extendedblockids)
- {
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_extid_length, tvb, offset, 2, ENC_BIG_ENDIAN);
- data_length = tvb_get_ntohs(tvb, offset); // We get the data length here
- }
-
- /* skip reserved field */
- offset += 2;
-
- /* Use range to determine type of event */
- if ((eventid >= 0x0000) && (eventid <= 0x8000))
- {
- /* Standard ID */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_id, tvb, offset, 2, ENC_BIG_ENDIAN);
- }
- else if ((eventid >= 0x8001) && (eventid <= 0x8FFF))
- {
- /* Error */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_error_id, tvb, offset, 2, ENC_BIG_ENDIAN);
- }
- else if ((eventid >= 0x9000) && (eventid <= 0xFFFF))
- {
- /* Device specific */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_device_specific_id, tvb, offset, 2, ENC_BIG_ENDIAN);
- }
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_extid_length, tvb, offset, 2, ENC_BIG_ENDIAN);
+ data_length = tvb_get_ntohs(tvb, offset); // We get the data length here
+ }
+ /* skip reserved field */
+ offset += 2;
+ /* Use range to determine type of event */
+ if ((eventid >= 0x0000) && (eventid <= 0x8000))
+ {
+ /* Standard ID */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_id, tvb, offset, 2, ENC_BIG_ENDIAN);
+ }
+ else if ((eventid >= 0x8001) && (eventid <= 0x8FFF))
+ {
+ /* Error */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_error_id, tvb, offset, 2, ENC_BIG_ENDIAN);
+ }
+ else if ((eventid >= 0x9000) && (eventid <= 0xFFFF))
+ {
+ /* Device specific */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_device_specific_id, tvb, offset, 2, ENC_BIG_ENDIAN);
+ }
+ offset += 2;
+
+ /* Stream channel (possibly) associated with event */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_stream_channel_index, tvb, offset, 2, ENC_BIG_ENDIAN);
+ if (extendedblockids == 0)
+ {
+ /* Block id (16 bit) associated with event */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_block_id, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
-
- /* Stream channel (possibly) associated with event */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_stream_channel_index, tvb, offset, 2, ENC_BIG_ENDIAN);
+ }
+ else
+ {
offset += 2;
-
- if (extendedblockids == 0)
- {
- /* Block id (16 bit) associated with event */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_block_id, tvb, offset, 2, ENC_BIG_ENDIAN);
- offset += 2;
- }
- else
- {
- offset += 2;
- /* Block id (64 bit) only if reported by gvcp flag */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_block_id_64bit_v2_0, tvb, offset, 8, ENC_BIG_ENDIAN);
- offset += 8;
- }
-
- /* Timestamp (64 bit) associated with event */
- proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_timestamp, tvb, offset, 8, ENC_BIG_ENDIAN);
+ /* Block id (64 bit) only if reportedby gvcp flag */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_block_id_64bit_v2_0, tvb, offset, 8, ENC_BIG_ENDIAN);
offset += 8;
+ }
- if ((data_length == 24) && (extendedblockids))
+ /* Timestamp (64 bit) associated with event */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_timestamp, tvb, offset, 8, ENC_BIG_ENDIAN);
+ offset += 8;
+
+ if (extendedblockids)
+ {
+ if (data_length > 24)
{
- /* "no data" this is an ok case for extended id, eventcmd to be deprecated */
- return;
+ /* Data */
+ proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_data, tvb, offset, data_length - 24, ENC_NA);
+ offset += data_length - 24;
}
+ }
+ else
+ {
/* Data */
proto_tree_add_item(gvcp_telegram_tree, hf_gvcp_eventcmd_data, tvb, offset, -1, ENC_NA);
+ return;
}
}
--
2.23.0

31
CVE-2020-25862.patch
View File

@ -1,31 +0,0 @@
From 7f3fe6164a68b76d9988c4253b24d43f498f1753 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal@wireshark.org>
Date: Tue, 1 Sep 2020 17:22:14 +0200
Subject: [PATCH] TCP: do not use an unknown status when the checksum is 0xffff
Otherwise it triggers an assert when adding the column as the field is
defined as BASE_NONE and not BASE_DEC or BASE_HEX. Thus an unknown value
(not in proto_checksum_vals[)array) cannot be represented.
Mark the checksum as bad even if we process the packet.
Closes #16816
---
epan/dissectors/packet-tcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c
index db8ef31639..fc83f665d1 100644
--- a/epan/dissectors/packet-tcp.c
+++ b/epan/dissectors/packet-tcp.c
@@ -6230,7 +6230,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
PROTO_ITEM_SET_GENERATED(item);
/* XXX - What should this special status be? */
item = proto_tree_add_uint(checksum_tree, hf_tcp_checksum_status, tvb,
- offset + 16, 0, 4);
+ offset + 16, 0, PROTO_CHECKSUM_E_BAD);
PROTO_ITEM_SET_GENERATED(item);
expert_add_info(pinfo, item, &ei_tcp_checksum_ffff);
--
GitLab

39
CVE-2020-25863.patch
View File

@ -1,39 +0,0 @@
From 5803c7b87b3414cdb8bf502af50bb406ca774482 Mon Sep 17 00:00:00 2001
From: George Hopkins <george-hopkins@null.net>
Date: Wed, 2 Sep 2020 10:05:25 +0000
Subject: [PATCH] multipart: fix deallocation of invalid parts
Fixes #16741
(cherry picked from commit 2411eae9edb562e80c45962c74945238a94e5d3b)
---
epan/dissectors/packet-multipart.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/epan/dissectors/packet-multipart.c b/epan/dissectors/packet-multipart.c
index 0e8d9103f1..b972969940 100644
--- a/epan/dissectors/packet-multipart.c
+++ b/epan/dissectors/packet-multipart.c
@@ -340,14 +340,13 @@ get_multipart_info(packet_info *pinfo, http_message_info_t *message_info)
parameters = unfold_and_compact_mime_header(message_info->media_str, &dummy);
start_boundary = ws_find_media_type_parameter(wmem_packet_scope(), parameters, "boundary");
-
- if(!start_boundary) {
+ if (!start_boundary) {
return NULL;
}
- if(strncmp(type, "multipart/encrypted", sizeof("multipart/encrypted")-1) == 0) {
+
+ if (strncmp(type, "multipart/encrypted", sizeof("multipart/encrypted") - 1) == 0) {
start_protocol = ws_find_media_type_parameter(wmem_packet_scope(), parameters, "protocol");
- if(!start_protocol) {
- g_free(start_boundary);
+ if (!start_protocol) {
return NULL;
}
}
--
GitLab

63
CVE-2020-26575.patch
View File

@ -1,63 +0,0 @@
From 3ff940652962c099b73ae3233322b8697b0d10ab Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Fri, 2 Oct 2020 12:42:03 -0700
Subject: [PATCH] FBZERO: Make sure our offset advances.
Make sure our offset advances so that we don't infinitely loop.
Fixes #16887.
---
epan/dissectors/packet-fbzero.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-fbzero.c b/epan/dissectors/packet-fbzero.c
index 16ffb63cf1..132079cfaa 100644
--- a/epan/dissectors/packet-fbzero.c
+++ b/epan/dissectors/packet-fbzero.c
@@ -66,6 +66,7 @@ static gint ett_fb_zero_tag_value = -1;
static expert_field ei_fb_zero_tag_undecoded = EI_INIT;
static expert_field ei_fb_zero_tag_length = EI_INIT;
static expert_field ei_fb_zero_tag_unknown = EI_INIT;
+static expert_field ei_fb_zero_length_invalid = EI_INIT;
#define FBZERO_MIN_LENGTH 3
@@ -261,18 +262,26 @@ dissect_fb_zero_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *fb_zero_tree,
"Dissector for FB Zero Tag"
" %s (%s) code not implemented, Contact"
" Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
- tag_offset += tag_len;
+ goto end;
break;
}
if(tag_offset != offset_end){
/* Wrong Tag len... */
proto_tree_add_expert(tag_tree, pinfo, &ei_fb_zero_tag_unknown, tvb, tag_offset_start + tag_offset, offset_end - tag_offset);
- tag_offset = offset_end;
+ // XXX Return instead?
+ goto end;
}
tag_number--;
}
+
+ end:
+ if (offset + total_tag_len <= offset) {
+ expert_add_info_format(pinfo, fb_zero_tree, &ei_fb_zero_length_invalid,
+ "Invalid total tag length: %u", total_tag_len);
+ return offset + tvb_reported_length_remaining(tvb, offset);
+ }
return offset + total_tag_len;
}
@@ -562,6 +571,7 @@ proto_register_fb_zero(void)
{ &ei_fb_zero_tag_undecoded, { "fb_zero.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for FB Zero Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
{ &ei_fb_zero_tag_length, { "fb_zero.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
{ &ei_fb_zero_tag_unknown, { "fb_zero.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
+ { &ei_fb_zero_length_invalid, { "fb_zero.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid length", EXPFILL }},
};
expert_module_t *expert_fb_zero;
--
GitLab

55
CVE-2020-28030.patch
View File

@ -1,55 +0,0 @@
From b287e7165e8aa89cde6ae37e7c257c5d87d16b9b Mon Sep 17 00:00:00 2001
From: Richard Smith <pcy190@126.com>
Date: Sat, 10 Oct 2020 18:25:57 +0800
Subject: [PATCH] GQUIC: make sure our tag offset advances.
Make sure gquic tag offset advances so that we don't infinitely loop.
---
epan/dissectors/packet-gquic.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-gquic.c b/epan/dissectors/packet-gquic.c
index fc13912848..f6728d2524 100644
--- a/epan/dissectors/packet-gquic.c
+++ b/epan/dissectors/packet-gquic.c
@@ -185,6 +185,7 @@ static expert_field ei_gquic_tag_undecod
static expert_field ei_gquic_tag_length = EI_INIT;
static expert_field ei_gquic_tag_unknown = EI_INIT;
static expert_field ei_gquic_version_invalid = EI_INIT;
+static expert_field ei_gquic_length_invalid = EI_INIT;
typedef struct gquic_info_data {
guint8 version;
@@ -1608,7 +1609,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_
"Dissector for (Google) QUIC Tag"
" %s (%s) code not implemented, Contact"
" Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
- tag_offset += tag_len;
+ goto end;
break;
}
if(tag_offset != offset_end){
@@ -1619,6 +1620,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_
tag_number--;
}
+
+ end:
+ if (offset + total_tag_len <= offset) {
+ expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid,
+ "Invalid total tag length: %u", total_tag_len);
+ return offset + tvb_reported_length_remaining(tvb, offset);
+ }
return offset + total_tag_len;
}
@@ -2880,7 +2888,8 @@ proto_register_gquic(void)
{ &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
{ &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
{ &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
- { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}
+ { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }},
+ { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}
};
expert_module_t *expert_gquic;

108
CVE-2020-9428-pre.patch
View File

@ -1,108 +0,0 @@
From 71cf784bfc5435cd7e1531d9ef7dce462274e9ad Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Thu, 11 Oct 2018 14:20:22 +0200
Subject: [PATCH] eap: don't dissect the identity as IMSI unless that's the
case.
The identity in SIM/AKA/AKA' is IMSI (permanent identity) in some cases only.
Others contain a pseudonym or a fast reauthentication username. Dissect the
formers as flat usernames.
Bug: 15196
Change-Id: Ia4491431b6ff557a248271b743c1e37c4e6c0b24
Reviewed-on: https://code.wireshark.org/review/30129
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-on: https://code.wireshark.org/review/30130
Reviewed-by: Dario Lombardo <lomato@gmail.com>
---
epan/dissectors/packet-eap.c | 37 ++++++++++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-eap.c b/epan/dissectors/packet-eap.c
index b1f10b8150..a4b1527957 100644
--- a/epan/dissectors/packet-eap.c
+++ b/epan/dissectors/packet-eap.c
@@ -36,6 +36,8 @@ static int hf_eap_type = -1;
static int hf_eap_type_nak = -1;
static int hf_eap_identity = -1;
+static int hf_eap_identity_pseudo = -1;
+static int hf_eap_identity_reauth = -1;
static int hf_eap_identity_actual_len = -1;
static int hf_eap_identity_wlan_prefix = -1;
static int hf_eap_identity_wlan_mcc = -1;
@@ -94,6 +96,7 @@ static expert_field ei_eap_ms_chap_v2_length = EI_INIT;
static expert_field ei_eap_mitm_attacks = EI_INIT;
static expert_field ei_eap_md5_value_size_overflow = EI_INIT;
static expert_field ei_eap_dictionary_attacks = EI_INIT;
+static expert_field ei_eap_identity_invalid = EI_INIT;
static dissector_handle_t eap_handle;
@@ -543,6 +546,7 @@ dissect_eap_identity_wlan(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, i
guint ntokens = 0;
gboolean ret = TRUE;
int hf_eap_identity_wlan_mcc_mnc;
+ proto_item* item;
identity = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, size, ENC_ASCII);
@@ -566,10 +570,28 @@ dissect_eap_identity_wlan(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, i
/* Go on with the dissection */
eap_identity_tree = proto_item_add_subtree(tree, ett_identity);
eap_identity_prefix = tokens[0][0];
- proto_tree_add_uint(eap_identity_tree, hf_eap_identity_wlan_prefix,
+ item = proto_tree_add_uint(eap_identity_tree, hf_eap_identity_wlan_prefix,
tvb, offset, 1, eap_identity_prefix);
- dissect_e212_utf8_imsi(tvb, pinfo, eap_identity_tree, offset + 1, (guint)strlen(tokens[0]) - 1);
+ switch(eap_identity_prefix) {
+ case '0':
+ case '1':
+ case '6':
+ dissect_e212_utf8_imsi(tvb, pinfo, eap_identity_tree, offset + 1, (guint)strlen(tokens[0]) - 1);
+ break;
+ case '2':
+ case '3':
+ case '7':
+ proto_tree_add_item(eap_identity_tree, hf_eap_identity_pseudo, tvb, offset + 1, (guint)strlen(tokens[0]) - 1, ENC_ASCII|ENC_NA);
+ break;
+ case '4':
+ case '5':
+ case '8':
+ proto_tree_add_item(eap_identity_tree, hf_eap_identity_reauth, tvb, offset + 1, (guint)strlen(tokens[0]) - 1, ENC_ASCII|ENC_NA);
+ break;
+ default:
+ expert_add_info(pinfo, item, &ei_eap_identity_invalid);
+ }
/* guess if we have a 3 bytes mnc by comparing the first bytes with the imsi */
if (!sscanf(tokens[2] + 3, "%u", &mnc) || !sscanf(tokens[3] + 3, "%u", &mcc)) {
@@ -1339,6 +1361,16 @@ proto_register_eap(void)
FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
+ { &hf_eap_identity_pseudo, {
+ "Identity (Pseudonym)", "eap.identity",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL }},
+
+ { &hf_eap_identity_reauth, {
+ "Identity (Reauth)", "eap.identity",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL }},
+
{ &hf_eap_identity_wlan_prefix, {
"WLAN Identity Prefix", "eap.identity.wlan.prefix",
FT_CHAR, BASE_HEX, VALS(eap_identity_wlan_prefix_vals), 0x0,
@@ -1664,6 +1696,7 @@ proto_register_eap(void)
{ &ei_eap_dictionary_attacks, { "eap.dictionary_attacks", PI_SECURITY, PI_WARN,
"Vulnerable to dictionary attacks. If possible, change EAP type."
" See http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/2331_pp.pdf", EXPFILL }},
+ { &ei_eap_identity_invalid, { "eap.identity.invalid", PI_PROTOCOL, PI_WARN, "Invalid identity code", EXPFILL }}
};
expert_module_t* expert_eap;

34
CVE-2020-9428.patch
View File

@ -1,34 +0,0 @@
From 9fe2de783dbcbe74144678d60a4e3923367044b2 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Fri, 21 Feb 2020 10:19:35 -0800
Subject: [PATCH] EAP: Remove a couple of string length assumptions.
Don't assume our MNC and MCC string lengths are > 3.
Bug: 16397
Change-Id: I0759dcb9d0c5f078cf3a98e9323d9cb741e15dd4
Reviewed-on: https://code.wireshark.org/review/36146
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 8bda8642dfc8c9a870c6a48771566012353cc898)
Reviewed-on: https://code.wireshark.org/review/36173
---
epan/dissectors/packet-eap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-eap.c b/epan/dissectors/packet-eap.c
index a4b1527957..c3fc33fb07 100644
--- a/epan/dissectors/packet-eap.c
+++ b/epan/dissectors/packet-eap.c
@@ -594,7 +594,8 @@ dissect_eap_identity_wlan(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, i
}
/* guess if we have a 3 bytes mnc by comparing the first bytes with the imsi */
- if (!sscanf(tokens[2] + 3, "%u", &mnc) || !sscanf(tokens[3] + 3, "%u", &mcc)) {
+ /* XXX Should we force matches on "mnc" and "mmc"? */
+ if (!sscanf(tokens[2], "%*3c%u", &mnc) || !sscanf(tokens[3], "%*3c%u", &mcc)) {
ret = FALSE;
goto end;
}

71
CVE-2020-9430-1.patch
View File

@ -1,71 +0,0 @@
From 93d6b03a67953b82880cdbdcf0d30e2a3246d790 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Fri, 7 Feb 2020 11:17:35 -0800
Subject: [PATCH] WiMax DLMAP: Add a length check.
Make sure we have enough data for a CRC.
Bug: 16368
Change-Id: I03a2532061a5cf5e28cb65c83dd4ab90654d1679
Reviewed-on: https://code.wireshark.org/review/36051
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
plugins/epan/wimax/.editorconfig | 10 ++++++++++
plugins/epan/wimax/msg_dlmap.c | 9 ++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
create mode 100644 plugins/epan/wimax/.editorconfig
diff --git a/plugins/epan/wimax/.editorconfig b/plugins/epan/wimax/.editorconfig
new file mode 100644
index 0000000..541cd9d
--- /dev/null
+++ b/plugins/epan/wimax/.editorconfig
@@ -0,0 +1,10 @@
+#
+# Editor configuration
+#
+# https://editorconfig.org/
+#
+
+[msg_dlmap.[ch]]
+indent_style = tab
+indent_size = tab
+
diff --git a/plugins/epan/wimax/msg_dlmap.c b/plugins/epan/wimax/msg_dlmap.c
index 05f8714..c2cdf54 100644
--- a/plugins/epan/wimax/msg_dlmap.c
+++ b/plugins/epan/wimax/msg_dlmap.c
@@ -593,6 +593,7 @@ static int hf_dlmap_reduced_aas_spid = -1;
static expert_field ei_dlmap_not_implemented = EI_INIT;
static expert_field ei_crc16 = EI_INIT;
static expert_field ei_mac_header_compress_dlmap_crc = EI_INIT;
+static expert_field ei_mac_header_invalid_length = EI_INIT;
/* Copied and renamed from proto.c because global value_strings don't work for plugins */
static const value_string plugin_proto_checksum_vals[] = {
@@ -2383,7 +2384,12 @@ gint wimax_decode_dlmapc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *base_tre
/* CRC is always appended */
/* check the length */
- if (MIN(tvb_len, tvb_reported_length(tvb)) >= mac_len)
+ if (mac_len <= sizeof(mac_crc))
+ {
+ expert_add_info_format(pinfo, ti, &ei_mac_header_invalid_length,
+ "Invalid length: %d.", mac_len);
+ }
+ else if (MIN(tvb_len, tvb_reported_length(tvb)) >= mac_len)
{
/* calculate the CRC */
calculated_crc = wimax_mac_calc_crc32(tvb_get_ptr(tvb, 0, mac_len - (int)sizeof(mac_crc)), mac_len - (int)sizeof(mac_crc));
@@ -3436,6 +3442,7 @@ void proto_register_mac_mgmt_msg_dlmap(void)
{ &ei_dlmap_not_implemented, { "wmx.dlmap.not_implemented", PI_UNDECODED, PI_WARN, "Not implemented", EXPFILL }},
{ &ei_crc16, { "wmx.dlmap.bad_checksum", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
{ &ei_mac_header_compress_dlmap_crc, { "wmx.compress_dlmap.bad_checksum", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
+ { &ei_mac_header_invalid_length, { "wmx.compress_dlmap.invalid_length", PI_MALFORMED, PI_ERROR, "Invalid length", EXPFILL }},
};
expert_module_t* expert_mac_mgmt_msg_dlmap;
--
2.7.4

34
CVE-2020-9430-2.patch
View File

@ -1,34 +0,0 @@
From 6b98dc63701b1da1cc7681cb383dabb0b7007d73 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Wed, 12 Feb 2020 12:07:52 -0800
Subject: [PATCH] WiMax DLMAP: Fix a large loop.
Make sure we advance our offset.
Bug: 16383
Ping-Bug: 16368
Change-Id: I4949cb0988601dbe545d0bc22de4d654b4e61204
Reviewed-on: https://code.wireshark.org/review/36085
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 6dad599a8a1bda8b8e999cc4a7e460140e4ecc0a)
Reviewed-on: https://code.wireshark.org/review/36094
---
plugins/epan/wimax/msg_dlmap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/epan/wimax/msg_dlmap.c b/plugins/epan/wimax/msg_dlmap.c
index c2cdf54..6961d55 100644
--- a/plugins/epan/wimax/msg_dlmap.c
+++ b/plugins/epan/wimax/msg_dlmap.c
@@ -2388,6 +2388,7 @@ gint wimax_decode_dlmapc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *base_tre
{
expert_add_info_format(pinfo, ti, &ei_mac_header_invalid_length,
"Invalid length: %d.", mac_len);
+ return sizeof(mac_crc);
}
else if (MIN(tvb_len, tvb_reported_length(tvb)) >= mac_len)
{
--
2.7.4

82
CVE-2020-9431.patch
View File

@ -1,82 +0,0 @@
From 086003c9d616906e08bbeeab9c17b3aa4c6ff850 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal@wireshark.org>
Date: Wed, 22 Jan 2020 11:38:02 +0100
Subject: [PATCH] LTE RRC: fix a memory leak in composite TVB handling
Bug: 16341
Change-Id: Ib6c020ea3df8b39a02f742f0684fca7db96f1fc3
Reviewed-on: https://code.wireshark.org/review/35899
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
(cherry picked from commit adeeb7f2da801303768ce96e2cacf6a703a69c6f)
Conflicts:
epan/dissectors/packet-lte-rrc.c
Reviewed-on: https://code.wireshark.org/review/35903
---
epan/dissectors/asn1/lte-rrc/lte-rrc.cnf | 6 +++---
epan/dissectors/packet-lte-rrc.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/epan/dissectors/asn1/lte-rrc/lte-rrc.cnf b/epan/dissectors/asn1/lte-rrc/lte-rrc.cnf
index 2a00468a0f..eb2b9d20dd 100644
--- a/epan/dissectors/asn1/lte-rrc/lte-rrc.cnf
+++ b/epan/dissectors/asn1/lte-rrc/lte-rrc.cnf
@@ -438,7 +438,7 @@ MasterInformationBlock/schedulingInfoSIB1-BR-r13 TYPE=FT_UINT32 DISPLAY=BASE_DEC
tvbuff_t *gsm_rlcmac_dl_tvb = tvb_new_composite();
guint8 *pd = (guint8 *) wmem_alloc(actx->pinfo->pool, 1);
pd[0] = 0x40;
- tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_real_data(pd, 1, 1));
+ tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_child_real_data(tvb, pd, 1, 1));
tvb_composite_append(gsm_rlcmac_dl_tvb, target_rat_msg_cont_tvb);
tvb_composite_finalize(gsm_rlcmac_dl_tvb);
add_new_data_source(actx->pinfo, gsm_rlcmac_dl_tvb, "GPRS DL control block");
@@ -506,7 +506,7 @@ MasterInformationBlock/schedulingInfoSIB1-BR-r13 TYPE=FT_UINT32 DISPLAY=BASE_DEC
tvbuff_t *si_tvb = tvb_new_composite();
guint8 *pd = (guint8 *) wmem_alloc(actx->pinfo->pool, 1);
pd[0] = 0x06;
- tvb_composite_append(si_tvb, tvb_new_real_data(pd, 1, 1));
+ tvb_composite_append(si_tvb, tvb_new_child_real_data(tvb, pd, 1, 1));
tvb_composite_append(si_tvb, sys_info_list_tvb);
tvb_composite_finalize(si_tvb);
add_new_data_source(actx->pinfo, si_tvb, "System Information");
@@ -519,7 +519,7 @@ MasterInformationBlock/schedulingInfoSIB1-BR-r13 TYPE=FT_UINT32 DISPLAY=BASE_DEC
tvbuff_t *gsm_rlcmac_dl_tvb = tvb_new_composite();
guint8 *pd = (guint8 *) wmem_alloc(actx->pinfo->pool, 1);
pd[0] = 0x40;
- tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_real_data(pd, 1, 1));
+ tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_child_real_data(tvb, pd, 1, 1));
tvb_composite_append(gsm_rlcmac_dl_tvb, sys_info_list_tvb);
tvb_composite_finalize(gsm_rlcmac_dl_tvb);
add_new_data_source(actx->pinfo, gsm_rlcmac_dl_tvb, "GPRS DL control block");
diff --git a/epan/dissectors/packet-lte-rrc.c b/epan/dissectors/packet-lte-rrc.c
index 71ad21350d..6cef81e81f 100644
--- a/epan/dissectors/packet-lte-rrc.c
+++ b/epan/dissectors/packet-lte-rrc.c
@@ -52217,7 +52217,7 @@ dissect_lte_rrc_T_targetRAT_MessageContainer(tvbuff_t *tvb _U_, int offset _U_,
tvbuff_t *gsm_rlcmac_dl_tvb = tvb_new_composite();
guint8 *pd = (guint8 *) wmem_alloc(actx->pinfo->pool, 1);
pd[0] = 0x40;
- tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_real_data(pd, 1, 1));
+ tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_child_real_data(tvb, pd, 1, 1));
tvb_composite_append(gsm_rlcmac_dl_tvb, target_rat_msg_cont_tvb);
tvb_composite_finalize(gsm_rlcmac_dl_tvb);
add_new_data_source(actx->pinfo, gsm_rlcmac_dl_tvb, "GPRS DL control block");
@@ -52279,7 +52279,7 @@ dissect_lte_rrc_SystemInfoListGERAN_item(tvbuff_t *tvb _U_, int offset _U_, asn1
tvbuff_t *si_tvb = tvb_new_composite();
guint8 *pd = (guint8 *) wmem_alloc(actx->pinfo->pool, 1);
pd[0] = 0x06;
- tvb_composite_append(si_tvb, tvb_new_real_data(pd, 1, 1));
+ tvb_composite_append(si_tvb, tvb_new_child_real_data(tvb, pd, 1, 1));
tvb_composite_append(si_tvb, sys_info_list_tvb);
tvb_composite_finalize(si_tvb);
add_new_data_source(actx->pinfo, si_tvb, "System Information");
@@ -52292,7 +52292,7 @@ dissect_lte_rrc_SystemInfoListGERAN_item(tvbuff_t *tvb _U_, int offset _U_, asn1
tvbuff_t *gsm_rlcmac_dl_tvb = tvb_new_composite();
guint8 *pd = (guint8 *) wmem_alloc(actx->pinfo->pool, 1);
pd[0] = 0x40;
- tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_real_data(pd, 1, 1));
+ tvb_composite_append(gsm_rlcmac_dl_tvb, tvb_new_child_real_data(tvb, pd, 1, 1));
tvb_composite_append(gsm_rlcmac_dl_tvb, sys_info_list_tvb);
tvb_composite_finalize(gsm_rlcmac_dl_tvb);
add_new_data_source(actx->pinfo, gsm_rlcmac_dl_tvb, "GPRS DL control block");

82
CVE-2021-22191.patch
View File

@ -1,82 +0,0 @@
From: Markus Koschany <apo@debian.org>
Date: Thu, 24 Mar 2022 14:03:00 +0100
Subject: CVE-2021-22191
Origin: https://gitlab.com/wireshark/wireshark/-/commit/0f638a240ceefb467025b7aa28acb56045381034
---
epan/wslua/wslua_gui.c | 24 ++++++++++++++++++++++--
ui/qt/proto_tree.cpp | 5 ++++-
2 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/epan/wslua/wslua_gui.c b/epan/wslua/wslua_gui.c
index e93618f..b7eef3f 100644
--- a/epan/wslua/wslua_gui.c
+++ b/epan/wslua/wslua_gui.c
@@ -854,7 +854,16 @@ WSLUA_FUNCTION wslua_reload_lua_plugins(lua_State* L) { /* Reload all Lua plugin
}
-WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /* Open an url in a browser. */
+WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /*
+ Opens an URL in a web browser. Requires a GUI.
+
+ [WARNING]
+ ====
+ Do not pass an untrusted URL to this function.
+
+ It will be passed to the system's URL handler, which might execute malicious code, switch on your Bluetooth-connected foghorn, or any of a number of unexpected or harmful things.
+ ====
+ */
#define WSLUA_ARG_browser_open_url_URL 1 /* The url. */
const char* url = luaL_checkstring(L,WSLUA_ARG_browser_open_url_URL);
@@ -868,7 +877,18 @@ WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /* Open an url in a browse
return 0;
}
-WSLUA_FUNCTION wslua_browser_open_data_file(lua_State* L) { /* Open a file in a browser. */
+WSLUA_FUNCTION wslua_browser_open_data_file(lua_State* L) { /*
+ Open a file located in the data directory (specified in the Wireshark preferences) in the web browser.
+ If the file does not exist, the function silently ignores the request.
+ Requires a GUI.
+
+ [WARNING]
+ ====
+ Do not pass an untrusted URL to this function.
+
+ It will be passed to the system's URL handler, which might execute malicious code, switch on your Bluetooth-connected foghorn, or any of a number of unexpected or harmful things.
+ ====
+ */
#define WSLUA_ARG_browser_open_data_file_FILENAME 1 /* The file name. */
const char* file = luaL_checkstring(L,WSLUA_ARG_browser_open_data_file_FILENAME);
diff --git a/ui/qt/proto_tree.cpp b/ui/qt/proto_tree.cpp
index 0525cf2..15f4c08 100644
--- a/ui/qt/proto_tree.cpp
+++ b/ui/qt/proto_tree.cpp
@@ -18,6 +18,8 @@
#include <ui/qt/utils/variant_pointer.h>
#include <ui/qt/utils/wireshark_mime_data.h>
#include <ui/qt/widgets/drag_label.h>
+#include "wireshark_application.h"
+
#include <QApplication>
#include <QContextMenuEvent>
@@ -27,6 +29,7 @@
#include <QScrollBar>
#include <QStack>
#include <QUrl>
+#include <QClipboard>
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
#include <QWindow>
@@ -430,7 +433,7 @@ void ProtoTree::itemDoubleClicked(const QModelIndex &index) {
} else {
QString url = finfo.url();
if (!url.isEmpty()) {
- QDesktopServices::openUrl(QUrl(url));
+ QApplication::clipboard()->setText(url);
}
}
}

70
CVE-2021-22207.patch
View File

@ -1,70 +0,0 @@
From b7a0650e061b5418ab4a8f72c6e4b00317aff623 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 19 Apr 2021 10:39:01 -0700
Subject: [PATCH] MS-WSP: Don't allocate huge amounts of memory.
Add a couple of memory allocation sanity checks, one of which
fixes #17331.
---
epan/dissectors/packet-mswsp.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/epan/dissectors/packet-mswsp.c b/epan/dissectors/packet-mswsp.c
index 37ad06c2b2..38bcefd072 100644
--- a/epan/dissectors/packet-mswsp.c
+++ b/epan/dissectors/packet-mswsp.c
@@ -313,8 +313,10 @@ struct CTableColumn {
guint16 lengthoffset;
char name[PROP_LENGTH];
};
-/* minimum size in bytes on the wire CTableColumn can be */
+/* Minimum size in bytes on the wire CTableColumn can be */
#define MIN_CTABLECOL_SIZE 32
+/* Maximum sane size in bytes on the wire CTableColumn can be. Arbitrary. */
+#define MAX_CTABLECOL_SIZE 5000
/* 2.2.3.10 */
@@ -3973,6 +3975,8 @@ static int vvalue_tvb_lpwstr(tvbuff_t *tvb, int offset, void *val)
return 4 + vvalue_tvb_lpwstr_len(tvb, offset + 4, 0, val);
}
+/* Maximum sane vector size. Arbitrary. */
+#define MAX_VT_VECTOR_SIZE 5000
static int vvalue_tvb_vector_internal(tvbuff_t *tvb, int offset, struct vt_vector *val, struct vtype_data *type, guint num)
{
const int offset_in = offset;
@@ -3987,18 +3991,14 @@ static int vvalue_tvb_vector_internal(tvbuff_t *tvb, int offset, struct vt_vecto
* here, before making a possibly-doomed attempt to allocate
* memory for it.
*
- * First, check for an overflow.
+ * First, check for sane values.
*/
- if ((guint64)elsize * (guint64)num > G_MAXUINT) {
- /*
- * We never have more than G_MAXUINT bytes in a tvbuff,
- * so this will *definitely* fail.
- */
+ if (num > MAX_VT_VECTOR_SIZE) {
THROW(ReportedBoundsError);
}
/*
- * No overflow; now make sure we at least have that data.
+ * No huge numbers from the wire; now make sure we at least have that data.
*/
tvb_ensure_bytes_exist(tvb, offset, elsize * num);
@@ -5859,7 +5859,7 @@ static int dissect_CPMSetBindings(tvbuff_t *tvb, packet_info *pinfo, proto_tree
/* Sanity check size value */
column_size = num*MIN_CTABLECOL_SIZE;
- if (column_size > tvb_reported_length_remaining(tvb, offset))
+ if (num > MAX_CTABLECOL_SIZE || column_size > tvb_reported_length_remaining(tvb, offset))
{
expert_add_info(pinfo, ti, &ei_mswsp_msg_cpmsetbinding_ccolumns);
return tvb_reported_length(tvb);
--
GitLab

27
CVE-2021-4181.patch
View File

@ -1,27 +0,0 @@
From: Markus Koschany <apo@debian.org>
Date: Thu, 24 Mar 2022 15:43:12 +0100
Subject: CVE-2021-4181
Origin: https://gitlab.com/wireshark/wireshark/-/commit/d2436f19a3babc61ed97aa635f6eb43bfc44cfda
---
epan/dissectors/packet-sysdig-event.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/epan/dissectors/packet-sysdig-event.c b/epan/dissectors/packet-sysdig-event.c
index ce88970..7dd127e 100644
--- a/epan/dissectors/packet-sysdig-event.c
+++ b/epan/dissectors/packet-sysdig-event.c
@@ -1864,6 +1864,13 @@ dissect_event_params(tvbuff_t *tvb, int offset, proto_tree *tree, int encoding,
param_offset = offset + dissect_header_lens(tvb, offset, tree, encoding, hf_indexes);
for (cur_param = 0; hf_indexes[cur_param]; cur_param++) {
+ if (!hf_indexes[cur_param]) {
+ // This happens when new params are added to existent events in sysdig,
+ // if the event is already mapped in wireshark with a lower number of params.
+ // hf_indexes array size would be < than event being dissected, leading to SIGSEGV.
+ break;
+ }
+
int param_len = tvb_get_guint16(tvb, len_offset, encoding);
const int hf_index = *hf_indexes[cur_param];
if (proto_registrar_get_ftype(hf_index) == FT_STRING) {

45
CVE-2021-4185.patch
View File

@ -1,45 +0,0 @@
From: Markus Koschany <apo@debian.org>
Date: Thu, 24 Mar 2022 15:10:57 +0100
Subject: CVE-2021-4185
Origin: https://gitlab.com/wireshark/wireshark/-/commit/a0084bd76f45f9566bd94c49d7fb7571e0d4bdaa
---
epan/dissectors/packet-rtmpt.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-rtmpt.c b/epan/dissectors/packet-rtmpt.c
index f043cc7..555daad 100644
--- a/epan/dissectors/packet-rtmpt.c
+++ b/epan/dissectors/packet-rtmpt.c
@@ -1893,6 +1893,11 @@ dissect_rtmpt_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rtmpt_
if (pinfo->fd->flags.visited) {
/* Already done the work, so just dump the existing state */
+ /* XXX: If there's bogus sequence numbers and the
+ * tcp.analyze_sequence_numbers pref is TRUE, we can't actually
+ * assume that we processed this frame the first time around,
+ * since the TCP dissector might not have given it to us.
+ */
wmem_stack_t *packets;
/* List all RTMP packets terminating in this TCP segment, from end to beginning */
@@ -1901,10 +1906,18 @@ dissect_rtmpt_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rtmpt_
wmem_stack_push(packets, 0);
tp = (rtmpt_packet_t *)wmem_tree_lookup32_le(rconv->packets[cdir], seq+remain-1);
- while (tp && tp->lastseq >= seq) {
+ while (tp && GE_SEQ(tp->lastseq, seq)) {
+ /* Sequence numbers can wrap around (especially with
+ * tcp.relative_sequence_numbers FALSE), so use the
+ * wrap around aware comparison from packet-tcp.h
+ */
wmem_stack_push(packets, tp);
if (tp->seq == 0) {
// reached first segment.
+ /* XXX: Assuming tcp.relative_sequence_numbers
+ * is TRUE, that is, since on TCP we just
+ * reuse the sequence numbers from tcpinfo.
+ */
break;
}
tp = (rtmpt_packet_t *)wmem_tree_lookup32_le(rconv->packets[cdir], tp->seq-1);

185
Move-even-more-headers-outside-extern-C.patch
View File

@ -1,185 +0,0 @@
From e434d404d0db719440cc911729d225417a49b4f4 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Tue, 16 Mar 2021 04:33:00 -0700
Subject: [PATCH] Move even more headers outside extern "C".
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
---
wsutil/cpu_info.h | 2 --
wsutil/file_util.h | 12 ++++++------
wsutil/plugins.h | 7 +++----
wsutil/processes.h | 19 ++++++++++++++-----
wsutil/time_util.h | 4 ++--
wsutil/unicode-utils.h | 10 ++++++----
6 files changed, 31 insertions(+), 23 deletions(-)
diff --git a/wsutil/cpu_info.h b/wsutil/cpu_info.h
index 3579576..145b1be 100644
--- a/wsutil/cpu_info.h
+++ b/wsutil/cpu_info.h
@@ -17,8 +17,6 @@
extern "C" {
#endif /* __cplusplus */
-#include "ws_symbol_export.h"
-
WS_DLL_PUBLIC void get_cpu_info(GString *str);
#ifdef __cplusplus
diff --git a/wsutil/file_util.h b/wsutil/file_util.h
index 5d8f41a..1e8b726 100644
--- a/wsutil/file_util.h
+++ b/wsutil/file_util.h
@@ -15,10 +15,6 @@
#include "ws_symbol_export.h"
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#ifdef _WIN32
#include <io.h> /* for _read(), _write(), etc. */
#include <gmodule.h>
@@ -36,6 +32,12 @@ extern "C" {
#include <sys/stat.h> /* for stat() and struct stat */
#endif
+#include <stdio.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/*
* Visual C++ on Win32 systems doesn't define these. (Old UNIX systems don't
* define them either.)
@@ -55,8 +57,6 @@ extern "C" {
#define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
#endif
-#include <stdio.h>
-
#ifdef _WIN32
/*
diff --git a/wsutil/plugins.h b/wsutil/plugins.h
index 1a76c78..5ab8d0a 100644
--- a/wsutil/plugins.h
+++ b/wsutil/plugins.h
@@ -13,14 +13,13 @@
#include <glib.h>
+#include <gmodule.h>
+#include "ws_symbol_export.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <gmodule.h>
-
-#include "ws_symbol_export.h"
-
typedef void (*plugin_register_func)(void);
typedef void plugins_t;
diff --git a/wsutil/processes.h b/wsutil/processes.h
index 03c76e8..61655c8 100644
--- a/wsutil/processes.h
+++ b/wsutil/processes.h
@@ -13,6 +13,20 @@
#include "ws_symbol_export.h"
+#ifdef _WIN32
+/*
+ * On Windows, a process ID is a HANDLE.
+ * Include <windows.h> to make sure HANDLE is defined.
+ */
+#include <windows.h>
+#else
+/*
+ * On UN*X, a process ID is a pid_t.
+ * Include <sys/types.h> to make sure pid_t is defined.
+ */
+#include <sys/types.h>
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
@@ -20,9 +34,7 @@ extern "C" {
#ifdef _WIN32
/*
* On Windows, a process ID is a HANDLE.
- * Include <windows.h> to make sure HANDLE is defined.
*/
-#include <windows.h>
typedef HANDLE ws_process_id;
@@ -30,10 +42,7 @@ typedef HANDLE ws_process_id;
#else
/*
* On UN*X, a process ID is a pid_t.
- * Include <sys/types.h> to make sure pid_t is defined.
*/
-#include <sys/types.h>
-
typedef pid_t ws_process_id;
#define WS_INVALID_PID -1
diff --git a/wsutil/time_util.h b/wsutil/time_util.h
index 1cd430d..045ab6a 100644
--- a/wsutil/time_util.h
+++ b/wsutil/time_util.h
@@ -12,12 +12,12 @@
#include "ws_symbol_export.h"
+#include <time.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <time.h>
-
WS_DLL_PUBLIC
time_t mktime_utc(struct tm *tm);
diff --git a/wsutil/unicode-utils.h b/wsutil/unicode-utils.h
index 8bb06ee..b7ab394 100644
--- a/wsutil/unicode-utils.h
+++ b/wsutil/unicode-utils.h
@@ -15,6 +15,12 @@
#include <glib.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <tchar.h>
+#include <wchar.h>
+#endif
+
/**
* @file
* Unicode convenience routines.
@@ -29,10 +35,6 @@ int ws_utf8_char_len(guint8 ch);
#ifdef _WIN32
-#include <windows.h>
-#include <tchar.h>
-#include <wchar.h>
-
/** Given a UTF-8 string, convert it to UTF-16. This is meant to be used
* to convert between GTK+ 2.x (UTF-8) to Windows (UTF-16).
*
--
GitLab

398
Move-more-headers-outside-extern-C.patch
View File

@ -1,398 +0,0 @@
From 1e1f4e6b5f9a309cef55d4459c8bba40d6acc104 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Tue, 16 Mar 2021 02:36:10 -0700
Subject: [PATCH] Move more headers outside extern "C".
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
---
epan/color_filters.h | 4 ++--
epan/conversation.h | 4 ++--
epan/epan.h | 8 ++++----
epan/epan_dissect.h | 8 ++++----
epan/etypes.h | 4 ++--
epan/follow.h | 8 ++++----
epan/frame_data.h | 8 ++++----
epan/guid-utils.h | 7 +++++++
epan/maxmind_db.h | 8 ++++----
epan/oids.h | 8 ++++----
epan/prefs-int.h | 6 +++---
epan/prefs.h | 7 ++++---
epan/proto_data.h | 4 ++--
epan/rtp_pt.h | 6 +++---
epan/stat_tap_ui.h | 12 ++++++------
epan/value_string.h | 6 +++---
16 files changed, 58 insertions(+), 50 deletions(-)
diff --git a/epan/color_filters.h b/epan/color_filters.h
index 4410864..d5c8014 100644
--- a/epan/color_filters.h
+++ b/epan/color_filters.h
@@ -12,12 +12,12 @@
#include "ws_symbol_export.h"
+#include <wsutil/color.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <wsutil/color.h>
-
struct epan_dissect;
#define CONVERSATION_COLOR_PREFIX "___conversation_color_filter___"
diff --git a/epan/conversation.h b/epan/conversation.h
index 0059703..d77a413 100644
--- a/epan/conversation.h
+++ b/epan/conversation.h
@@ -13,6 +13,8 @@
#include "ws_symbol_export.h"
+#include "packet.h" /* for conversation dissector type */
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
@@ -46,8 +48,6 @@ extern "C" {
/* Flags to handle endpoints */
#define USE_LAST_ENDPOINT 0x08 /* Use last endpoint created, regardless of type */
-#include "packet.h" /* for conversation dissector type */
-
/* Types of port numbers Wireshark knows about. */
typedef enum {
ENDPOINT_NONE, /* no endpoint */
diff --git a/epan/epan.h b/epan/epan.h
index 95f47f8..76958fa 100644
--- a/epan/epan.h
+++ b/epan/epan.h
@@ -12,10 +12,6 @@
#include <glib.h>
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/tvbuff.h>
#include <epan/prefs.h>
#include <epan/frame_data.h>
@@ -23,6 +19,10 @@ extern "C" {
#include "register.h"
#include "ws_symbol_export.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
typedef struct epan_dissect epan_dissect_t;
struct epan_dfilter;
diff --git a/epan/epan_dissect.h b/epan/epan_dissect.h
index 956a147..005120b 100644
--- a/epan/epan_dissect.h
+++ b/epan/epan_dissect.h
@@ -10,15 +10,15 @@
#ifndef EPAN_DISSECT_H
#define EPAN_DISSECT_H
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include "epan.h"
#include "tvbuff.h"
#include "proto.h"
#include "packet_info.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/* Dissection of a single byte array. Holds tvbuff info as
* well as proto_tree info. As long as the epan_dissect_t for a byte
* array is in existence, you must not free or move that byte array,
diff --git a/epan/etypes.h b/epan/etypes.h
index e5928fb..5353ddd 100644
--- a/epan/etypes.h
+++ b/epan/etypes.h
@@ -13,12 +13,12 @@
#include "ws_symbol_export.h"
+#include <epan/value_string.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <epan/value_string.h>
-
/*
* Maximum length of an IEEE 802.3 frame; Ethernet type/length values
* less than or equal to it are lengths.
diff --git a/epan/follow.h b/epan/follow.h
index 99b2050..45cfaff 100644
--- a/epan/follow.h
+++ b/epan/follow.h
@@ -13,16 +13,16 @@
#ifndef __FOLLOW_H__
#define __FOLLOW_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/epan.h>
#include <epan/packet.h>
#include <epan/ipv6.h>
#include <epan/wmem/wmem.h>
#include "ws_symbol_export.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
typedef enum {
TCP_STREAM = 0,
UDP_STREAM,
diff --git a/epan/frame_data.h b/epan/frame_data.h
index b6fe4e7..19f0b56 100644
--- a/epan/frame_data.h
+++ b/epan/frame_data.h
@@ -11,16 +11,16 @@
#ifndef __FRAME_DATA_H__
#define __FRAME_DATA_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <ws_diag_control.h>
#include <ws_symbol_export.h>
#include <wsutil/nstime.h>
#include <wiretap/wtap.h>
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
struct _packet_info;
struct epan_session;
diff --git a/epan/guid-utils.h b/epan/guid-utils.h
index d937878..b33f50f 100644
--- a/epan/guid-utils.h
+++ b/epan/guid-utils.h
@@ -25,6 +25,9 @@ typedef struct _e_guid_t {
guint8 data4[8];
} e_guid_t;
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
WS_DLL_PUBLIC void guids_init(void);
@@ -50,4 +53,8 @@ WS_DLL_PUBLIC const gchar* guids_resolve_guid_to_str(const e_guid_t *guid);
WS_DLL_PUBLIC int guid_cmp(const e_guid_t *g1, const e_guid_t *g2);
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
#endif /* __GUID_UTILS_H__ */
diff --git a/epan/maxmind_db.h b/epan/maxmind_db.h
index 0bbf668..15e6ecb 100644
--- a/epan/maxmind_db.h
+++ b/epan/maxmind_db.h
@@ -13,14 +13,14 @@
#ifndef __MAXMIND_DB_H__
#define __MAXMIND_DB_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/ipv6.h>
#include <epan/prefs.h>
#include "ws_symbol_export.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
typedef struct _mmdb_lookup_t {
gboolean found;
const char *country;
diff --git a/epan/oids.h b/epan/oids.h
index 97075a1..a102c46 100644
--- a/epan/oids.h
+++ b/epan/oids.h
@@ -13,15 +13,15 @@
#ifndef __OIDS_H__
#define __OIDS_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/ftypes/ftypes.h>
#include <epan/prefs.h>
#include <epan/wmem/wmem.h>
#include "ws_symbol_export.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/**
*@file
*/
diff --git a/epan/prefs-int.h b/epan/prefs-int.h
index 8921c00..369a54a 100644
--- a/epan/prefs-int.h
+++ b/epan/prefs-int.h
@@ -12,14 +12,14 @@
#ifndef __PREFS_INT_H__
#define __PREFS_INT_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
#include <stdio.h>
#include "ws_symbol_export.h"
#include <epan/wmem/wmem.h>
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
/**
*@file
*/
diff --git a/epan/prefs.h b/epan/prefs.h
index 29e4eaf..4229efc 100644
--- a/epan/prefs.h
+++ b/epan/prefs.h
@@ -13,9 +13,6 @@
#include <glib.h>
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
#include <epan/params.h>
#include <epan/range.h>
@@ -24,6 +21,10 @@ extern "C" {
#include "ws_symbol_export.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
#define PR_DEST_CMD 0
#define PR_DEST_FILE 1
diff --git a/epan/proto_data.h b/epan/proto_data.h
index 74c61a9..88f3e04 100644
--- a/epan/proto_data.h
+++ b/epan/proto_data.h
@@ -11,12 +11,12 @@
#ifndef __PROTO_DATA_H__
#define __PROTO_DATA_H__
+#include "ws_symbol_export.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include "ws_symbol_export.h"
-
/* Allocator should be either pinfo->pool or wmem_file_scope() */
WS_DLL_PUBLIC void p_add_proto_data(wmem_allocator_t *scope, struct _packet_info* pinfo, int proto, guint32 key, void *proto_data);
WS_DLL_PUBLIC void *p_get_proto_data(wmem_allocator_t *scope, struct _packet_info* pinfo, int proto, guint32 key);
diff --git a/epan/rtp_pt.h b/epan/rtp_pt.h
index 74df568..5890a30 100644
--- a/epan/rtp_pt.h
+++ b/epan/rtp_pt.h
@@ -11,13 +11,13 @@
#ifndef __RTP_PT_H__
#define __RTP_PT_H__
+#include <epan/value_string.h>
+#include "ws_symbol_export.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <epan/value_string.h>
-#include "ws_symbol_export.h"
-
/*
* RTP Payload types
* Table B.2 / H.225.0
diff --git a/epan/stat_tap_ui.h b/epan/stat_tap_ui.h
index 20eb590..d6fca31 100644
--- a/epan/stat_tap_ui.h
+++ b/epan/stat_tap_ui.h
@@ -13,6 +13,12 @@
#include "ws_symbol_export.h"
+#include <epan/params.h>
+#include <epan/stat_groups.h>
+#include <epan/packet_info.h>
+#include <epan/tap.h>
+#include <epan/wmem/wmem.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
@@ -21,12 +27,6 @@ extern "C" {
* Parameters for taps.
*/
-#include <epan/params.h>
-#include <epan/stat_groups.h>
-#include <epan/packet_info.h>
-#include <epan/tap.h>
-#include <epan/wmem/wmem.h>
-
typedef enum {
PARAM_UINT, /* Unused? */
PARAM_STRING, /* Unused? */
diff --git a/epan/value_string.h b/epan/value_string.h
index e6ddd1a..c609695 100644
--- a/epan/value_string.h
+++ b/epan/value_string.h
@@ -13,13 +13,13 @@
#include <glib.h>
+#include "ws_symbol_export.h"
+#include "wmem/wmem.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include "ws_symbol_export.h"
-#include "wmem/wmem.h"
-
/* VALUE TO STRING MATCHING */
typedef struct _value_string {
--
GitLab

513
Move-still-more-headers-outside-of-extern-C.patch
View File

@ -1,513 +0,0 @@
From 2820156fbd4b0213ca015216d8cd97c31b503c8c Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Tue, 16 Mar 2021 13:50:13 -0700
Subject: [PATCH] Move still *more* headers outside of extern "C".
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
---
capchild/capture_session.h | 10 ++++++----
caputils/capture-pcap-util.h | 8 ++++----
caputils/ws80211_utils.h | 4 ++--
.../asn1/kerberos/packet-kerberos-template.h | 4 ++--
epan/dissectors/packet-a21.h | 4 ++--
epan/dissectors/packet-bluetooth.h | 8 ++++----
epan/dissectors/packet-scsi.h | 6 +++---
epan/dissectors/packet-tcp.h | 8 ++++----
epan/dissectors/packet-udp.h | 8 ++++----
epan/wmem/wmem_user_cb_int.h | 4 ++--
epan/wslua/init_wslua.h | 6 +++---
ui/export_object_ui.h | 4 ++--
ui/mcast_stream.h | 4 ++--
ui/packet_range.h | 8 ++++----
ui/proto_hier_stats.h | 6 +++---
ui/recent.h | 8 ++++----
ui/rtp_stream.h | 16 ++++++++--------
ui/tap-rlc-graph.h | 8 ++++----
ui/tap-sctp-analysis.h | 14 +++++++-------
ui/voip_calls.h | 18 +++++++++---------
20 files changed, 79 insertions(+), 77 deletions(-)
diff --git a/capchild/capture_session.h b/capchild/capture_session.h
index bdf1af3..0bf9565 100644
--- a/capchild/capture_session.h
+++ b/capchild/capture_session.h
@@ -10,10 +10,6 @@
#ifndef __CAPCHILD_CAPTURE_SESSION_H__
#define __CAPCHILD_CAPTURE_SESSION_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#ifndef _WIN32
#include <sys/types.h>
#include <stdint.h>
@@ -23,6 +19,12 @@ extern "C" {
#include <wsutil/processes.h>
+#include "cfile.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
#ifdef HAVE_LIBPCAP
/* Current state of capture engine. XXX - differentiate states */
typedef enum {
diff --git a/caputils/capture-pcap-util.h b/caputils/capture-pcap-util.h
index c9e1f55..486cee9 100644
--- a/caputils/capture-pcap-util.h
+++ b/caputils/capture-pcap-util.h
@@ -10,10 +10,6 @@
#ifndef __CAPTURE_PCAP_UTIL_H__
#define __CAPTURE_PCAP_UTIL_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#ifdef HAVE_LIBPCAP
#include <wsutil/wspcap.h>
@@ -29,6 +25,10 @@ extern "C" {
*/
#define MIN_PACKET_SIZE 1 /* minimum amount of packet data we can read */
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
GList *get_interface_list(int *err, char **err_str);
#ifdef HAVE_PCAP_REMOTE
GList *get_remote_interface_list(const char *hostname, const char *port,
diff --git a/caputils/ws80211_utils.h b/caputils/ws80211_utils.h
index a8b28cc..e90bc90 100644
--- a/caputils/ws80211_utils.h
+++ b/caputils/ws80211_utils.h
@@ -10,12 +10,12 @@
#ifndef __WS80211_UTILS_H__
#define __WS80211_UTILS_H__
+#include "ws_attributes.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include "ws_attributes.h"
-
enum ws80211_channel_type {
WS80211_CHAN_NO_HT,
WS80211_CHAN_HT20,
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.h b/epan/dissectors/asn1/kerberos/packet-kerberos-template.h
index f29fa68..3ca9f5e 100644
--- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.h
+++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.h
@@ -12,12 +12,12 @@
#ifndef __PACKET_KERBEROS_H
#define __PACKET_KERBEROS_H
-#include "ws_symbol_export.h"
-
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
+#include "ws_symbol_export.h"
+
/* This is a list of callback functions a caller can use to specify that
octet strings in kerberos to be passed back to application specific
dissectors, outside of kerberos.
diff --git a/epan/dissectors/packet-a21.h b/epan/dissectors/packet-a21.h
index 1877aa3..802b650 100644
--- a/epan/dissectors/packet-a21.h
+++ b/epan/dissectors/packet-a21.h
@@ -10,12 +10,12 @@
#ifndef __PACKET_A21_H__
#define __PACKET_A21_H__
+#include "ws_symbol_export.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include "ws_symbol_export.h"
-
WS_DLL_PUBLIC
void dissect_a21_ie_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *top_tree, proto_tree *tree, gint offset, guint8 message_type);
diff --git a/epan/dissectors/packet-bluetooth.h b/epan/dissectors/packet-bluetooth.h
index d59411b..0bd23f8 100644
--- a/epan/dissectors/packet-bluetooth.h
+++ b/epan/dissectors/packet-bluetooth.h
@@ -10,15 +10,15 @@
#ifndef __PACKET_BLUETOOTH_H__
#define __PACKET_BLUETOOTH_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/wmem/wmem.h>
#include "packet-usb.h"
#include "packet-ubertooth.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
#define PROTO_DATA_BLUETOOTH_SERVICE_UUID 0
#define BLUETOOTH_DATA_SRC 0
diff --git a/epan/dissectors/packet-scsi.h b/epan/dissectors/packet-scsi.h
index 408414e..4dce427 100644
--- a/epan/dissectors/packet-scsi.h
+++ b/epan/dissectors/packet-scsi.h
@@ -11,13 +11,13 @@
#ifndef __PACKET_SCSI_H_
#define __PACKET_SCSI_H_
+#include <epan/exceptions.h>
+#include <epan/srt_table.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <epan/exceptions.h>
-#include <epan/srt_table.h>
-
/* Structure containing itl nexus data :
* The itlq nexus is a structure containing data specific
* for a initiator target lun combination.
diff --git a/epan/dissectors/packet-tcp.h b/epan/dissectors/packet-tcp.h
index 3d2530f..255e4ab 100644
--- a/epan/dissectors/packet-tcp.h
+++ b/epan/dissectors/packet-tcp.h
@@ -10,16 +10,16 @@
#ifndef __PACKET_TCP_H__
#define __PACKET_TCP_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include "ws_symbol_export.h"
#include <epan/conversation.h>
#include <epan/wmem/wmem.h>
#include <epan/wmem/wmem_interval_tree.h>
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/* TCP flags */
#define TH_FIN 0x0001
#define TH_SYN 0x0002
diff --git a/epan/dissectors/packet-udp.h b/epan/dissectors/packet-udp.h
index 30857cb..6109ef4 100644
--- a/epan/dissectors/packet-udp.h
+++ b/epan/dissectors/packet-udp.h
@@ -11,14 +11,14 @@
#ifndef __PACKET_UDP_H__
#define __PACKET_UDP_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include "ws_symbol_export.h"
#include <epan/conversation.h>
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/* UDP structs and definitions */
typedef struct _e_udphdr {
guint16 uh_sport;
diff --git a/epan/wmem/wmem_user_cb_int.h b/epan/wmem/wmem_user_cb_int.h
index ae51917..205f35f 100644
--- a/epan/wmem/wmem_user_cb_int.h
+++ b/epan/wmem/wmem_user_cb_int.h
@@ -14,12 +14,12 @@
#include <glib.h>
+#include "wmem_user_cb.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include "wmem_user_cb.h"
-
WS_DLL_LOCAL
void
wmem_call_callbacks(wmem_allocator_t *allocator, wmem_cb_event_t event);
diff --git a/epan/wslua/init_wslua.h b/epan/wslua/init_wslua.h
index 8edb777..1fd0e88 100644
--- a/epan/wslua/init_wslua.h
+++ b/epan/wslua/init_wslua.h
@@ -11,13 +11,13 @@
#ifndef __INIT_WSLUA_H__
#define __INIT_WSLUA_H__
+#include "epan/register.h"
+#include "ws_symbol_export.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include "epan/register.h"
-#include "ws_symbol_export.h"
-
WS_DLL_PUBLIC int wslua_count_plugins(void);
WS_DLL_PUBLIC void wslua_reload_plugins (register_cb cb, gpointer client_data);
diff --git a/ui/export_object_ui.h b/ui/export_object_ui.h
index d0a80a1..6821c94 100644
--- a/ui/export_object_ui.h
+++ b/ui/export_object_ui.h
@@ -12,12 +12,12 @@
#ifndef __EXPORT_OBJECT_UI_H__
#define __EXPORT_OBJECT_UI_H__
+#include <epan/export_object.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <epan/export_object.h>
-
/* Common between protocols */
gboolean eo_save_entry(const gchar *save_as_filename, export_object_entry_t *entry, gboolean show_err);
diff --git a/ui/mcast_stream.h b/ui/mcast_stream.h
index 89d4bab..02b5ee9 100644
--- a/ui/mcast_stream.h
+++ b/ui/mcast_stream.h
@@ -18,12 +18,12 @@
#ifndef __MCAST_STREAM_H__
#define __MCAST_STREAM_H__
+#include <epan/tap.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <epan/tap.h>
-
#define MAX_SPEED 200000
/* typedefs for sliding window and buffer size */
diff --git a/ui/packet_range.h b/ui/packet_range.h
index e9b63c0..c1add38 100644
--- a/ui/packet_range.h
+++ b/ui/packet_range.h
@@ -15,15 +15,15 @@
#include <glib.h>
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/range.h>
#include <epan/frame_data.h>
#include "cfile.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
extern guint32 curr_selected_frame;
typedef enum {
diff --git a/ui/proto_hier_stats.h b/ui/proto_hier_stats.h
index e3b4259..601263a 100644
--- a/ui/proto_hier_stats.h
+++ b/ui/proto_hier_stats.h
@@ -10,6 +10,9 @@
#ifndef __UI_PROTO_HIER_STATS_H__
#define __UI_PROTO_HIER_STATS_H__
+#include <epan/proto.h>
+#include "cfile.h"
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
@@ -18,9 +21,6 @@ extern "C" {
* Protocol Hierarchy Statistics
*/
-#include <epan/proto.h>
-#include "cfile.h"
-
typedef struct {
header_field_info *hfinfo;
guint num_pkts_total;
diff --git a/ui/recent.h b/ui/recent.h
index a29b681..a2b3b1c 100644
--- a/ui/recent.h
+++ b/ui/recent.h
@@ -14,14 +14,14 @@
#include <glib.h>
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <stdio.h>
#include "epan/timestamp.h"
#include "ui/ws_ui_util.h"
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/** @file
* Recent user interface settings.
* @ingroup main_window_group
diff --git a/ui/rtp_stream.h b/ui/rtp_stream.h
index 65754a2..c6d0e35 100644
--- a/ui/rtp_stream.h
+++ b/ui/rtp_stream.h
@@ -16,6 +16,14 @@
#include <glib.h>
+#include "tap-rtp-analysis.h"
+#include <stdio.h>
+
+#include "cfile.h"
+
+#include <epan/address.h>
+#include <epan/tap.h>
+
/** @file
* "RTP Streams" dialog box common routines.
* @ingroup main_ui_group
@@ -25,14 +33,6 @@
extern "C" {
#endif /* __cplusplus */
-#include "tap-rtp-analysis.h"
-#include <stdio.h>
-
-#include "cfile.h"
-
-#include <epan/address.h>
-#include <epan/tap.h>
-
/** Defines an rtp stream */
typedef struct _rtp_stream_info {
address src_addr;
diff --git a/ui/tap-rlc-graph.h b/ui/tap-rlc-graph.h
index 8dfdc24..333bef3 100644
--- a/ui/tap-rlc-graph.h
+++ b/ui/tap-rlc-graph.h
@@ -10,15 +10,15 @@
#ifndef __TAP_RLC_GRAPH_H__
#define __TAP_RLC_GRAPH_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/epan.h>
#include <epan/packet.h>
#include <cfile.h>
#include <epan/dissectors/packet-rlc-lte.h>
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
struct rlc_segment {
struct rlc_segment *next;
guint32 num; /* framenum */
diff --git a/ui/tap-sctp-analysis.h b/ui/tap-sctp-analysis.h
index 16f7a23..2120e47 100644
--- a/ui/tap-sctp-analysis.h
+++ b/ui/tap-sctp-analysis.h
@@ -11,20 +11,20 @@
#ifndef __TAP_SCTP_ANALYSIS_H__
#define __TAP_SCTP_ANALYSIS_H__
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <epan/dissectors/packet-sctp.h>
#include <epan/address.h>
-#ifndef _WIN32
+#ifdef _WIN32
+#include <winsock2.h>
+#else
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
-#else
-#include <winsock2.h>
#endif
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
#define CHUNK_TYPE_LENGTH 1
#define CHUNK_FLAGS_LENGTH 1
#define CHUNK_LENGTH_LENGTH 2
diff --git a/ui/voip_calls.h b/ui/voip_calls.h
index 3f0b76a..7862f35 100644
--- a/ui/voip_calls.h
+++ b/ui/voip_calls.h
@@ -24,15 +24,6 @@
#include <glib.h>
-/** @file
- * "VoIP Calls" dialog box common routines.
- * @ingroup main_ui_group
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
#include <stdio.h>
#include "epan/address.h"
@@ -42,6 +33,15 @@ extern "C" {
#include "epan/tap-voip.h"
#include "epan/sequence_analysis.h"
+/** @file
+ * "VoIP Calls" dialog box common routines.
+ * @ingroup main_ui_group
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
/****************************************************************************/
extern const char *voip_call_state_name[8];
--
GitLab

296
Moving-glib.h-out-of-extern-C.patch
View File

@ -1,296 +0,0 @@
From c8246c99737c7a844f45eb0e777382cc68397d17 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <michalruprich@gmail.com>
Date: Wed, 10 Feb 2021 15:32:18 +0100
Subject: [PATCH] Moving glib.h out of extern C
---
caputils/capture_ifinfo.h | 4 ++--
epan/dissectors/dissectors.h | 3 +--
epan/epan.h | 3 ++-
epan/prefs.h | 4 ++--
epan/value_string.h | 3 ++-
epan/wmem/wmem_user_cb_int.h | 3 ++-
ui/packet_range.h | 4 ++--
ui/recent.h | 3 ++-
ui/rtp_media.h | 4 ++--
ui/rtp_stream.h | 3 ++-
ui/taps.h | 4 ++--
ui/voip_calls.h | 3 ++-
wsutil/file_util.h | 4 ++--
wsutil/plugins.h | 3 ++-
14 files changed, 27 insertions(+), 21 deletions(-)
diff --git a/caputils/capture_ifinfo.h b/caputils/capture_ifinfo.h
index 8e42b64..0e2c792 100644
--- a/caputils/capture_ifinfo.h
+++ b/caputils/capture_ifinfo.h
@@ -10,12 +10,12 @@
#ifndef __CAPTURE_IFINFO_H__
#define __CAPTURE_IFINFO_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
typedef enum {
IF_WIRED,
IF_AIRPCAP,
diff --git a/epan/dissectors/dissectors.h b/epan/dissectors/dissectors.h
index 5ff81d2..15b510d 100644
--- a/epan/dissectors/dissectors.h
+++ b/epan/dissectors/dissectors.h
@@ -11,14 +11,13 @@
#ifndef __DISSECTOR_REGISTER_H__
#define __DISSECTOR_REGISTER_H__
+#include <glib.h>
#include "ws_symbol_export.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
typedef struct _dissector_reg {
const char *cb_name;
void (*cb_func)(void);
diff --git a/epan/epan.h b/epan/epan.h
index 67e54dc..95f47f8 100644
--- a/epan/epan.h
+++ b/epan/epan.h
@@ -10,11 +10,12 @@
#ifndef __EPAN_H__
#define __EPAN_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
#include <epan/tvbuff.h>
#include <epan/prefs.h>
#include <epan/frame_data.h>
diff --git a/epan/prefs.h b/epan/prefs.h
index 7010a45..29e4eaf 100644
--- a/epan/prefs.h
+++ b/epan/prefs.h
@@ -11,12 +11,12 @@
#ifndef __PREFS_H__
#define __PREFS_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
#include <epan/params.h>
#include <epan/range.h>
diff --git a/epan/value_string.h b/epan/value_string.h
index 5fccabb..e6ddd1a 100644
--- a/epan/value_string.h
+++ b/epan/value_string.h
@@ -11,11 +11,12 @@
#ifndef __VALUE_STRING_H__
#define __VALUE_STRING_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
#include "ws_symbol_export.h"
#include "wmem/wmem.h"
diff --git a/epan/wmem/wmem_user_cb_int.h b/epan/wmem/wmem_user_cb_int.h
index 79ff154..ae51917 100644
--- a/epan/wmem/wmem_user_cb_int.h
+++ b/epan/wmem/wmem_user_cb_int.h
@@ -12,11 +12,12 @@
#ifndef __WMEM_USER_CB_INT_H__
#define __WMEM_USER_CB_INT_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
#include "wmem_user_cb.h"
WS_DLL_LOCAL
diff --git a/ui/packet_range.h b/ui/packet_range.h
index 9b0b5eb..e9b63c0 100644
--- a/ui/packet_range.h
+++ b/ui/packet_range.h
@@ -13,12 +13,12 @@
#ifndef __PACKET_RANGE_H__
#define __PACKET_RANGE_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
#include <epan/range.h>
#include <epan/frame_data.h>
diff --git a/ui/recent.h b/ui/recent.h
index cfafcc6..a29b681 100644
--- a/ui/recent.h
+++ b/ui/recent.h
@@ -12,11 +12,12 @@
#ifndef __RECENT_H__
#define __RECENT_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
#include <stdio.h>
#include "epan/timestamp.h"
#include "ui/ws_ui_util.h"
diff --git a/ui/rtp_media.h b/ui/rtp_media.h
index 3842582..2693b56 100644
--- a/ui/rtp_media.h
+++ b/ui/rtp_media.h
@@ -14,6 +14,8 @@
#ifndef __RTP_MEDIA_H__
#define __RTP_MEDIA_H__
+#include <glib.h>
+
/** @file
* "RTP Player" dialog box common routines.
* @ingroup main_ui_group
@@ -23,8 +25,6 @@
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
/****************************************************************************/
/* INTERFACE */
/****************************************************************************/
diff --git a/ui/rtp_stream.h b/ui/rtp_stream.h
index f280879..65754a2 100644
--- a/ui/rtp_stream.h
+++ b/ui/rtp_stream.h
@@ -14,6 +14,8 @@
#ifndef __RTP_STREAM_H__
#define __RTP_STREAM_H__
+#include <glib.h>
+
/** @file
* "RTP Streams" dialog box common routines.
* @ingroup main_ui_group
@@ -24,7 +26,6 @@ extern "C" {
#endif /* __cplusplus */
#include "tap-rtp-analysis.h"
-#include <glib.h>
#include <stdio.h>
#include "cfile.h"
diff --git a/ui/taps.h b/ui/taps.h
index 7718354..bc205d9 100644
--- a/ui/taps.h
+++ b/ui/taps.h
@@ -11,12 +11,12 @@
#ifndef __TAP_REGISTER_H__
#define __TAP_REGISTER_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
typedef struct _tap_reg {
const char *cb_name;
void (*cb_func)(void);
diff --git a/ui/voip_calls.h b/ui/voip_calls.h
index 5a72475..3f0b76a 100644
--- a/ui/voip_calls.h
+++ b/ui/voip_calls.h
@@ -22,6 +22,8 @@
#ifndef __VOIP_CALLS_H__
#define __VOIP_CALLS_H__
+#include <glib.h>
+
/** @file
* "VoIP Calls" dialog box common routines.
* @ingroup main_ui_group
@@ -31,7 +33,6 @@
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
#include <stdio.h>
#include "epan/address.h"
diff --git a/wsutil/file_util.h b/wsutil/file_util.h
index fe2f7ba..5d8f41a 100644
--- a/wsutil/file_util.h
+++ b/wsutil/file_util.h
@@ -11,14 +11,14 @@
#ifndef __FILE_UTIL_H__
#define __FILE_UTIL_H__
+#include <glib.h>
+
#include "ws_symbol_export.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
-
#ifdef _WIN32
#include <io.h> /* for _read(), _write(), etc. */
#include <gmodule.h>
diff --git a/wsutil/plugins.h b/wsutil/plugins.h
index 49c221e..1a76c78 100644
--- a/wsutil/plugins.h
+++ b/wsutil/plugins.h
@@ -11,11 +11,12 @@
#ifndef __PLUGINS_H__
#define __PLUGINS_H__
+#include <glib.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
-#include <glib.h>
#include <gmodule.h>
#include "ws_symbol_export.h"
--
GitLab

218
Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch
View File

@ -1,218 +0,0 @@
From d477e9a935aadd5f4c740511009454a2c26e1e7b Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Tue, 10 Apr 2018 03:05:20 -0700
Subject: [PATCH] Replace lbmpdm_fetch_uintN_encoded() with tvb_get_guintN().
They do the same thing.
Change-Id: I0ff800efca9e6812ae416677023c955869bbc0cc
Reviewed-on: https://code.wireshark.org/review/26850
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
epan/dissectors/packet-lbmpdm.c | 85 ++++++++++-------------------------------
1 file changed, 20 insertions(+), 65 deletions(-)
diff --git a/epan/dissectors/packet-lbmpdm.c b/epan/dissectors/packet-lbmpdm.c
index 0df5932..70bb649 100644
--- a/epan/dissectors/packet-lbmpdm.c
+++ b/epan/dissectors/packet-lbmpdm.c
@@ -454,57 +454,12 @@ static const value_string lbmpdm_field_fixed_length[] =
{ 0x0, NULL }
};
-static guint64 lbmpdm_fetch_uint64_encoded(tvbuff_t * tvb, int offset, int encoding)
-{
- guint64 value = 0;
-
- if (encoding == ENC_BIG_ENDIAN)
- {
- value = tvb_get_ntoh64(tvb, offset);
- }
- else
- {
- value = tvb_get_letoh64(tvb, offset);
- }
- return (value);
-}
-
-static guint32 lbmpdm_fetch_uint32_encoded(tvbuff_t * tvb, int offset, int encoding)
-{
- guint32 value = 0;
-
- if (encoding == ENC_BIG_ENDIAN)
- {
- value = tvb_get_ntohl(tvb, offset);
- }
- else
- {
- value = tvb_get_letohl(tvb, offset);
- }
- return (value);
-}
-
-static guint16 lbmpdm_fetch_uint16_encoded(tvbuff_t * tvb, int offset, int encoding)
-{
- guint16 value = 0;
-
- if (encoding == ENC_BIG_ENDIAN)
- {
- value = tvb_get_ntohs(tvb, offset);
- }
- else
- {
- value = tvb_get_letohs(tvb, offset);
- }
- return (value);
-}
-
static int lbmpdm_get_segment_length(tvbuff_t * tvb, int offset, int encoding, int * data_length)
{
guint32 datalen = 0;
int seglen = 0;
- datalen = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, encoding);
+ datalen = tvb_get_guint32(tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, encoding);
seglen = ((int)datalen) + L_LBMPDM_SEG_HDR_T;
*data_length = (int) datalen;
return (seglen);
@@ -629,7 +584,7 @@ static void dissect_field_value(tvbuff_t * tvb, int offset, proto_tree * tree, g
gint8 shift_count;
exponent = (gint8)tvb_get_guint8(tvb, offset);
- mantissa = (gint64)lbmpdm_fetch_uint64_encoded(tvb, offset + 1, encoding);
+ mantissa = (gint64)tvb_get_guint64(tvb, offset + 1, encoding);
if (exponent >= 0)
{
whole = mantissa;
@@ -676,8 +631,8 @@ static void dissect_field_value(tvbuff_t * tvb, int offset, proto_tree * tree, g
{
nstime_t timestamp;
- timestamp.secs = (time_t)lbmpdm_fetch_uint32_encoded(tvb, offset, encoding);
- timestamp.nsecs = (int)(lbmpdm_fetch_uint32_encoded(tvb, offset + 4, encoding) * 1000);
+ timestamp.secs = (time_t)tvb_get_guint32(tvb, offset, encoding);
+ timestamp.nsecs = (int)(tvb_get_guint32(tvb, offset + 4, encoding) * 1000);
proto_tree_add_time(tree, hf_lbmpdm_field_value_timestamp, tvb, offset, field_length, &timestamp);
}
break;
@@ -755,7 +710,7 @@ static int dissect_field(tvbuff_t * tvb, int offset, proto_tree * tree, lbmpdm_d
if (field->fixed == PDM_DEFN_VARIABLE_LENGTH_FIELD)
{
proto_tree_add_item(field_tree, hf_lbmpdm_field_length, tvb, ofs, 4, encoding);
- value_len = lbmpdm_fetch_uint32_encoded(tvb, ofs, encoding);
+ value_len = tvb_get_guint32(tvb, ofs, encoding);
field_len = value_len + 4;
value_offset += 4;
}
@@ -872,9 +827,9 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
offset_item = proto_tree_add_item(subtree, hf_lbmpdm_offset_entry, tvb, ofs, L_LBMPDM_OFFSET_ENTRY_T, ENC_NA);
offset_tree = proto_item_add_subtree(offset_item, ett_lbmpdm_offset_entry);
proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_id, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, L_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
- id_list[idx] = (gint32)lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
+ id_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_offset, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, L_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
- ofs_list[idx] = (gint32)lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
+ ofs_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
if (id_list[idx] > max_index)
{
max_index = id_list[idx];
@@ -936,7 +891,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
proto_tree_add_item(subtree, hf_lbmpdm_segment_len, tvb, offset + O_LBMPDM_SEG_HDR_T_LEN, L_LBMPDM_SEG_HDR_T_LEN, encoding);
ofs = offset + L_LBMPDM_SEG_HDR_T;
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_id, tvb, ofs + O_LBMPDM_DEFN_T_ID, L_LBMPDM_DEFN_T_ID, encoding);
- def_id = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_ID, encoding);
+ def_id = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_ID, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_num_fields, tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, L_LBMPDM_DEFN_T_NUM_FIELDS, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_field_names_type, tvb, ofs + O_LBMPDM_DEFN_T_FIELD_NAMES_TYPE, L_LBMPDM_DEFN_T_FIELD_NAMES_TYPE, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_segment_def_finalized, tvb, ofs + O_LBMPDM_DEFN_T_FINALIZED, L_LBMPDM_DEFN_T_FINALIZED, encoding);
@@ -950,7 +905,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
{
string_field_name = TRUE;
}
- num_fields = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, encoding);
+ num_fields = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_NUM_FIELDS, encoding);
if (add_definition)
{
def = lbmpdm_definition_find(channel, def_id, vers_major, vers_minor);
@@ -959,7 +914,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
def = lbmpdm_definition_add(channel, def_id, vers_major, vers_minor);
def->num_fields = num_fields;
def->field_names_type = tvb_get_guint8(tvb, ofs + O_LBMPDM_DEFN_T_FIELD_NAMES_TYPE);
- def->fixed_req_section_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + O_LBMPDM_DEFN_T_FIXED_REQ_SECTION_LEN, encoding);
+ def->fixed_req_section_len = tvb_get_guint32(tvb, ofs + O_LBMPDM_DEFN_T_FIXED_REQ_SECTION_LEN, encoding);
def->first_fixed_required = NULL;
def->fixed_required_count = 0;
}
@@ -978,7 +933,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
if (string_field_name)
{
- def_len = lbmpdm_fetch_uint32_encoded(tvb, ofs, encoding) + 4;
+ def_len = tvb_get_guint32(tvb, ofs, encoding) + 4;
}
field_item = proto_tree_add_item(subtree, hf_lbmpdm_segment_def_field, tvb, ofs, def_len, ENC_NA);
field_tree = proto_item_add_subtree(field_item, ett_lbmpdm_segment_def_field);
@@ -998,7 +953,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
proto_tree_add_item(field_tree, hf_lbmpdm_segment_def_field_str_name_len, tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, L_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding);
if (string_field_name)
{
- string_name_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding);
+ string_name_len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_STR_NAME_LEN, encoding);
if (string_name_len > 0)
{
string_name_ofs = ofs + def_ofs + L_LBMPDM_FIELD_INFO_T;
@@ -1012,19 +967,19 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
lbmpdm_definition_field_t * field = NULL;
guint32 field_id;
- field_id = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_ID, encoding);
+ field_id = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_ID, encoding);
field = lbmpdm_definition_field_find(def, field_id);
if (field == NULL)
{
field = lbmpdm_definition_field_add(def, field_id);
if (field != NULL)
{
- field->len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_LEN, encoding);
- field->fixed_string_len = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED_STR_LEN, encoding);
- field->num_array_elem = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_NUM_ARR_ELEM, encoding);
+ field->len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_LEN, encoding);
+ field->fixed_string_len = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED_STR_LEN, encoding);
+ field->num_array_elem = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_NUM_ARR_ELEM, encoding);
field->required = tvb_get_guint8(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_REQ);
field->fixed = tvb_get_guint8(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FIXED);
- field->field_int_name = lbmpdm_fetch_uint32_encoded(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FLD_INT_NAME, encoding);
+ field->field_int_name = tvb_get_guint32(tvb, ofs + def_ofs + O_LBMPDM_FIELD_INFO_T_FLD_INT_NAME, encoding);
if (string_field_name && (string_name_len > 0))
{
field->field_string_name_len = string_name_len;
@@ -1035,7 +990,7 @@ static int dissect_segment_defn(tvbuff_t * tvb, int offset, packet_info * pinfo,
field->field_string_name_len = 0;
field->field_string_name = NULL;
}
- field->field_type = lbmpdm_fetch_uint16_encoded(tvb, ofs + type_ofs, encoding);
+ field->field_type = tvb_get_guint16(tvb, ofs + type_ofs, encoding);
switch (field->field_type)
{
case PDM_TYPE_BOOLEAN:
@@ -1213,7 +1168,7 @@ gboolean lbmpdm_verify_payload(tvbuff_t * tvb, int offset, int * encoding, int *
return (FALSE);
break;
}
- len = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, *encoding);
+ len = tvb_get_guint32(tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, *encoding);
if (len > G_MAXINT)
{
return (FALSE);
@@ -1265,7 +1220,7 @@ int lbmpdm_dissect_lbmpdm_payload(tvbuff_t * tvb, int offset, packet_info * pinf
proto_tree_add_item(subtree, hf_lbmpdm_def_minor_ver, tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_MINOR_VER, L_LBMPDM_MSG_HDR_T_DEF_MINOR_VER, encoding);
msgid.ver_minor = tvb_get_guint8(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_MINOR_VER);
proto_tree_add_item(subtree, hf_lbmpdm_def_id, tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, L_LBMPDM_MSG_HDR_T_DEF_ID, encoding);
- msgid.msg_def_id = lbmpdm_fetch_uint32_encoded(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, encoding);
+ msgid.msg_def_id = tvb_get_guint32(tvb, offset + O_LBMPDM_MSG_HDR_T_DEF_ID, encoding);
proto_tree_add_item(subtree, hf_lbmpdm_len, tvb, offset + O_LBMPDM_MSG_HDR_T_LEN, L_LBMPDM_MSG_HDR_T_LEN, encoding);
next_hdr = tvb_get_guint8(tvb, offset + O_LBMPDM_MSG_HDR_T_NEXT_HDR);
--
1.7.12.4

60
SIGNATURES-2.6.2.txt
View File

@ -1,60 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
wireshark-2.6.2.tar.xz: 28392140 bytes
SHA256(wireshark-2.6.2.tar.xz)=49b2895ee3ba17ef9ef0aebfdc4d32a778e0f36ccadde184516557d5f3357094
RIPEMD160(wireshark-2.6.2.tar.xz)=e9b782d49d9a063ba556320e9f2c08dea079967d
SHA1(wireshark-2.6.2.tar.xz)=52517c30926211b0b718815b51a3f06a18d8f5da
Wireshark-win64-2.6.2.exe: 59963968 bytes
SHA256(Wireshark-win64-2.6.2.exe)=88aa2ca018090fc73ffb273aa1ba9f690ec06deb77d1ec7ff9b39fe646ca2877
RIPEMD160(Wireshark-win64-2.6.2.exe)=3b947ada3e64bfb1c1b16a470926d94ed9db391b
SHA1(Wireshark-win64-2.6.2.exe)=90217eb0ed020a53a9ae80682c0881d347d11b4a
Wireshark-win32-2.6.2.exe: 54249888 bytes
SHA256(Wireshark-win32-2.6.2.exe)=3d886e435570b7326f53d00996040ef65b9e2a5bffe48645ce29ea5a23930801
RIPEMD160(Wireshark-win32-2.6.2.exe)=c2c5afa101559976439f36401ea1cc4564fa624e
SHA1(Wireshark-win32-2.6.2.exe)=eb7c50e80d6e7ec834599c1facfd6a3fd66aebf8
Wireshark-win32-2.6.2.msi: 43728896 bytes
SHA256(Wireshark-win32-2.6.2.msi)=99d5d94345a20e177736533840ff59859a76e864247a8146a73fca227f004043
RIPEMD160(Wireshark-win32-2.6.2.msi)=7f21412e4d335f6e797356b968fbef14afb03b8c
SHA1(Wireshark-win32-2.6.2.msi)=05f1f9c4b9bed8c4447e5e31f907c578f52cf067
Wireshark-win64-2.6.2.msi: 49364992 bytes
SHA256(Wireshark-win64-2.6.2.msi)=381076d09c757038072f761f7eee9d5aa45fa8423b771ba34ddbd8b56f2c429c
RIPEMD160(Wireshark-win64-2.6.2.msi)=a080eec0f8bd089f493d0c76837d7fe03c1fa0dd
SHA1(Wireshark-win64-2.6.2.msi)=2c6b5bf555729d1e5ee3a1dda8d2b14d3bb01759
WiresharkPortable_2.6.2.paf.exe: 37482552 bytes
SHA256(WiresharkPortable_2.6.2.paf.exe)=d36727bdb8cc3a72bfb80084d3c634c3bfa4661f4de68d644b43ef5d41c52b69
RIPEMD160(WiresharkPortable_2.6.2.paf.exe)=a98756bf5a67e47e1ca9ecd8836f2e6913a56f27
SHA1(WiresharkPortable_2.6.2.paf.exe)=dd11e62f34212be77abee9d2227a2fd3b613b0a5
Wireshark 2.6.2 Intel 64.dmg: 169012317 bytes
SHA256(Wireshark 2.6.2 Intel 64.dmg)=ef54b04a73df4069e29e77bc1940f3b767ee498c4e28f739eabda78ef71ab4a9
RIPEMD160(Wireshark 2.6.2 Intel 64.dmg)=f93d2cc4057337ca76d1aa435b0039a60927bebb
SHA1(Wireshark 2.6.2 Intel 64.dmg)=3a46de720848b286e7c115c75c7b00bcd08155aa
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAltPqKQACgkQgiRKeOb+
rurNbg//dw5903/0W2vw1a6u8F9JVvXfctb9/t1IOD2yT2omPXFTfqEkcwcY5c8W
FoSsflHM6g4rf8jqpqyipSPb6lYRJjm1fZGDzTilVPe+pcAV/HZ2QSdwOgw9FiAs
sV2eZdqPMVqdeLgDGtC4aHHabwsytFNaWtZLVyKr4ojdUfJNIBa40iUrItxXfgxA
GDCnVpdapuygk4rMeDpi3qZtvEKmgZ9Yj5aseX+wBYIT21EShP/gHSKNSA8x3gGz
xnpvOrz2qyJmWB6sBmIQndEXrYdazKr14Fzhmc2ajFMOJLwTGIZg5wl+UDnmPikW
6R1gRzSwkjEtgTKlZ9Gcel8eg6fNjW9HC9d4VjZzG4N693YrYwlpu0FIvaK+QGxE
yEJKPJnlaCi37Q6GBiKIpC5NUkTnt38Gb5DJ4/N3tk4P2LGlSyyMxLc5U096Zd8V
KCE/OVUuZs/4NsgIYaTYWDyTeNjjN2ZXnyx0N3x8yzWHcB6gYVPJc2lKouZe9XqZ
9Gz1Fr0/LEbx+r0iFOEm9pX/W8a5pzZnMn5YYUeTue61ZZp/yBOf7oTqjCVvSPHU
rZhsHMLcZnBNFoYKr03dcvukgSNsndTJPXvAEIX9FVmQUcQAEsdXRFO/csihG7l/
7KWgNjReI7eoWkBUH8sx7J+4wZVy9leWjHTtkZKTeOo6OO1vJx4=
=OiJq
-----END PGP SIGNATURE-----

BIN
SIGNATURES-3.6.3.txt Normal file
View File

Binary file not shown.

55
fix-hash-table-key-memory-corruption.patch
View File

@ -1,55 +0,0 @@
From bbc327f73b2afb1d21c138d9e838c671e2378ab8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Mo=C5=84?= <desowin@gmail.com>
Date: Sun, 25 Aug 2019 20:28:47 +0200
Subject: [PATCH] NFS: Fix hash table key memory corruption
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When the same (as determined by key_equal_func) key gets added to the
GHashTable, old value gets freed and replaced with the new one. This is
fine for hash tables where the key validity is not tightly coupled to
the actual data.
In the nfs_name_snoop_matched hash table the key becomes invalid once
the value gets destroyed (because it shares the data pointed to by fh,
which gets freed once the value is destroyed).
A problematic capture includes packets such that the matching fh gets
added twice to the nfs_name_snoop_matched hash table. Prior to this
change the hash table would end up in a state where the new value is
associated with the old key (which contains pointer to already freed
memory). According to the nfs_name_snoop_matched_equal(), the old key
was equal to the key intended for new value *at the time* of insertion.
This change fixes the bug by using g_hash_table_replace() which does
update the key in case it already exists in the GHashTable.
Bug: 16017
Bug: 16019
Change-Id: Ib3943f1e27e82c05d9abaa1e436554b37a98488e
Reviewed-on: https://code.wireshark.org/review/34360
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit efe2926a66d3d7187a260226678daeb2aa6e4832)
Reviewed-on: https://code.wireshark.org/review/34362
Reviewed-by: Tomasz Moń <desowin@gmail.com>
---
epan/dissectors/packet-nfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-nfs.c b/epan/dissectors/packet-nfs.c
index 489d61afc5..715ee8294b 100644
--- a/epan/dissectors/packet-nfs.c
+++ b/epan/dissectors/packet-nfs.c
@@ -1196,7 +1196,7 @@ nfs_name_snoop_add_fh(int xid, tvbuff_t *tvb, int fh_offset, int fh_length)
key->fh = nns->fh;
g_hash_table_steal(nfs_name_snoop_unmatched, GINT_TO_POINTER(xid));
- g_hash_table_insert(nfs_name_snoop_matched, key, nns);
+ g_hash_table_replace(nfs_name_snoop_matched, key, nns);
}

40
kerberos-regenerate-packet-kerberos-header.patch
View File

@ -1,40 +0,0 @@
From 7efb2120bc37cbb3b23682c16f5bb73e05295383 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Tue, 16 Mar 2021 14:57:30 -0700
Subject: [PATCH] kerberos: regenerate packet-kerberos.h.
We updated the template; regenerate the header.
---
epan/dissectors/packet-kerberos.h | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/epan/dissectors/packet-kerberos.h b/epan/dissectors/packet-kerberos.h
index 8af3a90..5072e01 100644
--- a/epan/dissectors/packet-kerberos.h
+++ b/epan/dissectors/packet-kerberos.h
@@ -90,6 +90,10 @@ extern gboolean krb_decrypt;
#endif /* HAVE_KERBEROS */
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
/*--- Included file: packet-kerberos-exp.h ---*/
#line 1 "./asn1/kerberos/packet-kerberos-exp.h"
@@ -116,10 +120,7 @@ extern gboolean krb_decrypt;
int dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
/*--- End of included file: packet-kerberos-exp.h ---*/
-#line 86 "./asn1/kerberos/packet-kerberos-template.h"
+#line 89 "./asn1/kerberos/packet-kerberos-template.h"
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
#endif /* __PACKET_KERBEROS_H */
--
GitLab

57
wireshark-0002-Customize-permission-denied-error.patch Normal file
View File

@ -0,0 +1,57 @@
From: Jan Safranek <jsafrane@redhat.com>
Date: Fri, 26 Nov 2010 14:30:45 +0300
Subject: [PATCH] Customize 'permission denied' error.
Add Fedora-specific message to error output when dumpcap cannot be started
because of permissions.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
diff --git a/capture/capture_sync.c b/capture/capture_sync.c
index 2f9d2cc..b18e47f 100644
--- a/capture/capture_sync.c
+++ b/capture/capture_sync.c
@@ -375,6 +375,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
gchar *signal_pipe_name;
#else
char errmsg[1024+1];
+ const char *securitymsg = "";
int sync_pipe[2]; /* pipe used to send messages from child to parent */
enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
#endif
@@ -728,8 +729,11 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
dup2(sync_pipe[PIPE_WRITE], 2);
ws_close(sync_pipe[PIPE_READ]);
execv(argv[0], argv);
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
- argv[0], g_strerror(errno));
+ if (errno == EPERM || errno == EACCES)
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+ argv[0], g_strerror(errno), securitymsg);
+
sync_pipe_errmsg_to_parent(2, errmsg, "");
/* Exit with "_exit()", so that we don't close the connection
@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
int i;
#else
char errmsg[1024+1];
+ const char *securitymsg = "";
int sync_pipe[2]; /* pipe used to send messages from child to parent */
int data_pipe[2]; /* pipe used to send data from child to parent */
#endif
@@ -1003,8 +1008,11 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
ws_close(sync_pipe[PIPE_READ]);
ws_close(sync_pipe[PIPE_WRITE]);
execv(argv[0], argv);
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
- argv[0], g_strerror(errno));
+ execv(argv[0], (gpointer)argv);
+ if (errno == EPERM || errno == EACCES)
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+ argv[0], g_strerror(errno), securitymsg);
sync_pipe_errmsg_to_parent(2, errmsg, "");
/* Exit with "_exit()", so that we don't close the connection

18
wireshark-0003-fix-string-overrun-in-plugins-profinet.patch Normal file
View File

@ -0,0 +1,18 @@
From: Peter Hatina <phatina@redhat.com>
Date: Wed, 4 Sep 2013 10:03:57 +0200
Subject: [PATCH] fix string overrun in plugins/profinet
diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c
index 0f1658a..f7fd322 100644
--- a/plugins/epan/profinet/packet-dcom-cba.c
+++ b/plugins/epan/profinet/packet-dcom-cba.c
@@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 u32Pointer;
- gchar szStr[1000];
+ gchar szStr[1000] = "";
guint32 u32MaxStr = sizeof(szStr);
gchar *call;

15
wireshark-0004-Restore-Fedora-specific-groups.patch Normal file
View File

@ -0,0 +1,15 @@
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Fri, 13 Sep 2013 14:36:55 +0400
Subject: [PATCH] Restore Fedora-specific groups
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/org.wireshark.Wireshark.desktop b/org.wireshark.Wireshark.desktop
index 334db48..669c6f1 100644
--- a/org.wireshark.Wireshark.desktop
+++ b/org.wireshark.Wireshark.desktop
@@ -108,4 +108,4 @@ Terminal=false
MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr;
# Category entry according to:
# https://specifications.freedesktop.org/menu-spec/1.0/
-Categories=Network;Monitor;Qt;
+Categories=Application;Network;Monitor;Qt;

20
wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch Normal file
View File

@ -0,0 +1,20 @@
From: Kenneth Soerensen <knnthsrnsn@gmail.com>
Date: Wed, 29 Jan 2014 16:04:12 +0400
Subject: [PATCH] Fix paths in a org.wireshark.Wireshark.desktop file
diff --git a/org.wireshark.Wireshark.desktop b/org.wireshark.Wireshark.desktop
index 669c6f1..f7df1f3 100644
--- a/org.wireshark.Wireshark.desktop
+++ b/org.wireshark.Wireshark.desktop
@@ -102,8 +102,8 @@ Comment[tr]=Ağ trafiği çözümleyicisi
Comment[vi]=Trình phân tích giao thông mạng
Comment[uk]=Аналізатор мережевого трафіку
Icon=org.wireshark.Wireshark
-TryExec=wireshark
-Exec=wireshark %f
+TryExec=/usr/bin/wireshark
+Exec=/usr/bin/wireshark %f
Terminal=false
MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr;
# Category entry according to:

189
wireshark-0006-Move-tmp-to-var-tmp.patch
View File

@ -6,41 +6,18 @@ Subject: [PATCH] Move /tmp to /var/tmp
Fedora is using tmpfs which is limited by the size of RAM, thus we need Fedora is using tmpfs which is limited by the size of RAM, thus we need
to use different directory on different filesystem. to use different directory on different filesystem.
--- ---
ui/gtk/about_dlg.c | 3 +-
ui/qt/about_dialog.cpp | 3 +- ui/qt/about_dialog.cpp | 3 +-
ui/qt/iax2_analysis_dialog.cpp | 5 +-- ui/qt/iax2_analysis_dialog.cpp | 5 +--
ui/qt/rtp_analysis_dialog.cpp | 5 +-- ui/qt/rtp_analysis_dialog.cpp | 5 +--
ui/qt/rtp_audio_stream.cpp | 3 +- ui/qt/rtp_audio_stream.cpp | 3 +-
wsutil/Makefile.am | 6 ++--
wsutil/tempfile.c | 9 +++--- wsutil/tempfile.c | 9 +++---
wsutil/tempfile.h | 4 +-- wsutil/tempfile.h | 4 +--
wsutil/wstmpdir.c | 70 ++++++++++++++++++++++++++++++++++++++++++ wsutil/wstmpdir.c | 70 ++++++++++++++++++++++++++++++++++++++++++
wsutil/wstmpdir.h | 39 +++++++++++++++++++++++ wsutil/wstmpdir.h | 39 +++++++++++++++++++++++
10 files changed, 132 insertions(+), 15 deletions(-) 8 files changed, 132 insertions(+), 11 deletions(-)
create mode 100644 wsutil/wstmpdir.c create mode 100644 wsutil/wstmpdir.c
create mode 100644 wsutil/wstmpdir.h create mode 100644 wsutil/wstmpdir.h
diff --git a/ui/gtk/about_dlg.c b/ui/gtk/about_dlg.c
index 22ca841..6bcb527 100644
--- a/ui/gtk/about_dlg.c
+++ b/ui/gtk/about_dlg.c
@@ -28,6 +28,7 @@
#include <gtk/gtk.h>
#include <wsutil/filesystem.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <wsutil/copyright_info.h>
#include <version_info.h>
#ifdef HAVE_LIBSMI
@@ -427,7 +428,7 @@ about_folders_page_new(void)
"capture files");
/* temp */
- about_folders_row(table, "Temp", g_get_tmp_dir(),
+ about_folders_row(table, "Temp", get_tmp_dir(),
"untitled capture files");
/* pers conf */
diff --git a/ui/qt/about_dialog.cpp b/ui/qt/about_dialog.cpp diff --git a/ui/qt/about_dialog.cpp b/ui/qt/about_dialog.cpp
index 31dc581..2f74285 100644 index 31dc581..2f74285 100644
--- a/ui/qt/about_dialog.cpp --- a/ui/qt/about_dialog.cpp
@ -54,14 +31,14 @@ index 31dc581..2f74285 100644
#include <QDesktopServices> #include <QDesktopServices>
#include <QUrl> #include <QUrl>
@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent): @@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent):
appendRow( QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files")); appendRow(QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files"));
/* temp */ /* temp */
- appendRow( QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files")); - appendRow(QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files"));
+ appendRow( QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files")); + appendRow(QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files"));
/* pers conf */ /* pers conf */
appendRow( QStringList() << tr("Personal configuration") appendRow(QStringList() << tr("Personal configuration")
diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp
index ee4e5fd..fe17a95 100644 index ee4e5fd..fe17a95 100644
--- a/ui/qt/iax2_analysis_dialog.cpp --- a/ui/qt/iax2_analysis_dialog.cpp
@ -87,110 +64,72 @@ index ee4e5fd..fe17a95 100644
rev_tempfile_ = new QTemporaryFile(tempname, this); rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open(); rev_tempfile_->open();
diff --git a/ui/qt/rtp_analysis_dialog.cpp b/ui/qt/rtp_analysis_dialog.cpp diff --git a/ui/qt/utils/rtp_audio_file.cpp b/ui/qt/utils/rtp_audio_file.cpp
index 5d82e46..8008984 100644 index 591a63b..203f5c5 100644
--- a/ui/qt/rtp_analysis_dialog.cpp --- a/ui/qt/utils/rtp_audio_file.cpp
+++ b/ui/qt/rtp_analysis_dialog.cpp +++ b/ui/qt/utils/rtp_audio_file.cpp
@@ -37,6 +37,7 @@ @@ -31,6 +31,7 @@
#include <wsutil/g711.h> #include "rtp_audio_file.h"
#include <wsutil/pint.h> #include <ws_attributes.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */ +#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QMessageBox> RtpAudioFile::RtpAudioFile(bool use_disk_for_temp, bool use_disk_for_frames):
#include <QPushButton> real_pos_(0)
@@ -331,10 +332,10 @@ RtpAnalysisDialog::RtpAnalysisDialog(QWidget &parent, CaptureFile &cf, struct _r @@ -45,7 +46,7 @@ RtpAudioFile::RtpAudioFile(bool use_disk_for_temp, bool use_disk_for_frames):
// We keep our temp files open for the lifetime of the dialog. The GTK+ tempname = "memory";
// UI opens and closes at various points. if (use_disk_for_temp) {
- QString tempname = QString("%1/wireshark_rtp_f").arg(QDir::tempPath()); - tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_rtp_f").arg(get_tmp_dir()); + tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir());
fwd_tempfile_ = new QTemporaryFile(tempname, this); sample_file_ = new QTemporaryFile(tempname, this);
fwd_tempfile_->open(); } else {
- tempname = QString("%1/wireshark_rtp_r").arg(QDir::tempPath()); sample_file_ = new QBuffer(this);
+ tempname = QString("%1/wireshark_rtp_r").arg(get_tmp_dir());
rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open();
diff --git a/ui/qt/rtp_audio_stream.cpp b/ui/qt/rtp_audio_stream.cpp
index fde66c8..b9531d2 100644
--- a/ui/qt/rtp_audio_stream.cpp
+++ b/ui/qt/rtp_audio_stream.cpp
@@ -37,6 +37,7 @@
#include <ui/rtp_stream.h>
#include <wsutil/nstime.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QAudioFormat>
#include <QAudioOutput>
@@ -76,7 +77,7 @@ RtpAudioStream::RtpAudioStream(QObject *parent, _rtp_stream_info *rtp_stream) :
visual_sample_rate_, SPEEX_RESAMPLER_QUALITY_MIN, NULL);
speex_resampler_skip_zeros(visual_resampler_);
- QString tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir());
tempfile_ = new QTemporaryFile(tempname, this);
tempfile_->open();
diff --git a/wsutil/Makefile.am b/wsutil/Makefile.am
index 2af1b6c..aa149a2 100644
--- a/wsutil/Makefile.am
+++ b/wsutil/Makefile.am
@@ -90,6 +90,7 @@ WSUTIL_PUBLIC_INCLUDES = \
ws_pipe.h \
ws_printf.h \
wsjsmn.h \
+ wstmpdir.h \
wsgcrypt.h \
wsgetopt.h \
wspcap.h \
@@ -168,6 +169,7 @@ libwsutil_la_SOURCES = \
ws_pipe.c \
wsgcrypt.c \
wsjsmn.c \
+ wstmpdir.c \
xtea.c
if HAVE_PLUGINS
diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c
index 8e1f8dc..dcf2f78 100644 index 5082452..f751a7c 100644
--- a/wsutil/tempfile.c --- a/wsutil/tempfile.c
+++ b/wsutil/tempfile.c +++ b/wsutil/tempfile.c
@@ -36,6 +36,7 @@ @@ -12,10 +12,12 @@
#include <glib.h>
#include "tempfile.h" #include "tempfile.h"
#include <wsutil/file_util.h> +#include <wsutil/file_util.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */ +#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#ifndef __set_errno /**
#define __set_errno(x) errno=(x) * Create a tempfile with the given prefix (e.g. "wireshark"). The path
@@ -83,13 +83,14 @@ mkstemps(char *path_template, int suffixlen) - * is created using g_file_open_tmp.
*/ + * is created using get_tmp_dir.
char *get_tempfile_path(const char *filename)
{
- return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", g_get_tmp_dir(), filename);
+ return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", get_tmp_dir(), filename);
}
#define MAX_TEMPFILES 3
/**
- * Create a tempfile with the given prefix (e.g. "wireshark").
+ * Create a tempfile with the given prefix (e.g. "wireshark"). The path
+ * is created using get_tmp_dir and mkdtemp
* *
* @param namebuf If not NULL, receives the full path of the temp file. * @param namebuf [in,out] If not NULL, receives the full path of the temp file.
* Should NOT be freed. * Must be freed.
@@ -199,7 +200,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx) @@ -30,6 +31,9 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err)
tf[idx].path = (char *)g_malloc(tf[idx].len); {
} int fd;
gchar *safe_pfx = NULL;
- tmp_dir = g_get_tmp_dir(); + gchar *tmp_file;
+ const char *tmp_dir;
+ int old_mask;
if (pfx) {
/* The characters in "delimiters" come from:
@@ -49,7 +53,15 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err)
gchar* filetmpl = g_strdup_printf("%sXXXXXX%s", safe_pfx ? safe_pfx : "", sfx ? sfx : "");
g_free(safe_pfx);
- fd = g_file_open_tmp(filetmpl, namebuf, err);
+ tmp_dir = get_tmp_dir(); + tmp_dir = get_tmp_dir();
+ tmp_file = g_strconcat(tmp_dir, "/", filetmpl, NULL);
#ifdef _WIN32 +
_tzset(); + if (namebuf)
+ *namebuf = tmp_file;
+
+ old_mask = ws_umask(0077);
+ fd = mkstemps(tmp_file, sfx ? (int) strlen(sfx) : 0);
+ ws_umask(old_mask);
g_free(filetmpl);
return fd;
diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h
index 1dca2df..bb3160c 100644 index 1dca2df..bb3160c 100644
--- a/wsutil/tempfile.h --- a/wsutil/tempfile.h
@ -199,17 +138,17 @@ index 1dca2df..bb3160c 100644
/** /**
* Create a tempfile with the given prefix (e.g. "wireshark"). The path * Create a tempfile with the given prefix (e.g. "wireshark"). The path
- * is created using g_get_tmp_dir and mkstemp. - * is created using g_file_open_tmp.
+ * is created using get_tmp_dir and mkstemp. + * is created using get_tmp_dir and mkstemp.
* *
* @param namebuf [in,out] If not NULL, receives the full path of the temp file. * @param namebuf [in,out] If not NULL, receives the full path of the temp file.
* Must NOT be freed. * Must be freed.
diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c
new file mode 100644 new file mode 100644
index 0000000..d8b733b index 0000000..d8b733b
--- /dev/null --- /dev/null
+++ b/wsutil/wstmpdir.c +++ b/wsutil/wstmpdir.c
@@ -0,0 +1,70 @@ @@ -0,0 +1,71 @@
+/* wstmpdir.c +/* wstmpdir.c
+ * + *
+ * Copyright (C) 2013 Red Hat, Inc. All right reserved. + * Copyright (C) 2013 Red Hat, Inc. All right reserved.
@ -267,6 +206,7 @@ index 0000000..d8b733b
+ k = strlen(tmp); + k = strlen(tmp);
+ if (k > 1 && G_IS_DIR_SEPARATOR(tmp[k - 1])) + if (k > 1 && G_IS_DIR_SEPARATOR(tmp[k - 1]))
+ tmp[k - 1] = '\0'; + tmp[k - 1] = '\0';
+ fprintf(stderr, "Using P_tmpdir: %s\n", P_tmpdir);
+ } + }
+#endif /* P_tmpdir */ +#endif /* P_tmpdir */
+ +
@ -327,4 +267,3 @@ index 0000000..07ac583
+#endif +#endif
-- --
2.13.0 2.13.0

25
wireshark-0007-cmakelists.patch
View File

@ -1,16 +1,3 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9e3b555..b0abd84 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3069,7 +3069,7 @@ if(RPMBUILD_EXECUTABLE AND GIT_EXECUTABLE)
endif()
execute_process(
- COMMAND git describe --abbrev=8 --match v[1-9]*
+ COMMAND git describe --always --abbrev=8 --match v[1-9]*
OUTPUT_VARIABLE _git_description
OUTPUT_STRIP_TRAILING_WHITESPACE
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt
index 0367cd1..6382a2c 100644 index 0367cd1..6382a2c 100644
--- a/wsutil/CMakeLists.txt --- a/wsutil/CMakeLists.txt
@ -18,16 +5,16 @@ index 0367cd1..6382a2c 100644
@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS @@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS
ws_mempbrk_int.h ws_mempbrk_int.h
ws_pipe.h ws_pipe.h
ws_printf.h ws_roundup.h
+ wstmpdir.h + wstmpdir.h
wsjsmn.h wsjson.h
wslog.h
xtea.h xtea.h
)
@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES @@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES
unicode-utils.c ws_getopt.c
ws_mempbrk.c ws_mempbrk.c
ws_pipe.c ws_pipe.c
+ wstmpdir.c + wstmpdir.c
wsgcrypt.c wsgcrypt.c
wsjsmn.c wsjson.c
xtea.c wslog.c

BIN
wireshark-2.6.2.tar.xz → wireshark-3.6.3.tar.xz
View File

Binary file not shown.

46
wireshark-CVE-2018-16057.patch
View File

@ -1,46 +0,0 @@
From 739eebd3d2e39db63c959eb99291edf59647ed6d Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Wed, 8 Aug 2018 16:45:21 +0200
Subject: [PATCH] 802.11 Radiotap: add more bound checks in
ieee80211_radiotap_iterator_next()
Bug: 15022
Change-Id: Ife413312c88b8d78926c78bdb6707903257e7964
Reviewed-on: https://code.wireshark.org/review/29017
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
---
epan/dissectors/packet-ieee80211-radiotap-iter.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/epan/dissectors/packet-ieee80211-radiotap-iter.c b/epan/dissectors/packet-ieee80211-radiotap-iter.c
index 167cb39..e10fdaf 100644
--- a/epan/dissectors/packet-ieee80211-radiotap-iter.c
+++ b/epan/dissectors/packet-ieee80211-radiotap-iter.c
@@ -132,6 +132,7 @@ int ieee80211_radiotap_iterator_init(
iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
iterator->_arg = (guint8 *)radiotap_header + sizeof(*radiotap_header);
iterator->_reset_on_ext = 0;
+ iterator->_next_ns_data = NULL;
iterator->_next_bitmap = &radiotap_header->it_present;
iterator->_next_bitmap++;
iterator->_vns = vns;
@@ -288,9 +289,14 @@ int ieee80211_radiotap_iterator_next(
}
if (!align) {
/* skip all subsequent data */
+ if (!iterator->_next_ns_data)
+ return -EINVAL;
iterator->_arg = iterator->_next_ns_data;
/* give up on this namespace */
iterator->current_namespace = NULL;
+ iterator->_next_ns_data = NULL;
+ if (!ITERATOR_VALID(iterator, 0))
+ return -EINVAL;
goto next_entry;
}
break;
--
1.7.12.4

37
wireshark-CVE-2018-16058.patch
View File

@ -1,37 +0,0 @@
From c48d6a6d60c5c9111838a945966b6cb8750777be Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Tue, 14 Aug 2018 11:03:09 +0200
Subject: [PATCH] BT A2DP: fully initialize sep_entry_t structure
Bug: 14884
Change-Id: Id409563d5e8869596db7b479132045bf8cf88f16
Reviewed-on: https://code.wireshark.org/review/29128
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-btavdtp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-btavdtp.c b/epan/dissectors/packet-btavdtp.c
index afdac33..c21308b 100644
--- a/epan/dissectors/packet-btavdtp.c
+++ b/epan/dissectors/packet-btavdtp.c
@@ -719,13 +719,11 @@ dissect_sep(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset,
key[6].length = 0;
key[6].key = NULL;
- sep_data = wmem_new(wmem_file_scope(), sep_entry_t);
+ sep_data = wmem_new0(wmem_file_scope(), sep_entry_t);
sep_data->seid = seid;
sep_data->type = type;
sep_data->media_type = media_type;
- sep_data->int_seid = 0;
sep_data->codec = -1;
- sep_data->content_protection_type = 0;
if (in_use) {
sep_data->state = SEP_STATE_IN_USE;
} else {
--
1.7.12.4

56
wireshark-CVE-2018-18225.patch
View File

@ -1,56 +0,0 @@
From 5a2aafef7a8ad4b3917823133c2e3534951fc4d3 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 9 Oct 2018 19:18:34 +0200
Subject: [PATCH] coap: ensure that piv_len matches piv
In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).
Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-coap.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/epan/dissectors/packet-coap.c b/epan/dissectors/packet-coap.c
index b034042..40331af 100644
--- a/epan/dissectors/packet-coap.c
+++ b/epan/dissectors/packet-coap.c
@@ -451,8 +451,11 @@ dissect_coap_opt_object_security(tvbuff_t *tvb, proto_item *head_item, proto_tre
coinfo->object_security = TRUE;
coinfo->oscore_info->piv = NULL;
+ coinfo->oscore_info->piv_len = 0;
coinfo->oscore_info->kid_context = NULL;
+ coinfo->oscore_info->kid_context_len = 0;
coinfo->oscore_info->kid = NULL;
+ coinfo->oscore_info->kid_len = 0;
if (opt_length == 0) { /* option length is zero, means flag byte is 0x00*/
/* add info to the head of the packet detail */
@@ -1148,11 +1151,9 @@ dissect_coap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* d
/* Indicate to OSCORE that this response contains its own PIV */
coinfo->oscore_info->piv_in_response = TRUE;
coap_trans->oscore_info->piv_in_response = TRUE;
- } else {
- if (coap_trans->oscore_info->piv) {
- /* Use the PIV from the request */
- coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
- }
+ } else if (coap_trans->oscore_info->piv_len > 0) {
+ /* Use the PIV from the request */
+ coinfo->oscore_info->piv = (guint8 *) wmem_memdup(wmem_packet_scope(), coap_trans->oscore_info->piv, coap_trans->oscore_info->piv_len);
coinfo->oscore_info->piv_len = coap_trans->oscore_info->piv_len;
}
coinfo->oscore_info->response = TRUE;
--
1.7.12.4

81
wireshark-CVE-2018-18226.patch
View File

@ -1,81 +0,0 @@
From f3986c24728f03a346a10388fd6c15ea9ae16d41 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 9 Oct 2018 18:16:11 +0200
Subject: [PATCH] steam-ihs: fix memleak on exception
When protobuf_dissect_unknown_field throws an exception,
steamdiscover_dissect_body_status will leak memory as
wmem_destroy_allocator is not called. Capture fuzz-2018-10-06-3104.pcap
from the linked bug leaks 64kiB memory in each frame 14 and 36.
Bug: 15171
Change-Id: I930d0738fde61799ab4ef2310f8ff11c1bcb032b
Fixes: v2.5.1rc0-130-g7ae954c7ac ("steam-ihs: Add dissector for the Steam IHS Discovery Protocol")
Reviewed-on: https://code.wireshark.org/review/30098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-steam-ihs-discovery.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/epan/dissectors/packet-steam-ihs-discovery.c b/epan/dissectors/packet-steam-ihs-discovery.c
index 1bec81e..9d238f4 100644
--- a/epan/dissectors/packet-steam-ihs-discovery.c
+++ b/epan/dissectors/packet-steam-ihs-discovery.c
@@ -491,9 +491,7 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree
protobuf_desc_t pb = { tvb, offset, bytes_left };
protobuf_desc_t pb2 = { tvb, 0, 0 };
protobuf_tag_t tag = { 0, 0, 0 };
- wmem_allocator_t* strpool;
guint8 *hostname;
- strpool = wmem_allocator_new(WMEM_ALLOCATOR_SIMPLE);
nstime_t timestamp;
proto_tree *user_tree;
proto_item *user_it;
@@ -522,7 +520,7 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree
value = get_varint64(pb.tvb, pb.offset, pb.bytes_left, &len);
proto_tree_add_item(tree, hf_steam_ihs_discovery_body_status_hostname, pb.tvb,
pb.offset+len, (gint)value, ENC_UTF_8|ENC_NA);
- hostname = tvb_get_string_enc(strpool, pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
+ hostname = tvb_get_string_enc(wmem_packet_scope(), pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
if(hostname && strlen(hostname)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s from %s", hf_steam_ihs_discovery_header_msgtype_strings[STEAMDISCOVER_MSGTYPE_CLIENTBROADCASTMSGSTATUS].strptr, hostname);
}
@@ -615,7 +613,6 @@ steamdiscover_dissect_body_status(tvbuff_t *tvb, packet_info *pinfo, proto_tree
}
protobuf_seek_forward(&pb, len);
}
- wmem_destroy_allocator(strpool);
}
/* Dissect a CMsgRemoteDeviceAuthorizationRequest protobuf message body.
@@ -648,8 +645,6 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_
gint64 value;
protobuf_desc_t pb = { tvb, offset, bytes_left };
protobuf_tag_t tag = { 0, 0, 0 };
- wmem_allocator_t *strpool;
- strpool = wmem_allocator_new(WMEM_ALLOCATOR_SIMPLE);
guint8* devicename;
while (protobuf_iter_next(&pb, &tag)) {
switch(tag.field_number) {
@@ -665,7 +660,7 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_
value = get_varint64(pb.tvb, pb.offset, pb.bytes_left, &len);
proto_tree_add_item(tree, hf_steam_ihs_discovery_body_authrequest_devicename, pb.tvb,
pb.offset+len, (gint)value, ENC_UTF_8|ENC_NA);
- devicename = tvb_get_string_enc(strpool, pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
+ devicename = tvb_get_string_enc(wmem_packet_scope(), pb.tvb, pb.offset+len, (gint)value, ENC_UTF_8);
if (devicename && strlen(devicename)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " from %s", devicename);
}
@@ -684,7 +679,6 @@ steamdiscover_dissect_body_authrequest(tvbuff_t *tvb, packet_info *pinfo, proto_
}
protobuf_seek_forward(&pb, len);
}
- wmem_destroy_allocator(strpool);
}
/* Dissect a CMsgRemoteDeviceAuthorizationResponse protobuf message body.
--
1.7.12.4

744
wireshark-CVE-2018-18227.patch
View File

@ -1,744 +0,0 @@
From f4d2dffd8be1df30a832647a2f188507076f0fed Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Sun, 9 Sep 2018 10:45:56 -0700
Subject: [PATCH] Fix handling of invalid type values.
If vType_get_type() returns NULL, that means that the packet is bad, not
that the dissector is bad. Report it as such.
Bug: 15119
Change-Id: I8e66fcece2b526ef9edbf948862f8fc5bea25d74
Reviewed-on: https://code.wireshark.org/review/29511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
epan/dissectors/packet-mswsp.c | 284 ++++++++++++++---------------------------
1 file changed, 99 insertions(+), 185 deletions(-)
diff --git a/epan/dissectors/packet-mswsp.c b/epan/dissectors/packet-mswsp.c
index 4217130..295192a 100644
--- a/epan/dissectors/packet-mswsp.c
+++ b/epan/dissectors/packet-mswsp.c
@@ -359,6 +359,7 @@ static int SMB2 = 2;
void proto_reg_handoff_mswsp(void);
+static expert_field ei_mswsp_invalid_variant_type = EI_INIT;
static expert_field ei_missing_msg_context = EI_INIT;
static expert_field ei_mswsp_msg_cpmsetbinding_ccolumns = EI_INIT;
@@ -3068,7 +3069,7 @@ static int parse_lcid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, const
/*****************************************************************************************/
/* 2.2.1.1 CBaseStorageVariant */
-static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CBaseStorageVariant *value, const char *text);
+static int parse_CBaseStorageVariant(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CBaseStorageVariant *value, const char *text);
/* 2.2.1.2 CFullPropSpec */
static int parse_CFullPropSpec(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *pad_tree, struct CFullPropSpec *v, const char *fmt, ...);
@@ -3080,10 +3081,10 @@ static int parse_CContentRestriction(tvbuff_t *tvb, int offset, proto_tree *pare
static int parse_CNatLanguageRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNatLanguageRestriction *v, const char *fmt, ...);
/* 2.2.1.6 CNodeRestriction */
-static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char* fmt, ...);
+static int parse_CNodeRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char* fmt, ...);
/* 2.2.1.7 CPropertyRestriction */
-static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...);
+static int parse_CPropertyRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...);
/* 2.2.1.8 CReuseWhere */
static int parse_CReuseWhere(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CReuseWhere *v, const char *fmt, ...);
@@ -3092,27 +3093,27 @@ static int parse_CReuseWhere(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
static int parse_CSort(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, const char *fmt, ...);
/* 2.2.1.12 CCoercionRestriction */
-static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...);
+static int parse_CCoercionRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...);
/* 2.2.1.16 CRestrictionArray */
-static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CRestrictionArray(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.17 CRestriction */
-static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...);
+static int parse_CRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...);
/* 2.2.1.18 CColumnSet */
static int parse_CColumnSet(tvbuff_t *tvb, int offset, proto_tree *tree, const char *fmt, ...);
/* 2.2.1.20 CCategorizationSpec */
-static int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CCategorizationSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.21 CCategSpec */
-static int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.22 CRangeCategSpec */
-static int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CRangeCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.23 RANGEBOUNDARY */
-static int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_RANGEBOUNDARY(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.24 CAggregSet */
static int parse_CAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
@@ -3127,19 +3128,19 @@ static int parse_CSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tr
static int parse_CAggregSortKey(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.28 CInGroupSortAggregSets */
-static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.29 CInGroupSortAggregSet */
-static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.30 CDbColId */
static int parse_CDbColId(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *text);
/* 2.2.1.31 CDbProp */
-static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...);
+static int parse_CDbProp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...);
/* 2.2.1.32 CDbPropSet */
-static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
+static int parse_CDbPropSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.33 CPidMapper */
static int parse_CPidMapper(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
@@ -3157,7 +3158,7 @@ static int parse_CRowsetProperties(tvbuff_t *tvb, int offset, proto_tree *parent
static int parse_CSortSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...);
/* 2.2.1.44 CTableColumn */
-static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...);
+static int parse_CTableColumn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...);
/*
@@ -3231,11 +3232,11 @@ static int parse_CSortSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
return offset;
}
-static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...)
+static int parse_CTableColumn(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CTableColumn *col, const char *fmt, ...)
{
- proto_item *item;
+ proto_item *item, *ti_type;
proto_tree *tree;
va_list ap;
struct vtype_data *type;
@@ -3266,8 +3267,14 @@ static int parse_CTableColumn(tvbuff_t *tvb, int offset, proto_tree *parent_tree
}
}
type = vType_get_type(vtype_val);
- DISSECTOR_ASSERT(type != NULL);
- proto_tree_add_string_format_value(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, type->str, "%s%s", type->str, modifier);
+ if (type == NULL) {
+ /*
+ * Not a valid type.
+ */
+ ti_type = proto_tree_add_string(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, "Unknown CTableColumn type");
+ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type);
+ } else
+ proto_tree_add_string_format_value(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, type->str, "%s%s", type->str, modifier);
offset += 4;
used = tvb_get_guint8(tvb, offset);
@@ -3487,7 +3494,7 @@ static int parse_relop(tvbuff_t *tvb, int offset, proto_tree *tree, guint32 *re
}
return offset + 4;
}
-static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...)
+static int parse_CPropertyRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CPropertyRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3505,7 +3512,7 @@ static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *par
offset = parse_CFullPropSpec(tvb, offset, tree, pad_tree, &v->property, "Property");
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &v->prval, "prval");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &v->prval, "prval");
offset = parse_padding(tvb, offset, 4, pad_tree, "padding_lcid");
@@ -3517,7 +3524,7 @@ static int parse_CPropertyRestriction(tvbuff_t *tvb, int offset, proto_tree *par
return offset;
}
-static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...)
+static int parse_CCoercionRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CCoercionRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3535,7 +3542,7 @@ static int parse_CCoercionRestriction(tvbuff_t *tvb, int offset, proto_tree *par
offset += 4;
- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &v->child, "child");
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &v->child, "child");
proto_item_set_end(item, tvb, offset);
return offset;
@@ -3732,7 +3739,7 @@ static int parse_rType(tvbuff_t *tvb, int offset, proto_tree *tree, enum rType *
return offset + 4;
}
-static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...)
+static int parse_CRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3761,18 +3768,18 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree
case RTProximity:
case RTPhrase: {
v->u.RTAnd = EP_ALLOC(struct CNodeRestriction);
- offset = parse_CNodeRestriction(tvb, offset, tree, pad_tree, v->u.RTAnd, "CNodeRestriction");
+ offset = parse_CNodeRestriction(tvb, pinfo, offset, tree, pad_tree, v->u.RTAnd, "CNodeRestriction");
break;
}
case RTNot: {
v->u.RTNot = EP_ALLOC(struct CRestriction);
- offset = parse_CRestriction(tvb, offset, tree, pad_tree,
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree,
v->u.RTNot, "CRestriction");
break;
}
case RTProperty: {
v->u.RTProperty = EP_ALLOC(struct CPropertyRestriction);
- offset = parse_CPropertyRestriction(tvb, offset, tree, pad_tree,
+ offset = parse_CPropertyRestriction(tvb, pinfo, offset, tree, pad_tree,
v->u.RTProperty, "CPropertyRestriction");
break;
}
@@ -3780,7 +3787,7 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree
case RTCoerce_Multiply:
case RTCoerce_Absolute: {
v->u.RTCoerce_Add = EP_ALLOC(struct CCoercionRestriction);
- offset = parse_CCoercionRestriction(tvb, offset, tree, pad_tree,
+ offset = parse_CCoercionRestriction(tvb, pinfo, offset, tree, pad_tree,
v->u.RTCoerce_Add, "CCoercionRestriction");
break;
}
@@ -3810,7 +3817,7 @@ static int parse_CRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree
return offset;
}
-static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CRestrictionArray(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
guint8 present, count;
@@ -3840,14 +3847,14 @@ static int parse_CRestrictionArray(tvbuff_t *tvb, int offset, proto_tree *parent
for (i=0; i<count; i++) {
struct CRestriction r;
- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &r, "Restriction[%d]", i);
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &r, "Restriction[%d]", i);
}
}
proto_item_set_end(item, tvb, offset);
return offset;
}
-static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char *fmt, ...)
+static int parse_CNodeRestriction(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct CNodeRestriction *v, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -3867,7 +3874,7 @@ static int parse_CNodeRestriction(tvbuff_t *tvb, int offset, proto_tree *parent_
for (i=0; i<v->cNode; i++) {
struct CRestriction r;
ZERO_STRUCT(r);
- offset = parse_CRestriction(tvb, offset, tree, pad_tree, &r, "paNode[%u]", i);
+ offset = parse_CRestriction(tvb, pinfo, offset, tree, pad_tree, &r, "paNode[%u]", i);
offset = parse_padding(tvb, offset, 4, tree, "padding_paNode[%u]", i); /*at begin or end of loop ????*/
}
@@ -4208,117 +4215,7 @@ static const char *str_CBaseStorageVariant(struct CBaseStorageVariant *value, gb
return wmem_strbuf_get_str(strbuf);
}
-static int parse_vType(tvbuff_t *tvb, int offset, guint16 *vtype)
-{
- guint16 tmp_vtype = tvb_get_letohs(tvb, offset);
- guint16 modifier = tmp_vtype & 0xFF00;
-
- switch (tmp_vtype & 0xFF) {
- case VT_EMPTY:
- *vtype = VT_EMPTY;
- break;
- case VT_NULL:
- *vtype = VT_NULL;
- break;
- case VT_I2:
- *vtype = VT_I2;
- break;
- case VT_I4:
- *vtype = VT_I4;
- break;
- case VT_R4:
- *vtype = VT_R4;
- break;
- case VT_R8:
- *vtype = VT_R8;
- break;
- case VT_CY:
- *vtype = VT_CY;
- break;
- case VT_DATE:
- *vtype = VT_DATE;
- break;
- case VT_BSTR:
- *vtype = VT_BSTR;
- break;
- case VT_ERROR:
- *vtype = VT_ERROR;
- break;
- case VT_BOOL:
- *vtype = VT_BOOL;
- break;
- case VT_VARIANT:
- *vtype = VT_VARIANT;
- break;
- case VT_DECIMAL:
- *vtype = VT_DECIMAL;
- break;
- case VT_I1:
- *vtype = VT_I1;
- break;
- case VT_UI1:
- *vtype = VT_UI1;
- break;
- case VT_UI2:
- *vtype = VT_UI2;
- break;
- case VT_UI4:
- *vtype = VT_UI4;
- break;
- case VT_I8:
- *vtype = VT_I8;
- break;
- case VT_UI8:
- *vtype = VT_UI8;
- break;
- case VT_INT:
- *vtype = VT_INT;
- break;
- case VT_UINT:
- *vtype = VT_UINT;
- break;
- case VT_LPSTR:
- *vtype = VT_LPSTR;
- break;
- case VT_LPWSTR:
- *vtype = VT_LPWSTR;
- break;
- case VT_COMPRESSED_LPWSTR:
- *vtype = VT_COMPRESSED_LPWSTR;
- break;
- case VT_FILETIME:
- *vtype = VT_FILETIME;
- break;
- case VT_BLOB:
- *vtype = VT_BLOB;
- break;
- case VT_BLOB_OBJECT:
- *vtype = VT_BLOB_OBJECT;
- break;
- case VT_CLSID:
- *vtype = VT_CLSID;
- break;
- default:
- DISSECTOR_ASSERT(FALSE);
- break;
- }
- if (modifier) {
- switch (modifier) {
- case VT_VECTOR:
- *vtype |= VT_VECTOR;
- break;
- case VT_ARRAY:
- *vtype |= VT_ARRAY;
- break;
- default:
- DISSECTOR_ASSERT(FALSE);
- break;
- }
- }
- return offset + 2;
-}
-
-static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CBaseStorageVariant *value, const char *text)
+static int parse_CBaseStorageVariant(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree _U_, struct CBaseStorageVariant *value, const char *text)
{
int i, len;
proto_item *ti, *ti_type, *ti_val;
@@ -4329,9 +4226,19 @@ static int parse_CBaseStorageVariant(tvbuff_t *tvb, int offset, proto_tree *pare
tree = proto_tree_add_subtree(parent_tree, tvb, offset, 0, ett_CBaseStorageVariant, &ti, text);
- parse_vType(tvb, offset, &value->vType);
- value->type = vType_get_type(value->vType);
- DISSECTOR_ASSERT(value->type != NULL);
+ value->vType = tvb_get_letohs(tvb, offset);
+ value->type = vType_get_type(value->vType & 0xFF);
+ if (value->type == NULL) {
+ /*
+ * Not a valid type.
+ */
+ ti_type = proto_tree_add_string(tree, hf_mswsp_cbasestorvariant_vtype, tvb, offset, 2, "Unknown CBaseStorageVariant type");
+ offset += 2;
+ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type);
+
+ THROW_MESSAGE(ReportedBoundsError, "Unknown CBaseStorageVariant type");
+ return offset;
+ }
ti_type = proto_tree_add_string(tree, hf_mswsp_cbasestorvariant_vtype, tvb, offset, 2, value->type->str);
offset += 2;
@@ -4452,7 +4359,7 @@ static int parse_CDbColId(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
return offset;
}
-static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...)
+static int parse_CDbProp(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, struct GuidPropertySet *propset, const char *fmt, ...)
{
static const value_string EMPTY_VS[] = {{0, NULL}};
const value_string *vs = (propset && propset->id_map) ? propset->id_map : EMPTY_VS;
@@ -4485,7 +4392,7 @@ static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pro
offset = parse_CDbColId(tvb, offset, tree, pad_tree, "colid");
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &value, "vValue");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &value, "vValue");
str = str_CBaseStorageVariant(&value, TRUE);
proto_item_append_text(item, " %s", str);
@@ -4494,7 +4401,7 @@ static int parse_CDbProp(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pro
return offset;
}
-static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CDbPropSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
int i, num;
e_guid_t guid;
@@ -4530,14 +4437,14 @@ static int parse_CDbPropSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
for (i = 0; i<num; i++) {
offset = parse_padding(tvb, offset, 4, pad_tree, "aProp[%d]", i);
- offset = parse_CDbProp(tvb, offset, tree, pad_tree, pset, "aProp[%d]", i);
+ offset = parse_CDbProp(tvb, pinfo, offset, tree, pad_tree, pset, "aProp[%d]", i);
}
proto_item_set_end(item, tvb, offset);
return offset;
}
-static int parse_PropertySetArray(tvbuff_t *tvb, int offset, int size_offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_PropertySetArray(tvbuff_t *tvb, packet_info *pinfo, int offset, int size_offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
const int offset_in = offset;
guint32 size, num;
@@ -4563,7 +4470,7 @@ static int parse_PropertySetArray(tvbuff_t *tvb, int offset, int size_offset, pr
offset += 4;
for (i = 0; i < (int)num; i++) {
- offset = parse_CDbPropSet(tvb, offset, tree, pad_tree, "PropertySet[%d]", i);
+ offset = parse_CDbPropSet(tvb, pinfo, offset, tree, pad_tree, "PropertySet[%d]", i);
}
proto_item_set_end(item, tvb, offset);
@@ -4601,7 +4508,7 @@ int parse_CColumnSet(tvbuff_t *tvb, int offset, proto_tree *tree, const char *fm
}
/* 2.2.1.23 RANGEBOUNDARY */
-int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_RANGEBOUNDARY(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
guint32 ulType;
guint8 labelPresent;
@@ -4622,7 +4529,7 @@ int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, prot
offset += 4;
ZERO_STRUCT(prval);
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &prval, "prVal");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &prval, "prVal");
labelPresent = tvb_get_guint8(tvb, offset);
proto_tree_add_item(tree, hf_mswsp_rangeboundry_labelpresent, tvb, offset, 1, ENC_LITTLE_ENDIAN);
@@ -4650,7 +4557,7 @@ int parse_RANGEBOUNDARY(tvbuff_t *tvb, int offset, proto_tree *parent_tree, prot
/* 2.2.1.22 CRangeCategSpec */
-int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_CRangeCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4671,7 +4578,7 @@ int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
offset += 4;
for (i=0; i<cRange; i++) {
- offset = parse_RANGEBOUNDARY(tvb, offset, tree, pad_tree, "aRangeBegin[%u]", i);
+ offset = parse_RANGEBOUNDARY(tvb, pinfo, offset, tree, pad_tree, "aRangeBegin[%u]", i);
}
@@ -4680,7 +4587,7 @@ int parse_CRangeCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, pr
}
/* 2.2.1.21 CCategSpec */
-int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_CCategSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4700,7 +4607,7 @@ int parse_CCategSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_t
offset = parse_CSort(tvb, offset, tree, pad_tree, "CSort");
- offset = parse_CRangeCategSpec(tvb, offset, tree, pad_tree, "CRangeCategSpec");
+ offset = parse_CRangeCategSpec(tvb, pinfo, offset, tree, pad_tree, "CRangeCategSpec");
proto_item_set_end(item, tvb, offset);
return offset;
@@ -4867,7 +4774,7 @@ static int parse_CInGroupSortAggregSet_type(tvbuff_t *tvb, int offset, proto_tre
}
/* 2.2.1.29 CInGroupSortAggregSet */
-static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4885,7 +4792,7 @@ static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *pa
if (type == GroupIdValue) {
struct CBaseStorageVariant id;
- offset = parse_CBaseStorageVariant(tvb, offset, tree, pad_tree, &id, "inGroupId");
+ offset = parse_CBaseStorageVariant(tvb, pinfo, offset, tree, pad_tree, &id, "inGroupId");
}
offset = parse_CSortSet(tvb, offset, tree, pad_tree, "SortSet");
@@ -4896,7 +4803,7 @@ static int parse_CInGroupSortAggregSet(tvbuff_t *tvb, int offset, proto_tree *pa
/* 2.2.1.28 CInGroupSortAggregSets */
-static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
guint32 cCount, i;
proto_item *item;
@@ -4916,7 +4823,7 @@ static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *p
for (i=0; i<cCount; i++) {
/* 2.2.1.29 CInGroupSortAggregSet */
- offset = parse_CInGroupSortAggregSet(tvb, offset, tree, pad_tree, "SortSets[%u]", i);
+ offset = parse_CInGroupSortAggregSet(tvb, pinfo, offset, tree, pad_tree, "SortSets[%u]", i);
}
proto_item_set_end(item, tvb, offset);
@@ -4924,7 +4831,7 @@ static int parse_CInGroupSortAggregSets(tvbuff_t *tvb, int offset, proto_tree *p
}
/* 2.2.1.20 CCategorizationSpec */
-int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
+int parse_CCategorizationSpec(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, proto_tree *pad_tree, const char *fmt, ...)
{
proto_item *item;
proto_tree *tree;
@@ -4941,7 +4848,7 @@ int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree
offset = parse_CColumnSet(tvb, offset, tree, "csColumns");
/* 2.2.1.21 CCategSpec */
- offset = parse_CCategSpec(tvb, offset, tree, pad_tree, "Spec");
+ offset = parse_CCategSpec(tvb, pinfo, offset, tree, pad_tree, "Spec");
/* 2.2.1.24 CAggregSet */
offset = parse_CAggregSet(tvb, offset, tree, pad_tree, "AggregSet");
@@ -4950,7 +4857,7 @@ int parse_CCategorizationSpec(tvbuff_t *tvb, int offset, proto_tree *parent_tree
offset = parse_CSortAggregSet(tvb, offset, tree, pad_tree, "SortAggregSet");
/* 2.2.1.28 CInGroupSortAggregSets */
- offset = parse_CInGroupSortAggregSets(tvb, offset, tree, pad_tree, "InGroupSortAggregSets");
+ offset = parse_CInGroupSortAggregSets(tvb, pinfo, offset, tree, pad_tree, "InGroupSortAggregSets");
proto_tree_add_item(tree, hf_mswsp_categorizationspec_cmaxres, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
@@ -5273,17 +5180,14 @@ static int parse_CRowVariantArrayInfo(tvbuff_t *tvb, int offset, proto_tree *tre
return offset;
}
-static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, guint64 base_address, gboolean is_64bit, struct CRowVariant *variant)
+static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, guint64 base_address, gboolean is_64bit, struct CRowVariant *variant, struct vtype_data *vt_list_type)
{
guint32 i = 0;
guint64 count = 0;
int buf_offset = 0;
proto_tree *sub_tree;
- struct vtype_data *vt_list_type =
- vType_get_type((enum vType)(variant->vtype & 0x00FF));
wmem_strbuf_t *strbuf;
- DISSECTOR_ASSERT(vt_list_type != NULL);
offset = parse_CRowVariantArrayInfo(tvb, offset, tree, is_64bit, variant);
if (is_64bit) {
buf_offset =
@@ -5335,10 +5239,10 @@ static int parse_VariantColVector(tvbuff_t *tvb, int offset, proto_tree *tree, g
return offset;
}
-static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree, guint64 base_address, guint32 length _U_, gboolean is_64bit, struct CRowVariant *variant, const char *fmt, ...)
+static int parse_VariantCol(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, guint64 base_address, guint32 length _U_, gboolean is_64bit, struct CRowVariant *variant, const char *fmt, ...)
{
proto_tree *tree;
- proto_item *item;
+ proto_item *item, *ti_type;
va_list ap;
struct vtype_data *vt_type;
@@ -5354,8 +5258,6 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
variant->vtype = tvb_get_letohs(tvb, offset);
vt_type = vType_get_type((enum vType)variant->vtype);
- DISSECTOR_ASSERT(vt_type != NULL);
-
vtype_high = (variant->vtype & 0xFF00);
if (vtype_high) {
if (vtype_high == VT_VECTOR) {
@@ -5367,6 +5269,17 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
}
}
+ if (vt_type == NULL) {
+ /*
+ * Not a valid type.
+ */
+ ti_type = proto_tree_add_string(tree, hf_mswsp_ctablecolumn_vtype, tvb, offset, 4, "Unknown variant column type");
+ expert_add_info(pinfo, ti_type, &ei_mswsp_invalid_variant_type);
+ offset += 2;
+
+ THROW_FORMATTED(ReportedBoundsError, "Unknown variant column type%s", modifier);
+ return offset;
+ }
proto_tree_add_string_format_value(tree, hf_mswsp_rowvariant_vtype, tvb, offset, 2, vt_type->str, "%s%s", vt_type->str, modifier);
offset += 2;
@@ -5382,7 +5295,7 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
if (vtype_high == VT_VECTOR || vtype_high == VT_ARRAY) {
offset = parse_VariantColVector(tvb, offset, tree, base_address,
- is_64bit, variant);
+ is_64bit, variant, vt_type);
} else {
wmem_strbuf_t *strbuf = wmem_strbuf_new(wmem_packet_scope(), "");
if (size != -1) {
@@ -5421,7 +5334,7 @@ static int parse_VariantCol(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
return offset;
}
-static int parse_RowsBufferCol(tvbuff_t *tvb, int offset, guint32 row, guint32 col, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean b_is_64bit, proto_tree *parent_tree, const char *fmt, ...)
+static int parse_RowsBufferCol(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 row, guint32 col, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean b_is_64bit, proto_tree *parent_tree, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -5463,13 +5376,13 @@ static int parse_RowsBufferCol(tvbuff_t *tvb, int offset, guint32 row, guint32 c
len = tvb_get_letohs(tvb, buf_offset + pcol->lengthoffset) - pcol->valuesize;
}
if (pcol->vtype == VT_VARIANT) {
- parse_VariantCol(tvb, tmp_offset, tree, base_address, len, b_is_64bit, &variant, "CRowVariant");
+ parse_VariantCol(tvb, pinfo, tmp_offset, tree, base_address, len, b_is_64bit, &variant, "CRowVariant");
}
}
return offset;
}
-static int parse_RowsBuffer(tvbuff_t *tvb, int offset, guint32 num_rows, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean is64bit, proto_tree *parent_tree, const char *fmt, ...)
+static int parse_RowsBuffer(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 num_rows, struct CPMSetBindingsIn *bindingsin, struct rows_data *rowsin, gboolean is64bit, proto_tree *parent_tree, const char *fmt, ...)
{
proto_tree *tree;
proto_item *item;
@@ -5488,7 +5401,7 @@ static int parse_RowsBuffer(tvbuff_t *tvb, int offset, guint32 num_rows, struct
proto_tree *row_tree;
row_tree = proto_tree_add_subtree_format(tree, tvb, offset, 0, ett_GetRowsRow, NULL, "Row[%d]", num);
for (col = 0; col < bindingsin->ccolumns; col++) {
- parse_RowsBufferCol(tvb, offset, num, col, bindingsin, rowsin, is64bit, row_tree, "Col[%d]", col);
+ parse_RowsBufferCol(tvb, pinfo, offset, num, col, bindingsin, rowsin, is64bit, row_tree, "Col[%d]", col);
}
}
return offset;
@@ -5557,11 +5470,11 @@ static int dissect_CPMConnect(tvbuff_t *tvb, packet_info *pinfo, proto_tree *par
offset = parse_padding(tvb, offset, 8, pad_tree, "_paddingcPropSets");
- offset = parse_PropertySetArray(tvb, offset, blob_size1_off, tree, pad_tree, "PropSets");
+ offset = parse_PropertySetArray(tvb, pinfo, offset, blob_size1_off, tree, pad_tree, "PropSets");
offset = parse_padding(tvb, offset, 8, pad_tree, "paddingExtPropset");
- offset = parse_PropertySetArray(tvb, offset, blob_size2_off, tree, pad_tree, "ExtPropset");
+ offset = parse_PropertySetArray(tvb, pinfo, offset, blob_size2_off, tree, pad_tree, "ExtPropset");
offset = parse_padding(tvb, offset, 8, pad_tree, "???");
@@ -5616,7 +5529,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree
offset += 1;
if (CRestrictionPresent) {
- offset = parse_CRestrictionArray(tvb, offset, tree, pad_tree, "RestrictionArray");
+ offset = parse_CRestrictionArray(tvb, pinfo, offset, tree, pad_tree, "RestrictionArray");
}
CSortSetPresent = tvb_get_guint8(tvb, offset);
@@ -5625,7 +5538,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree
if (CSortSetPresent) {
offset = parse_padding(tvb, offset, 4, tree, "paddingCSortSetPresent");
- offset = parse_CInGroupSortAggregSets(tvb, offset, tree, pad_tree, "GroupSortAggregSets");
+ offset = parse_CInGroupSortAggregSets(tvb, pinfo, offset, tree, pad_tree, "GroupSortAggregSets");
}
@@ -5641,7 +5554,7 @@ static int dissect_CPMCreateQuery(tvbuff_t *tvb, packet_info *pinfo, proto_tree
proto_tree_add_uint(tree, hf_mswsp_msg_cpmcreatequery_ccateg_count, tvb, offset, 4, count);
offset += 4;
for (i=0; i<count; i++) {
- offset = parse_CCategorizationSpec(tvb, offset, tree, pad_tree, "categories[%u]", i);
+ offset = parse_CCategorizationSpec(tvb, pinfo, offset, tree, pad_tree, "categories[%u]", i);
}
}
@@ -5803,7 +5716,7 @@ static int dissect_CPMGetRows(tvbuff_t *tvb, packet_info *pinfo, proto_tree *par
if (b_has_arch && bindingsin && rowsin) {
offset = parse_padding(tvb, offset, rowsin->cbreserved, pad_tree,
"paddingRows");
- parse_RowsBuffer(tvb, offset, num_rows, bindingsin, rowsin, b_64bit_mode, tree, "Rows");
+ parse_RowsBuffer(tvb, pinfo, offset, num_rows, bindingsin, rowsin, b_64bit_mode, tree, "Rows");
} else {
gint nbytes = tvb_reported_length_remaining(tvb, offset);
proto_tree_add_expert_format(tree, pinfo, &ei_missing_msg_context, tvb, offset, nbytes, "Undissected %d bytes (due to missing preceding msg(s))", nbytes);
@@ -5950,7 +5863,7 @@ static int dissect_CPMSetBindings(tvbuff_t *tvb, packet_info *pinfo, proto_tree
sizeof(struct CTableColumn) * num);
for (n=0; n<num; n++) {
offset = parse_padding(tvb, offset, 4, pad_tree, "padding_aColumns[%u]", n);
- offset = parse_CTableColumn(tvb, offset, tree, pad_tree, &request.acolumns[n],"aColumns[%u]", n);
+ offset = parse_CTableColumn(tvb, pinfo, offset, tree, pad_tree, &request.acolumns[n],"aColumns[%u]", n);
}
data = find_or_create_message_data(ct, pinfo,0xD0,in, private_data);
if (data) {
@@ -8051,6 +7964,7 @@ proto_register_mswsp(void)
};
static ei_register_info ei[] = {
+ { &ei_mswsp_invalid_variant_type, { "mswsp.invalid_variant_type", PI_PROTOCOL, PI_ERROR, "Invalid variant type", EXPFILL }},
{ &ei_missing_msg_context, { "mswsp.msg.cpmgetrows.missing_msg_context", PI_SEQUENCE, PI_WARN, "previous messages needed for context not captured", EXPFILL }},
{ &ei_mswsp_msg_cpmsetbinding_ccolumns, { "mswsp.msg.cpmsetbinding.ccolumns.invalude", PI_PROTOCOL, PI_WARN, "Invalid number of cColumns for packet", EXPFILL }}
};
--
1.7.12.4

71
wireshark-CVE-2018-19622.patch
View File

@ -1,71 +0,0 @@
From 1ddaf1a0944ffe95d69717ac9fdc60824932f676 Mon Sep 17 00:00:00 2001
From: Jeff Morriss <jeff.morriss.ws@gmail.com>
Date: Fri, 9 Nov 2018 15:16:35 -0500
Subject: [PATCH] MMSE: catch length overflows to avoid infinite loop.
After fetching a length from the packet ensure those bytes exist to
avoid integer overflows by callers (while avoiding having to ensure
every caller checks for overflows).
Also add a check to ensure the loop in question is progressing through
the TVB; report a dissector bug if it doesn't.
Bug: 15250
Change-Id: I9434bfe9d530942fd45342690383df2decacdba1
Reviewed-on: https://code.wireshark.org/review/30560
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-mmse.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-mmse.c b/epan/dissectors/packet-mmse.c
index ffb4faa..1e3d13a 100644
--- a/epan/dissectors/packet-mmse.c
+++ b/epan/dissectors/packet-mmse.c
@@ -487,6 +487,12 @@ get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count, packet_info *pi
field = tvb_get_guintvar(tvb, offset, byte_count, pinfo, &ei_mmse_oversized_uintvar);
(*byte_count)++;
}
+
+ /* The packet says there are this many bytes; ensure they're there.
+ * We do this here because several callers do math on the length we
+ * return here and may not catch an overflow.
+ */
+ tvb_ensure_bytes_exist(tvb, offset, field);
return field;
}
@@ -689,7 +695,7 @@ static void
dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
const char *message_type)
{
- guint offset;
+ guint offset, old_offset;
guint8 field = 0;
const char *strval;
guint length;
@@ -711,6 +717,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
proto_tree_add_uint(mmse_tree, hf_mmse_message_type, tvb, 0, 2, pdut);
offset = 2; /* Skip Message-Type */
+ old_offset = 1;
/*
* Cycle through MMS-headers
@@ -1209,6 +1216,11 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut,
break;
}
DebugLog(("\tEnd(case)\n"));
+
+ if (offset <= old_offset) {
+ REPORT_DISSECTOR_BUG("Offset isn't increasing (offset=%u, old offset=%u)", offset, old_offset);
+ }
+ old_offset = offset;
}
DebugLog(("\tEnd(switch)\n"));
--
1.7.12.4

75
wireshark-CVE-2018-19623.patch
View File

@ -1,75 +0,0 @@
From 5797f602741a7505c18c2e0c505e963ca3349153 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sun, 21 Oct 2018 15:10:57 +0200
Subject: [PATCH] LBMPDM: fix heap-buffer-overflow (write) in
dissect_segment_ofstable
id_list and ofs_list contain offsets read directly from the packet.
While the field type is FT_UINT32, it is somehow interpreted as signed
number. This means that ofs_table->offset_list[id_list[idx]]=... could
in fact result in an arbitrary write before "ofs_table->offset_list" due
to id_list[idx] being negative.
Another way for id_list[idx] to remain negative (-1) is for the loop to
terminate before all "field_count" elements are set. Thus, remove the
"datalen_remaining >= L_LBMPDM_OFFSET_ENTRY_T" check, if the offset is
invalid the proto_tree_add_item accessors will throw an exception.
Fixes the crash in the linked bug. Regression tested against the 8
capture files from bug 9718, its dissection results are still the same.
Bug: 15132
Change-Id: If5d2f11ee47578acb80bc43ba7ed16adb27e0c02
Fixes: v1.11.3-rc1-2270-g2f4ca9c8d9 ("Initial checkin of LBM aka 29West dissectors. See Bug 9718.")
Reviewed-on: https://code.wireshark.org/review/30300
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-lbmpdm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-lbmpdm.c b/epan/dissectors/packet-lbmpdm.c
index a875c8c..6b42e50 100644
--- a/epan/dissectors/packet-lbmpdm.c
+++ b/epan/dissectors/packet-lbmpdm.c
@@ -12,6 +12,7 @@
#include "config.h"
#include <epan/packet.h>
+#include <epan/exceptions.h>
#include "packet-lbm.h"
/* Magic number for message header to check if data is big-endian or little-endian. */
@@ -792,7 +793,6 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
proto_tree * subtree = NULL;
int datalen = 0;
int seglen = 0;
- int datalen_remaining = 0;
int ofs = 0;
int field_count = 0;
int idx;
@@ -817,9 +817,8 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
id_list[idx] = -1;
ofs_list[idx] = -1;
}
- datalen_remaining = datalen;
ofs = offset + L_LBMPDM_SEG_HDR_T;
- for (idx = 0; (idx < field_count) && (datalen_remaining >= L_LBMPDM_OFFSET_ENTRY_T); idx++, ofs += L_LBMPDM_OFFSET_ENTRY_T)
+ for (idx = 0; idx < field_count; idx++, ofs += L_LBMPDM_OFFSET_ENTRY_T)
{
proto_item * offset_item = NULL;
proto_tree * offset_tree = NULL;
@@ -830,6 +829,9 @@ static int dissect_segment_ofstable(tvbuff_t * tvb, int offset, packet_info * pi
id_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_ID, encoding);
proto_tree_add_item(offset_tree, hf_lbmpdm_offset_entry_offset, tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, L_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
ofs_list[idx] = (gint32)tvb_get_guint32(tvb, ofs + O_LBMPDM_OFFSET_ENTRY_T_OFFSET, encoding);
+ if (id_list[idx] < 0 || ofs_list[idx] < 0) {
+ THROW(ReportedBoundsError);
+ }
if (id_list[idx] > max_index)
{
max_index = id_list[idx];
--
1.7.12.4

38
wireshark-CVE-2018-19624.patch
View File

@ -1,38 +0,0 @@
From a8c93de0b0130ed5f4aab59338372783054898ea Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 27 Nov 2018 12:23:31 -0800
Subject: [PATCH] pvfs2: Add a pointer check.
Make sure a pointer isn't NULL before trying to dereference it.
Bug: 15280
Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4
Reviewed-on: https://code.wireshark.org/review/30807
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-pvfs2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/epan/dissectors/packet-pvfs2.c b/epan/dissectors/packet-pvfs2.c
index e2b61be..1c1012c 100644
--- a/epan/dissectors/packet-pvfs2.c
+++ b/epan/dissectors/packet-pvfs2.c
@@ -2314,6 +2314,12 @@ dissect_pvfs2_getconfig_response(tvbuff_t *tvb, proto_tree *parent_tree,
/* Get pointer to server config data */
ptr = tvb_get_ptr(tvb, offset, total_config_bytes);
+ if (!ptr)
+ {
+ /* Not enough data. Bail out. */
+ return offset;
+ }
+
/* Check if all data is available */
length_remaining = tvb_captured_length_remaining(tvb, offset);
--
1.7.12.4

51
wireshark-CVE-2018-19625.patch
View File

@ -1,51 +0,0 @@
From ec5adb0ce98c37c8119feb972a5207e0e1721d9b Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 11 Oct 2018 00:02:26 +0200
Subject: [PATCH] tvbuff_composite: fix buffer overflow due to wrong offset
adjustment
The tvb_offset method should return the offset of the buffer within the
backing tvb (ds_tvb). The currently returned non-zero offset is valid
for tvbuff_subset.c, but not for the composite TVB. The backing tvb is
the tvb itself, so the offset should be zero (or "counter" for
consistency with tvbuff_real.c and others).
This bug is observable with the capture from the bug. In tshark, the
data field in the PDML output has value "field length invalid!" and the
position attribute ("pos") is too large. With the -V option it even
crashes with a buffer overflow (read). In the GUI, the bytes tab shows
range 3199-19642 even if the data source is only 16444 bytes while the
selection should have been 0-16443.
Bug: 14466
Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679
Reviewed-on: https://code.wireshark.org/review/30124
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/tvbuff_composite.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/epan/tvbuff_composite.c b/epan/tvbuff_composite.c
index f77aace..53cdbca 100644
--- a/epan/tvbuff_composite.c
+++ b/epan/tvbuff_composite.c
@@ -51,12 +51,9 @@ composite_free(tvbuff_t *tvb)
}
static guint
-composite_offset(const tvbuff_t *tvb, const guint counter)
+composite_offset(const tvbuff_t *tvb _U_, const guint counter)
{
- const struct tvb_composite *composite_tvb = (const struct tvb_composite *) tvb;
- const tvbuff_t *member = (const tvbuff_t *)composite_tvb->composite.tvbs->data;
-
- return tvb_offset_from_real_beginning_counter(member, counter);
+ return counter;
}
static const guint8*
--
1.7.12.4

38
wireshark-CVE-2018-19626.patch
View File

@ -1,38 +0,0 @@
From ec6ace066ae4c889d4c18a0a38a8c6053483877b Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 11 Oct 2018 13:04:03 +0200
Subject: [PATCH] DCOM: always NUL-terminate dissect_dcom_BSTR results
All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.
Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-dcom.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c
index d12216a..79cf6a6 100644
--- a/epan/dissectors/packet-dcom.c
+++ b/epan/dissectors/packet-dcom.c
@@ -1725,8 +1725,10 @@ dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep,
&u32ArraySize);
- if ((guint32)offset + u32ArraySize*2 > G_MAXINT)
+ if ((guint32)offset + u32ArraySize*2 > G_MAXINT) {
+ pszStr[0] = 0;
return offset;
+ }
realOffset = offset + u32ArraySize*2;
--
1.7.12.4

38
wireshark-CVE-2018-19627.patch
View File

@ -1,38 +0,0 @@
From 332df929a9966fda2cd3aa30a5a107e5b2bfa360 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 27 Nov 2018 13:38:10 -0800
Subject: [PATCH] IxVeriWave: Fix a buffer boundary.
Pass the correct buffer size to find_signature so that we don't read
past it.
Bug: 15279
Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404
Reviewed-on: https://code.wireshark.org/review/30809
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
wiretap/vwr.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/wiretap/vwr.c b/wiretap/vwr.c
index d5b93fa..1e01add 100644
--- a/wiretap/vwr.c
+++ b/wiretap/vwr.c
@@ -2142,9 +2142,10 @@ static gboolean vwr_read_s3_W_rec(vwr_t *vwr, wtap_rec *record,
end_time = e_time / NS_IN_US; /* convert to microseconds first */
/* extract the 32 LSBs of the signature timestamp field */
- m_ptr = &(rec[stats_offset+8+12]);
+ int m_ptr_offset = stats_offset + 8 + 12;
+ m_ptr = rec + m_ptr_offset;
pay_off = 42; /* 24 (MAC) + 8 (SNAP) + IP */
- sig_off = find_signature(m_ptr, rec_size - 20, pay_off, flow_id, flow_seq);
+ sig_off = find_signature(m_ptr, rec_size - m_ptr_offset, pay_off, flow_id, flow_seq);
if (m_ptr[sig_off] == 0xdd)
sig_ts = get_signature_ts(m_ptr, sig_off, rec_size - vVW510021_W_STATS_TRAILER_LEN);
else
--
1.7.12.4

38
wireshark-CVE-2018-19628.patch
View File

@ -1,38 +0,0 @@
From d53ff85d409367ee6538326147c8bb545bd4adb3 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 27 Nov 2018 12:06:47 -0800
Subject: [PATCH] ZigBee ZCL: Fix a divide-by-zero.
Fix a divide-by-zero in decode_color_temperature.
Bug: 15281
Change-Id: I9460ffc85f6fe6b954c1810c3a80588c1aa4fec2
Reviewed-on: https://code.wireshark.org/review/30806
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/packet-zbee-zcl-lighting.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-zbee-zcl-lighting.c b/epan/dissectors/packet-zbee-zcl-lighting.c
index 4a4fc5c..b68a003 100644
--- a/epan/dissectors/packet-zbee-zcl-lighting.c
+++ b/epan/dissectors/packet-zbee-zcl-lighting.c
@@ -879,7 +879,11 @@ decode_color_xy(gchar *s, guint16 value)
static void
decode_color_temperature(gchar *s, guint16 value)
{
- g_snprintf(s, ITEM_LABEL_LENGTH, "%d [Mired] (%d [K])", value, 1000000/value);
+ if (value == 0) {
+ g_snprintf(s, ITEM_LABEL_LENGTH, "%u [Mired]", value);
+ } else {
+ g_snprintf(s, ITEM_LABEL_LENGTH, "%u [Mired] (%u [K])", value, 1000000/value);
+ }
return;
} /*decode_power_conf_voltage*/
--
1.7.12.4

30
wireshark-CVE-2019-5718.patch
View File

@ -1,30 +0,0 @@
From cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 7 Jan 2019 14:41:29 -0800
Subject: [PATCH] epan: Add a boundary check to get_t61_string.
Add a boundary check to make sure we don't go past the end of "ptr".
Bug: 15373
Change-Id: I85394e8e6e477b47919362af146051cc8911254b
Reviewed-on: https://code.wireshark.org/review/31440
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
epan/charsets.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/epan/charsets.c b/epan/charsets.c
index 7f298fd..ebeb2dc 100644
--- a/epan/charsets.c
+++ b/epan/charsets.c
@@ -1382,7 +1382,7 @@ get_t61_string(wmem_allocator_t *scope, const guint8 *ptr, gint length)
for (i = 0, c = ptr; i < length; c++, i++) {
if (!t61_tab[*c]) {
wmem_strbuf_append_unichar(strbuf, UNREPL);
- } else if ((*c & 0xf0) == 0xc0) {
+ } else if (i < length - 1 && (*c & 0xf0) == 0xc0) {
gint j = *c & 0x0f;
/* If this is the end of the string, or if the base
* character is just a space, treat this as a regular
--
2.7.4

215
wireshark-CVE-2019-9208.patch
View File

@ -1,215 +0,0 @@
From 34873a20eb489562098c5a58085ae783f869525c Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Thu, 31 Jan 2019 15:40:24 +0100
Subject: [PATCH] tcap: check p_tcap_private before dereferencing.
This caused a NULL pointer dereference on ASAN builds with
malformed packets.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0)
==15485==The signal is caused by a WRITE memory access.
==15485==Hint: address points to the zero page.
#0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf
#1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17
Bug: 15464
Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94
Reviewed-on: https://code.wireshark.org/review/31840
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
epan/dissectors/asn1/tcap/tcap.cnf | 24 +++++++++++++++--------
epan/dissectors/packet-tcap.c | 40 +++++++++++++++++++++++---------------
2 files changed, 40 insertions(+), 24 deletions(-)
diff --git a/epan/dissectors/asn1/tcap/tcap.cnf b/epan/dissectors/asn1/tcap/tcap.cnf
index a41be09..0507f71 100644
--- a/epan/dissectors/asn1/tcap/tcap.cnf
+++ b/epan/dissectors/asn1/tcap/tcap.cnf
@@ -115,20 +115,26 @@ ABRT-apdu/_untag/user-information abrt_user_information
#.FN_BODY AUDT-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
%(DEFAULT_BODY)s
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
#----------------------------------------------------------------------------------------
#.FN_BODY AARQ-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
%(DEFAULT_BODY)s
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
#----------------------------------------------------------------------------------------
#.FN_BODY AARE-apdu/_untag/application-context-name FN_VARIANT = _str VAL_PTR = &cur_oid
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
%(DEFAULT_BODY)s
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
#----------------------------------------------------------------------------------------
#.FN_BODY OrigTransactionID
tvbuff_t *parameter_tvb;
@@ -166,7 +172,8 @@ ABRT-apdu/_untag/user-information abrt_user_information
gp_tcapsrt_info->src_tid=0;
break;
}
- p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
+ if (p_tcap_private)
+ p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "otid(");
@@ -214,7 +221,8 @@ ABRT-apdu/_untag/user-information abrt_user_information
gp_tcapsrt_info->dst_tid=0;
break;
}
- p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
+ if (p_tcap_private)
+ p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "dtid(");
diff --git a/epan/dissectors/packet-tcap.c b/epan/dissectors/packet-tcap.c
index 2c1fe4a..fb8d2e7 100644
--- a/epan/dissectors/packet-tcap.c
+++ b/epan/dissectors/packet-tcap.c
@@ -743,7 +743,7 @@ dissect_tcap_OCTET_STRING_SIZE_1_4(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_tcap_OrigTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 134 "./asn1/tcap/tcap.cnf"
+#line 140 "./asn1/tcap/tcap.cnf"
tvbuff_t *parameter_tvb;
guint8 len, i;
proto_tree *subtree;
@@ -781,7 +781,8 @@ dissect_tcap_OrigTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
gp_tcapsrt_info->src_tid=0;
break;
}
- p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
+ if (p_tcap_private)
+ p_tcap_private->src_tid = gp_tcapsrt_info->src_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "otid(");
@@ -807,7 +808,7 @@ static const ber_sequence_t Begin_sequence[] = {
static int
dissect_tcap_Begin(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 228 "./asn1/tcap/tcap.cnf"
+#line 236 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_BEGIN;
/* Do not change col_add_str() to col_append_str() here: we _want_ this call
@@ -829,7 +830,7 @@ gp_tcapsrt_info->ope=TC_BEGIN;
static int
dissect_tcap_DestTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 182 "./asn1/tcap/tcap.cnf"
+#line 189 "./asn1/tcap/tcap.cnf"
tvbuff_t *parameter_tvb;
guint8 len , i;
proto_tree *subtree;
@@ -867,7 +868,8 @@ dissect_tcap_DestTransactionID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
gp_tcapsrt_info->dst_tid=0;
break;
}
- p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
+ if (p_tcap_private)
+ p_tcap_private->dst_tid = gp_tcapsrt_info->dst_tid;
if (len) {
col_append_str(actx->pinfo->cinfo, COL_INFO, "dtid(");
@@ -892,7 +894,7 @@ static const ber_sequence_t End_sequence[] = {
static int
dissect_tcap_End(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 242 "./asn1/tcap/tcap.cnf"
+#line 250 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_END;
col_set_str(actx->pinfo->cinfo, COL_INFO, "End ");
@@ -914,7 +916,7 @@ static const ber_sequence_t Continue_sequence[] = {
static int
dissect_tcap_Continue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 249 "./asn1/tcap/tcap.cnf"
+#line 257 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_CONT;
col_set_str(actx->pinfo->cinfo, COL_INFO, "Continue ");
@@ -985,7 +987,7 @@ static const ber_sequence_t Abort_sequence[] = {
static int
dissect_tcap_Abort(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 256 "./asn1/tcap/tcap.cnf"
+#line 264 "./asn1/tcap/tcap.cnf"
gp_tcapsrt_info->ope=TC_ABORT;
col_set_str(actx->pinfo->cinfo, COL_INFO, "Abort ");
@@ -1038,8 +1040,10 @@ dissect_tcap_AUDT_application_context_name(gboolean implicit_tag _U_, tvbuff_t *
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid);
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
return offset;
@@ -1132,12 +1136,14 @@ dissect_tcap_AARQ_protocol_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_tcap_AARQ_application_context_name(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 122 "./asn1/tcap/tcap.cnf"
+#line 124 "./asn1/tcap/tcap.cnf"
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid);
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
return offset;
@@ -1201,12 +1207,14 @@ dissect_tcap_AARE_protocol_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_tcap_AARE_application_context_name(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 128 "./asn1/tcap/tcap.cnf"
+#line 132 "./asn1/tcap/tcap.cnf"
struct tcap_private_t *p_tcap_private = (struct tcap_private_t*)actx->value_ptr;
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &cur_oid);
- p_tcap_private->oid= (const void*) cur_oid;
- p_tcap_private->acv=TRUE;
+ if (p_tcap_private) {
+ p_tcap_private->oid= (const void*) cur_oid;
+ p_tcap_private->acv=TRUE;
+ }
return offset;
--
1.7.12.4

48
wireshark-CVE-2019-9209.patch
View File

@ -1,48 +0,0 @@
From 3cd5ac36e20d56a43e002b926aec3b99488c85a1 Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Sat, 26 Jan 2019 17:10:53 +0100
Subject: [PATCH] BER: don't use invalid time offsets.
4 digits values could overflow the destination buffer. Skip them
since they're invalid and can only from tainted data.
Bug: 15447
Change-Id: Ice6d4f144597499483160ecaa63702025ab86f61
Reviewed-on: https://code.wireshark.org/review/31751
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
---
epan/dissectors/packet-ber.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c
index 93291d2..925d4c1 100644
--- a/epan/dissectors/packet-ber.c
+++ b/epan/dissectors/packet-ber.c
@@ -3658,7 +3658,7 @@ dissect_ber_GeneralizedTime(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree
first_delim[0] = 0;
second_delim[0] = 0;
- ret = sscanf( tmpstr, "%14d%1[.,+-Z]%4d%1[+-Z]%4d", &tmp_int, first_delim, &first_digits, second_delim, &second_digits);
+ ret = sscanf(tmpstr, "%14d%1[.,+-Z]%4d%1[+-Z]%4d", &tmp_int, first_delim, &first_digits, second_delim, &second_digits);
/* tmp_int does not contain valid value because of overflow but we use it just for format checking */
if (ret < 1) {
/* Nothing matched */
@@ -3684,9 +3684,11 @@ dissect_ber_GeneralizedTime(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree
/*
* Fraction of a minute or an hour.
*/
- if (ret == 2) {
+ if (ret == 2 || first_digits < 0 || first_digits > 999) {
/*
- * We saw the decimal sign, but didn't see the fraction.
+ * We saw the decimal sign, but didn't see the fraction
+ * or
+ * we got a number outside the valid range.
*/
goto invalid;
}
--
1.7.12.4

53
wireshark-initialize-point-in-end_string.patch
View File

@ -1,53 +0,0 @@
From 8862151190b333c938a47fbbe51b0a611607af7d Mon Sep 17 00:00:00 2001
From: lingsheng <lingsheng@huawei.com>
Date: Mon, 2 Nov 2020 16:01:57 +0800
Subject: [PATCH] initialize point in end_string
---
epan/version_info.c | 2 +-
version_info.c | 2 +-
wiretap/version_info.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/epan/version_info.c b/epan/version_info.c
index 6c80bd9..7e979d8 100644
--- a/epan/version_info.c
+++ b/epan/version_info.c
@@ -47,7 +47,7 @@
static void
end_string(GString *str)
{
- size_t point;
+ size_t point = 0;
char *p, *q;
point = str->len;
diff --git a/version_info.c b/version_info.c
index 6c80bd9..7e979d8 100644
--- a/version_info.c
+++ b/version_info.c
@@ -47,7 +47,7 @@
static void
end_string(GString *str)
{
- size_t point;
+ size_t point = 0;
char *p, *q;
point = str->len;
diff --git a/wiretap/version_info.c b/wiretap/version_info.c
index 6c80bd9..7e979d8 100644
--- a/wiretap/version_info.c
+++ b/wiretap/version_info.c
@@ -47,7 +47,7 @@
static void
end_string(GString *str)
{
- size_t point;
+ size_t point = 0;
char *p, *q;
point = str->len;
--
2.23.0

276
wireshark.spec
View File

@ -1,104 +1,91 @@
Name: wireshark %undefine __cmake_in_source_build
Version: 2.6.2 %global plugins_version 3.6
Release: 21 %define _lto_cflags %{nil}
Epoch: 1
Summary: Network traffic analyzer Summary: Network traffic analyzer
License: GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD and ISC Name: wireshark
URL: http://www.wireshark.org/ Version: 3.6.3
Source0: https://wireshark.org/download/src/all-versions/%{name}-%{version}.tar.xz Release: 1
Epoch: 1
License: GPL+
Url: http://www.wireshark.org/
Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz
Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt
Source2: 90-wireshark-usbmon.rules
Source3: wireshark.sysusers
Patch0001: wireshark-0006-Move-tmp-to-var-tmp.patch Patch2: wireshark-0002-Customize-permission-denied-error.patch
Patch0002: wireshark-0007-cmakelists.patch Patch3: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
Patch0003: Moving-glib.h-out-of-extern-C.patch Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch
Patch0004: Move-more-headers-outside-extern-C.patch Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
Patch0005: Move-even-more-headers-outside-extern-C.patch Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch0006: Move-still-more-headers-outside-of-extern-C.patch Patch7: wireshark-0007-cmakelists.patch
Patch0007: kerberos-regenerate-packet-kerberos-header.patch
Patch6000: wireshark-CVE-2018-16057.patch Requires: xdg-utils
Patch6001: wireshark-CVE-2018-16058.patch Requires: hicolor-icon-theme
Patch6002: wireshark-CVE-2018-18225.patch Requires(pre): shadow-utils
Patch6003: wireshark-CVE-2018-18226.patch
Patch6004: wireshark-CVE-2018-18227.patch
Patch6005: wireshark-CVE-2018-19622.patch
Patch6006: Replace-lbmpdm_fetch_uintN_encoded-with-tvb_get_guin.patch
Patch6007: wireshark-CVE-2018-19623.patch
Patch6008: wireshark-CVE-2018-19624.patch
Patch6009: wireshark-CVE-2018-19625.patch
Patch6010: wireshark-CVE-2018-19626.patch
Patch6011: wireshark-CVE-2018-19627.patch
Patch6012: wireshark-CVE-2018-19628.patch
Patch6013: wireshark-CVE-2019-9208.patch
Patch6014: wireshark-CVE-2019-9209.patch
Patch6015: wireshark-CVE-2019-5718.patch
Patch6016: CVE-2019-10894.patch
Patch6017: CVE-2019-10896.patch
Patch6018: CVE-2019-10899.patch
Patch6019: CVE-2019-10901.patch
Patch6020: CVE-2019-10903.patch
Patch6021: CVE-2019-10895.patch
Patch6022: CVE-2019-5716.patch
Patch6023: CVE-2019-5717.patch
Patch6024: CVE-2019-5719.patch
Patch6025: CVE-2020-11647.patch
Patch6026: fix-hash-table-key-memory-corruption.patch
Patch6027: CVE-2020-13164.patch
Patch6028: CVE-2020-15466.patch
Patch6029: CVE-2018-16056.patch
Patch6030: CVE-2020-25862.patch
Patch6031: CVE-2020-25863.patch
Patch6032: wireshark-initialize-point-in-end_string.patch
Patch6033: CVE-2020-28030.patch
Patch6034: CVE-2020-9430-1.patch
Patch6035: CVE-2020-9430-2.patch
Patch6036: CVE-2019-16319.patch
Patch6037: CVE-2020-26575.patch
Patch6038: CVE-2019-13619.patch
Patch6039: CVE-2019-19553.patch
Patch6040: CVE-2020-9428-pre.patch
Patch6041: CVE-2020-9428.patch
Patch6042: CVE-2020-9431.patch
Patch6043: CVE-2019-12295.patch
#https://gitlab.com/wireshark/wireshark/-/commit/0f638a240ceefb467025b7aa28acb56045381034
Patch6044: CVE-2021-22191.patch
#https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
Patch6045: CVE-2021-22207.patch
#https://gitlab.com/wireshark/wireshark/-/commit/d2436f19a3babc61ed97aa635f6eb43bfc44cfda
Patch6046: CVE-2021-4181.patch
#https://gitlab.com/wireshark/wireshark/-/commit/a0084bd76f45f9566bd94c49d7fb7571e0d4bdaa
Patch6047: CVE-2021-4185.patch
Requires(pre): shadow-utils
Requires(post): systemd-udev Requires(post): systemd-udev
Requires: %{name}-cli = %{epoch}:%{version}-%{release} xdg-utils hicolor-icon-theme
BuildRequires: bzip2-devel c-ares-devel elfutils-devel gcc-c++ glib2-devel gnutls-devel gtk3-devel krb5-devel libcap-devel
BuildRequires: libgcrypt-devel libnl3-devel libpcap-devel >= 0.9 libselinux-devel libsmi-devel openssl-devel desktop-file-utils
BuildRequires: xdg-utils bison flex pcre-devel perl(Pod::Html) perl(Pod::Man) libssh-devel qt5-linguist qt5-qtbase-devel
BuildRequires: qt5-qtmultimedia-devel qt5-qtsvg-devel zlib-devel git cmake
Provides: %{name}-cli = %{epoch}:%{version}-%{release} Provides: %{name}-cli = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-cli < %{epoch}:%{version}-%{release} wireshark-qt wireshark-gtk Obsoletes: %{name}-cli < %{epoch}:%{version}-%{release} wireshark-qt wireshark-gtk
BuildRequires: bzip2-devel
BuildRequires: c-ares-devel
BuildRequires: elfutils-devel
BuildRequires: gcc-c++
BuildRequires: glib2-devel
BuildRequires: gnutls-devel
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libgcrypt-devel
BuildRequires: libnl3-devel
BuildRequires: libpcap-devel >= 0.9
BuildRequires: libselinux-devel
BuildRequires: libsmi-devel
BuildRequires: openssl-devel
BuildRequires: desktop-file-utils
BuildRequires: xdg-utils
BuildRequires: bison
BuildRequires: flex
BuildRequires: pcre-devel
BuildRequires: perl
BuildRequires: perl(Pod::Html)
BuildRequires: perl(Pod::Man)
BuildRequires: perl(open)
Buildrequires: libssh-devel
BuildRequires: qt5-linguist
BuildRequires: qt5-qtbase-devel
BuildRequires: qt5-qtmultimedia-devel
BuildRequires: qt5-qtsvg-devel
BuildRequires: zlib-devel
BuildRequires: asciidoctor
Buildrequires: git-core
Buildrequires: cmake
BuildRequires: systemd-devel
BuildRequires: systemd
BuildRequires: libnghttp2-devel
BuildRequires: pulseaudio
%description %description
Wireshark is an open source tool for profiling network traffic and analyzing Wireshark allows you to examine protocol data stored in files or as it is
packets. Such a tool is often referred to as a network analyzer, network captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
protocol analyzer or sniffer. and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.
Wireshark, formerly known as Ethereal, can be used to examine the details of It has many powerful features including a rich display filter language
traffic at a variety of levels ranging from connection-level information to and the ability to reassemble multiple protocol packets in order to, for
the bits that make up a single packet. Packet capture can provide a network example, view a complete TCP stream, save the contents of a file which was
administrator with information about individual packets such as transmit time, transferred over HTTP or CIFS, or play back an RTP audio stream.
source, destination, protocol type and header data. This information can be
useful for evaluating security events and troubleshooting network security
device issues.
%package devel %package devel
Summary: Development headers and libraries for wireshark Summary: Development headers and libraries for wireshark
Requires: %{name} = %{epoch}:%{version}-%{release} glibc-devel glib2-devel Requires: %{name} = %{epoch}:%{version}-%{release} glibc-devel glib2-devel
%description devel %description devel
The wireshark-devel package includes header files and libraries necessary The wireshark-devel package contains the header files, developer
for the wireshark library. documentation, and libraries required for development of wireshark scripts
and plugins.
%package help %package help
Summary: This package contains help documents Summary: This package contains help documents
@ -108,60 +95,94 @@ Requires: %{name} = %{epoch}:%{version}-%{release}
Files for help with wireshark. Files for help with wireshark.
%prep %prep
%autosetup -n %{name}-%{version} -S git -p1 %autosetup -S git
%build %build
%cmake -G "Unix Makefiles" -DDISABLE_WERROR=ON -DBUILD_wireshark=ON -DENABLE_QT5=ON -DENABLE_LUA=OFF \ %cmake -G "Unix Makefiles" \
-DBUILD_mmdbresolve=OFF -DBUILD_randpktdump=OFF -DBUILD_androiddump=OFF -DENABLE_SMI=ON -DENABLE_PORTAUDIO=OFF \ -DDISABLE_WERROR=ON \
-DENABLE_PLUGINS=ON -DENABLE_NETLINK=ON -DBUILD_dcerpcidl2wrs=OFF -DBUILD_wireshark=ON \
-DENABLE_LUA=OFF \
-DBUILD_mmdbresolve=OFF \
-DBUILD_randpktdump=OFF \
-DBUILD_androiddump=ON \
-DENABLE_SMI=ON \
-DENABLE_PLUGINS=ON \
-DENABLE_NETLINK=ON \
-DBUILD_dcerpcidl2wrs=OFF \
-DBUILD_sdjournal=ON \
%{nil}
%make_build %make_build
%install %install
%make_install %make_install
desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop
desktop-file-validate %{buildroot}%{_datadir}/applications/org.wireshark.Wireshark.desktop
install -d -m 0755 %{buildroot}%{_includedir}/wireshark install -d -m 0755 %{buildroot}%{_includedir}/wireshark
IDIR="%{buildroot}%{_includedir}/wireshark" IDIR="%{buildroot}%{_includedir}/wireshark"
install -d "${IDIR}/epan/crypt" "${IDIR}/epan/ftypes" "${IDIR}/epan/dfilter" "${IDIR}/epan/dissectors" mkdir -p "${IDIR}/epan"
install -d "${IDIR}/epan/wmem" "${IDIR}/wiretap" "${IDIR}/wsutil" mkdir -p "${IDIR}/epan/crypt"
install -d %{buildroot}%{_udevrulesdir} mkdir -p "${IDIR}/epan/ftypes"
install -m 644 config.h epan/register.h cfile.h file.h ws_symbol_export.h ws_diag_control.h "${IDIR}/" mkdir -p "${IDIR}/epan/dfilter"
install -m 644 epan/*.h "${IDIR}/epan/" mkdir -p "${IDIR}/epan/dissectors"
install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt" mkdir -p "${IDIR}/epan/wmem"
install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes" mkdir -p "${IDIR}/wiretap"
install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter" mkdir -p "${IDIR}/wsutil"
install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors" mkdir -p %{buildroot}%{_udevrulesdir}
install -m 644 epan/wmem/*.h "${IDIR}/epan/wmem" install -m 644 config.h epan/register.h "${IDIR}/"
install -m 644 wiretap/*.h "${IDIR}/wiretap" install -m 644 cfile.h file.h "${IDIR}/"
install -m 644 wsutil/*.h "${IDIR}/wsutil" install -m 644 ws_symbol_export.h "${IDIR}/"
install -m 644 epan/*.h "${IDIR}/epan/"
install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt"
install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes"
install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter"
install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors"
install -m 644 wiretap/*.h "${IDIR}/wiretap"
install -m 644 wsutil/*.h "${IDIR}/wsutil"
install -m 644 ws_diag_control.h "${IDIR}/"
install -m 644 %{SOURCE2} %{buildroot}%{_udevrulesdir}
install -Dpm 644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
touch %{buildroot}%{_bindir}/%{name} touch %{buildroot}%{_bindir}/%{name}
%delete_la find %{buildroot} -type f -name "*.la" -delete
%pre %pre
getent group wireshark >/dev/null || groupadd -r wireshark getent group wireshark >/dev/null || groupadd -r wireshark
getent group usbmon >/dev/null || groupadd -r usbmon exit 0
#%post
%post #%{?ldconfig}
/sbin/ldconfig #if [ -S /run/udev/control ]; then
/usr/bin/udevadm trigger --subsystem-match=usbmon # /usr/bin/udevadm trigger --subsystem-match=usbmon
#fi
%postun #
/sbin/ldconfig #%ldconfig_postun
%files %files
%{_datadir}/appdata/%{name}.appdata.xml %{_datadir}/applications/org.wireshark.Wireshark.desktop
%{_datadir}/applications/wireshark.desktop %{_datadir}/metainfo/*.xml
%{_datadir}/mime/packages/*.xml
%{_datadir}/icons/hicolor/*/apps/* %{_datadir}/icons/hicolor/*/apps/*
%{_datadir}/icons/hicolor/*/mimetypes/* %{_datadir}/icons/hicolor/*/mimetypes/*
%{_datadir}/mime/packages/wireshark.xml
%doc COPYING
%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap
%{_bindir}/* %{_bindir}/*
%{_mandir}/man1/wireshark.*
%{_sysusersdir}/%{name}.conf
%license COPYING
%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap
%{_udevrulesdir}/90-wireshark-usbmon.rules
%{_libdir}/lib*.so.* %{_libdir}/lib*.so.*
%dir %{_libdir}/wireshark
%dir %{_libdir}/wireshark/extcap
%dir %{_libdir}/wireshark/plugins
%{_libdir}/wireshark/extcap/* %{_libdir}/wireshark/extcap/*
%{_libdir}/wireshark/*.cmake %dir %{_libdir}/wireshark/cmake
%{_libdir}/wireshark/plugins/2.6/epan/*.so %{_libdir}/wireshark/cmake/*.cmake
%{_libdir}/wireshark/plugins/2.6/wiretap/*.so %dir %{_libdir}/wireshark/plugins/%{plugins_version}
%{_libdir}/wireshark/plugins/2.6/codecs/*.so %dir %{_libdir}/wireshark/plugins/%{plugins_version}/epan
%dir %{_libdir}/wireshark/plugins/%{plugins_version}/wiretap
%dir %{_libdir}/wireshark/plugins/%{plugins_version}/codecs
%{_libdir}/wireshark/plugins/%{plugins_version}/epan/*.so
%{_libdir}/wireshark/plugins/%{plugins_version}/wiretap/*.so
%{_libdir}/wireshark/plugins/%{plugins_version}/codecs/*.so
%dir %{_datadir}/wireshark
%{_datadir}/wireshark/* %{_datadir}/wireshark/*
%files devel %files devel
@ -174,6 +195,9 @@ getent group usbmon >/dev/null || groupadd -r usbmon
%{_mandir}/man?/* %{_mandir}/man?/*
%changelog %changelog
* Tue Apr 19 2022 wangkai <wangkai385@huawei.com> - 3.6.3-1
- Update to 3.6.3
* Fri Apr 1 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-21 * Fri Apr 1 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-21
- Fix CVE-2021-22191 CVE-2021-22207 CVE-2021-4181 CVE-2021-4185 - Fix CVE-2021-22191 CVE-2021-22207 CVE-2021-4181 CVE-2021-4185
@ -231,7 +255,7 @@ getent group usbmon >/dev/null || groupadd -r usbmon
* Fri May 15 2020 huanghaitao <huanghaitao8@huawei.com> - 2.6.2-7 * Fri May 15 2020 huanghaitao <huanghaitao8@huawei.com> - 2.6.2-7
- Type:cves - Type:cves
- ID: CVE-2020-11647 - ID: CVE-2020-11647
- SUG:restart - SUG:restart
- DESC: fix CVE-2020-11647 - DESC: fix CVE-2020-11647

2
wireshark.sysusers Normal file
View File

@ -0,0 +1,2 @@
g wireshark - -
g usbmon - -