83 lines
2.9 KiB
Diff
83 lines
2.9 KiB
Diff
From: Markus Koschany <apo@debian.org>
|
|
Date: Thu, 24 Mar 2022 14:03:00 +0100
|
|
Subject: CVE-2021-22191
|
|
|
|
Origin: https://gitlab.com/wireshark/wireshark/-/commit/0f638a240ceefb467025b7aa28acb56045381034
|
|
---
|
|
epan/wslua/wslua_gui.c | 24 ++++++++++++++++++++++--
|
|
ui/qt/proto_tree.cpp | 5 ++++-
|
|
2 files changed, 26 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/epan/wslua/wslua_gui.c b/epan/wslua/wslua_gui.c
|
|
index e93618f..b7eef3f 100644
|
|
--- a/epan/wslua/wslua_gui.c
|
|
+++ b/epan/wslua/wslua_gui.c
|
|
@@ -854,7 +854,16 @@ WSLUA_FUNCTION wslua_reload_lua_plugins(lua_State* L) { /* Reload all Lua plugin
|
|
}
|
|
|
|
|
|
-WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /* Open an url in a browser. */
|
|
+WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /*
|
|
+ Opens an URL in a web browser. Requires a GUI.
|
|
+
|
|
+ [WARNING]
|
|
+ ====
|
|
+ Do not pass an untrusted URL to this function.
|
|
+
|
|
+ It will be passed to the system's URL handler, which might execute malicious code, switch on your Bluetooth-connected foghorn, or any of a number of unexpected or harmful things.
|
|
+ ====
|
|
+ */
|
|
#define WSLUA_ARG_browser_open_url_URL 1 /* The url. */
|
|
const char* url = luaL_checkstring(L,WSLUA_ARG_browser_open_url_URL);
|
|
|
|
@@ -868,7 +877,18 @@ WSLUA_FUNCTION wslua_browser_open_url(lua_State* L) { /* Open an url in a browse
|
|
return 0;
|
|
}
|
|
|
|
-WSLUA_FUNCTION wslua_browser_open_data_file(lua_State* L) { /* Open a file in a browser. */
|
|
+WSLUA_FUNCTION wslua_browser_open_data_file(lua_State* L) { /*
|
|
+ Open a file located in the data directory (specified in the Wireshark preferences) in the web browser.
|
|
+ If the file does not exist, the function silently ignores the request.
|
|
+ Requires a GUI.
|
|
+
|
|
+ [WARNING]
|
|
+ ====
|
|
+ Do not pass an untrusted URL to this function.
|
|
+
|
|
+ It will be passed to the system's URL handler, which might execute malicious code, switch on your Bluetooth-connected foghorn, or any of a number of unexpected or harmful things.
|
|
+ ====
|
|
+ */
|
|
#define WSLUA_ARG_browser_open_data_file_FILENAME 1 /* The file name. */
|
|
const char* file = luaL_checkstring(L,WSLUA_ARG_browser_open_data_file_FILENAME);
|
|
|
|
diff --git a/ui/qt/proto_tree.cpp b/ui/qt/proto_tree.cpp
|
|
index 0525cf2..15f4c08 100644
|
|
--- a/ui/qt/proto_tree.cpp
|
|
+++ b/ui/qt/proto_tree.cpp
|
|
@@ -18,6 +18,8 @@
|
|
#include <ui/qt/utils/variant_pointer.h>
|
|
#include <ui/qt/utils/wireshark_mime_data.h>
|
|
#include <ui/qt/widgets/drag_label.h>
|
|
+#include "wireshark_application.h"
|
|
+
|
|
|
|
#include <QApplication>
|
|
#include <QContextMenuEvent>
|
|
@@ -27,6 +29,7 @@
|
|
#include <QScrollBar>
|
|
#include <QStack>
|
|
#include <QUrl>
|
|
+#include <QClipboard>
|
|
|
|
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
|
|
#include <QWindow>
|
|
@@ -430,7 +433,7 @@ void ProtoTree::itemDoubleClicked(const QModelIndex &index) {
|
|
} else {
|
|
QString url = finfo.url();
|
|
if (!url.isEmpty()) {
|
|
- QDesktopServices::openUrl(QUrl(url));
|
|
+ QApplication::clipboard()->setText(url);
|
|
}
|
|
}
|
|
}
|