From: Markus Koschany <apo@debian.org>
Date: Thu, 24 Mar 2022 14:03:00 +0100
Subject: CVE-2021-22191

Origin: https://gitlab.com/wireshark/wireshark/-/commit/0f638a240ceefb467025b7aa28acb56045381034
---
 epan/wslua/wslua_gui.c | 24 ++++++++++++++++++++++--
 ui/qt/proto_tree.cpp   |  5 ++++-
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/epan/wslua/wslua_gui.c b/epan/wslua/wslua_gui.c
index e93618f..b7eef3f 100644
--- a/epan/wslua/wslua_gui.c
+++ b/epan/wslua/wslua_gui.c
@@ -854,7 +854,16 @@ WSLUA_FUNCTION wslua_reload_lua_plugins(lua_State* L) { /* Reload all Lua plugin
 }
 
 
-WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /* Open an url in a browser. */
+WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /*
+    Opens an URL in a web browser. Requires a GUI.
+
+    [WARNING]
+    ====
+    Do not pass an untrusted URL to this function.
+
+    It will be passed to the system's URL handler, which might execute malicious code, switch on your Bluetooth-connected foghorn, or any of a number of unexpected or harmful things.
+    ====
+    */
 #define WSLUA_ARG_browser_open_url_URL 1 /* The url. */
     const char* url = luaL_checkstring(L,WSLUA_ARG_browser_open_url_URL);
 
@@ -868,7 +877,18 @@ WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /* Open an url in a browse
     return 0;
 }
 
-WSLUA_FUNCTION wslua_browser_open_data_file(lua_State* L) { /* Open a file in a browser. */
+WSLUA_FUNCTION wslua_browser_open_data_file(lua_State* L) { /*
+    Open a file located in the data directory (specified in the Wireshark preferences) in the web browser.
+    If the file does not exist, the function silently ignores the request.
+    Requires a GUI.
+
+    [WARNING]
+    ====
+    Do not pass an untrusted URL to this function.
+
+    It will be passed to the system's URL handler, which might execute malicious code, switch on your Bluetooth-connected foghorn, or any of a number of unexpected or harmful things.
+    ====
+    */
 #define WSLUA_ARG_browser_open_data_file_FILENAME 1 /* The file name. */
     const char* file = luaL_checkstring(L,WSLUA_ARG_browser_open_data_file_FILENAME);
 
diff --git a/ui/qt/proto_tree.cpp b/ui/qt/proto_tree.cpp
index 0525cf2..15f4c08 100644
--- a/ui/qt/proto_tree.cpp
+++ b/ui/qt/proto_tree.cpp
@@ -18,6 +18,8 @@
 #include <ui/qt/utils/variant_pointer.h>
 #include <ui/qt/utils/wireshark_mime_data.h>
 #include <ui/qt/widgets/drag_label.h>
+#include "wireshark_application.h"
+
 
 #include <QApplication>
 #include <QContextMenuEvent>
@@ -27,6 +29,7 @@
 #include <QScrollBar>
 #include <QStack>
 #include <QUrl>
+#include <QClipboard>
 
 #if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
 #include <QWindow>
@@ -430,7 +433,7 @@ void ProtoTree::itemDoubleClicked(const QModelIndex &index) {
     } else {
         QString url = finfo.url();
         if (!url.isEmpty()) {
-            QDesktopServices::openUrl(QUrl(url));
+            QApplication::clipboard()->setText(url);
         }
     }
 }