Corrected a typo. #1

makcakaya · 2015-04-03T12:41:10Z

No description provided.

geraldcombs · 2015-04-03T15:19:35Z

This is a one-way mirror of https://code.wireshark.org/review/ Can you upload your change there?

makcakaya · 2015-04-05T12:17:11Z

Sure, thanks.

When a different packet is changed, the packet scoped memory for tvbuff is freed before clearing data source tabs. This results in heap-use-after free when resizeEvent is called as a result of clearing tabs for data sources. Avoid resize events by hiding the tabs. Caught with ASAN: ==18816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060004cd970 at pc 0x7fffebf46618 bp 0x7fffffffbb10 sp 0x7fffffffbb00 READ of size 4 at 0x6060004cd970 thread T0 #0 0x7fffebf46617 in tvb_captured_length epan/tvbuff.c:423 wireshark#1 0x773062 in ByteViewText::updateScrollbars() ui/qt/byte_view_text.cpp:489 wireshark#2 0x76f307 in ByteViewText::resizeEvent(QResizeEvent*) ui/qt/byte_view_text.cpp:197 ... wireshark#24 0x9f2348 in ByteViewText::~ByteViewText() ui/qt/byte_view_text.h:46 wireshark#25 0x9f23f5 in ByteViewText::~ByteViewText() ui/qt/byte_view_text.h:46 wireshark#26 0x76b9d6 in ByteViewTab::clear() ui/qt/byte_view_tab.cpp:54 wireshark#27 0x5de685 in PacketList::selectionChanged(QItemSelection const&, QItemSelection const&) ui/qt/packet_list.cpp:477 ... freed by thread T0 here: ... wireshark#5 0x53d763 in cf_select_packet file.c:3827 wireshark#6 0x5ddfa5 in PacketList::selectionChanged(QItemSelection const&, QItemSelection const&) ui/qt/packet_list.cpp:454 wireshark#7 0x7fffe58ec980 (/usr/lib/libQt5Widgets.so.5+0x3bc980) wireshark#8 0x7fffe4d55dd6 in QItemSelectionModel::selectionChanged(QItemSelection const&, QItemSelection const&) (/usr/lib/libQt5Core.so.5+0x23fdd6) ... Change-Id: I9c1c01398713389de58259d13ebbaddd2d6e5c52 Reviewed-on: https://code.wireshark.org/review/7589 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fixes a crash / heisenbug in wireshark-qt on startup: ==26808==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7fff8cf3bf70 in thread T0 #0 0x7f42ce3b66da in __interceptor_free /build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:28 #1 0x842847 in WirelessFrame::setChannel() ui/qt/wireless_frame.cpp:257 #2 0x842bf5 in WirelessFrame::on_channelComboBox_activated(int) ui/qt/wireless_frame.cpp:282 #3 0x84407d in WirelessFrame::timerEvent(QTimerEvent*) ui/qt/wireless_frame.cpp:134 #4 0x7f42ba94ea92 in QObject::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2b0a92) #5 0x7f42bb6218ea in QWidget::event(QEvent*) (/usr/lib/libQt5Widgets.so.5+0x1948ea) #6 0x7f42bb71c16d in QFrame::event(QEvent*) (/usr/lib/libQt5Widgets.so.5+0x28f16d) #7 0x7f42bb5df62b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x15262b) #8 0x7f42bb5e4d0f in QApplication::notify(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x157d0f) #9 0x7f42ba91d57a in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x27f57a) #10 0x7f42ba973b1c in QTimerInfoList::activateTimers() (/usr/lib/libQt5Core.so.5+0x2d5b1c) #11 0x7f42ba974020 (/usr/lib/libQt5Core.so.5+0x2d6020) #12 0x7f42cdde7a16 in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x49a16) #13 0x7f42cdde7c6f (/usr/lib/libglib-2.0.so.0+0x49c6f) #14 0x7f42cdde7d1b in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x49d1b) #15 0x7f42ba974cfe in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2d6cfe) #16 0x56c8ba in main_window_update wireshark-qt.cpp:128 #17 0xe4b612 in sync_pipe_open_command capchild/capture_sync.c:972 #18 0xe4b823 in sync_pipe_run_command_actual capchild/capture_sync.c:1034 #19 0xe4c590 in sync_pipe_run_command capchild/capture_sync.c:1211 #20 0xe4e9a5 in sync_if_capabilities_open capchild/capture_sync.c:1356 #21 0xe48b7a in capture_get_if_capabilities capchild/capture_ifinfo.c:249 #22 0xdf539a in scan_local_interfaces ui/iface_lists.c:186 #23 0xdf6a65 in fill_in_local_interfaces ui/iface_lists.c:405 #24 0x56e49d in main wireshark-qt.cpp:1154 #25 0x7f42b81c178f in __libc_start_main (/usr/lib/libc.so.6+0x2078f) #26 0x56ba58 in _start (wireshark+0x56ba58) AddressSanitizer can not describe address in more detail (wild memory access suspected). SUMMARY: AddressSanitizer: bad-free /build/gcc-multilib/src/gcc-5-20150519/libsanitizer/asan/asan_malloc_linux.cc:28 __interceptor_free Change-Id: I63744261096b3cfd0eddcf75bcf85103a3f0788d Reviewed-on: https://code.wireshark.org/review/9220 Reviewed-by: Peter Wu <peter@lekensteyn.nl>

"./configure --enable-asan" currently fails to detect installed libraries because aclocal-fallback/* built programs have memory leaks in them. configure:34516: checking for GTK+ - version >= 3.0.0 configure:34626: gcc -o conftest ... ... configure:34626: $? = 0 configure:34626: ./conftest ================================================================= ==29007==ERROR: LeakSanitizer: detected memory leaks Direct leak of 6 byte(s) in 1 object(s) allocated from: #0 0x7fa5c95dd9aa in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa) #1 0x7fa5c8995578 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f578) SUMMARY: AddressSanitizer: 6 byte(s) leaked in 1 allocation(s). configure:34626: $? = 23 configure: program exited with status 23 ... configure:34649: result: no configure:34699: error: GTK+ 3 is not available ... This system is running 64-bit Ubuntu Linux 15.10 with GCC 5.2.1 compiler. The glib-2-0.m4 leak, and the gtk-3.0.m4 leak are fixed by updating "glib-2.0.m4" to the latest upstream version. Whitespace errors are fixed locally to keep the BuildBot happy. Change-Id: I01a5f4c494a59ae6d0ee19cd2611fab163ebf9b4 Reviewed-on: https://code.wireshark.org/review/11283 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>

"./configure --enable-asan" currently fails to detect installed libraries because aclocal-fallback/* built programs have memory leaks in them. configure:34516: checking for GTK+ - version >= 3.0.0 configure:34626: gcc -o conftest ... ... configure:34626: $? = 0 configure:34626: ./conftest ================================================================= ==29007==ERROR: LeakSanitizer: detected memory leaks Direct leak of 6 byte(s) in 1 object(s) allocated from: #0 0x7fa5c95dd9aa in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa) #1 0x7fa5c8995578 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f578) SUMMARY: AddressSanitizer: 6 byte(s) leaked in 1 allocation(s). configure:34626: $? = 23 configure: program exited with status 23 ... configure:34649: result: no configure:34699: error: GTK+ 3 is not available ... This system is running 64-bit Ubuntu Linux 15.10 with GCC 5.2.1 compiler. The glib-2-0.m4 leak, and the gtk-3.0.m4 leak are fixed by updating "glib-2.0.m4" to the latest upstream version. Whitespace errors are fixed locally to keep the BuildBot happy. Change-Id: I01a5f4c494a59ae6d0ee19cd2611fab163ebf9b4 Reviewed-on: https://code.wireshark.org/review/11283 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> (cherry picked from commit 58528f6) Reviewed-on: https://code.wireshark.org/review/11552

Caught by LeakSanitizer: Direct leak of 18 byte(s) in 3 object(s) allocated from: #0 0x55ec8c5ffec8 in __interceptor_malloc (run/wireshark+0x145dec8) #1 0x7f4d021e4328 in g_malloc /build/src/glib-2.46.2/glib/gmem.c:94 #2 0x7f4d021fd0de in g_strdup /build/src/glib-2.46.2/glib/gstrfuncs.c:363 #3 0x55ec8c6ce514 in extcap_parse_interface_sentence extcap_parser.c:670:26 #4 0x55ec8c6ce7ad in extcap_parse_interfaces extcap_parser.c:683:13 #5 0x55ec8c6b6781 in interfaces_cb extcap.c:313:5 #6 0x55ec8c6b4ce6 in extcap_foreach extcap.c:206:26 #7 0x55ec8c6b62a6 in extcap_interface_list extcap.c:415:5 #8 0x55ec8c6b7fab in extcap_register_preferences extcap.c:437:9 #9 0x55ec8c63104a in main wireshark-qt.cpp:847:5 #10 0x7f4ce8f4460f in __libc_start_main (/usr/lib/libc.so.6+0x2060f) #11 0x55ec8c569ed8 in _start (run/wireshark+0x13c7ed8) Change-Id: I0ef89e647b2cc9aab495a80f6c638e9b67cf3ad1 Reviewed-on: https://code.wireshark.org/review/13692 Reviewed-by: Dario Lombardo <lomato@gmail.com> Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>

in wslua_init(), our lua instance L is set to NULL if disable_lua is true in init.lua make sure that we leave wslua_init() in this case if we don't, we crash in lua_pop(L,1); with L==NULL Program received signal SIGSEGV, Segmentation fault. 0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0 (gdb) bt #0 0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0 #1 0x00007ffff4fb50e4 in wslua_init (cb=cb@entry=0x516f40 <splash_update(register_action_e, char const*, void*)>, client_data=client_data@entry=0x0) at init_wslua.c:900 [...] Bug:12196 Change-Id: Ic338c4edcb897c0eaa9b6755bbb6c9991ec6ed02 Reviewed-on: https://code.wireshark.org/review/14228 Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

in wslua_init(), our lua instance L is set to NULL if disable_lua is true in init.lua make sure that we leave wslua_init() in this case if we don't, we crash in lua_pop(L,1); with L==NULL Program received signal SIGSEGV, Segmentation fault. 0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0 (gdb) bt #0 0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0 #1 0x00007ffff4fb50e4 in wslua_init (cb=cb@entry=0x516f40 <splash_update(register_action_e, char const*, void*)>, client_data=client_data@entry=0x0) at init_wslua.c:900 [...] Bug:12196 Change-Id: Ic338c4edcb897c0eaa9b6755bbb6c9991ec6ed02 Reviewed-on: https://code.wireshark.org/review/14228 Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org> (cherry picked from commit ddcafa0) Reviewed-on: https://code.wireshark.org/review/14229

This g_free() causes a crash on my system for every capture file where names are resolved. Program received signal SIGABRT, Aborted. 0x00007ffff0347125 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff0347125 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff034a3a0 in *__GI_abort () at abort.c:92 #2 0x00007ffff038135b in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x00007ffff038abb6 in malloc_printerr (action=3, str=0x7ffff0464532 "free(): invalid pointer", ptr=<optimized out>) at malloc.c:6312 #4 0x00007ffff038f95c in *__GI___libc_free (mem=<optimized out>) at malloc.c:3738 #5 0x00007fffef8cca41 in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #6 0x00007fffef8ccad2 in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #7 0x00007fffef8cceea in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #8 0x00007fffef8d501b in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #9 0x00007fffef8d3a4a in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #10 0x00007fffef8d4792 in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #11 0x00007fffef8d49de in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #12 0x00007fffef8d4cc7 in ?? () from /usr/lib/x86_64-linux-gnu/libcares.so.2 #13 0x00007ffff4329713 in host_name_lookup_process () at addr_resolv.c:2485 #14 0x000000000053fda9 in WiresharkApplication::refreshAddressResolution (this=0x7fffffffe2f0) at wireshark_application.cpp:217 #15 0x000000000059c42d in WiresharkApplication::qt_static_metacall (_o=0x7fffffffe2f0, _c=<optimized out>, _id=<optimized out>, _a=0x7fffffffd7b0) at wireshark_application.moc.cpp:142 #16 0x00007ffff140654f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 Change-Id: I20586929463259f71f325225975eec241166f123 Reviewed-on: https://code.wireshark.org/review/15047 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

fetch the list head each time we iterate through the list if we don't, we crash when the same entry is removed a second time #0 wmem_block_remove_from_block_list (block=0x7fffecd7b1c0, allocator=<optimized out>) at wmem_allocator_block.c:738 #1 wmem_block_free_jumbo (chunk=0x7fffecd7b1d0, allocator=0x65c060) at wmem_allocator_block.c:822 #2 wmem_block_free (private_data=0x65c060, ptr=0x7fffecd7b1e0) at wmem_allocator_block.c:913 #3 0x00007ffff452eac1 in host_name_lookup_process () at addr_resolv.c:2466 #4 0x000000000041733d in process_packet (cf=cf@entry=0x63fe20, edt=edt@entry=0xce08f0, offset=<optimized out>, whdr=0xc97c70, pd=pd@entry=0xc9f550 "", tap_flags=tap_flags@entry=0) at tshark.c:3699 #5 0x000000000040f199 in load_cap_file (max_byte_count=13197776, max_packet_count=<optimized out>, out_file_name_res=0, out_file_type=2, save_file=0x0, cf=<optimized out>) at tshark.c:3483 #6 main (argc=<optimized out>, argv=<optimized out>) at tshark.c:2192 Change-Id: I1ac813242188842130f4070ef326b12fe23b782f Reviewed-on: https://code.wireshark.org/review/15068 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Program terminated with signal 11, Segmentation fault. #0 0x00007f573e5bdecf in uat_fld_chk_oid (u1=0x2eb1830, strptr=0x7f573c8431e4 "", len=0, u2=0x0, u3=0x0, err=0x7ffee1668748) at uat.c:494 494 if(strptr[len-1] == '.') { (gdb) (gdb) bt #0 0x00007f573e5bdecf in uat_fld_chk_oid (u1=0x2eb1830, strptr=0x7f573c8431e4 "", len=0, u2=0x0, u3=0x0, err=0x7ffee1668748) at uat.c:494 #1 0x0000000000485dfc in uat_dlg_cb (win=0x3844290, user_data=0x3632bc0) at uat_gui.c:364 #2 0x00007f573b2f19a7 in _g_closure_invoke_va (closure=0x3367130, return_value=0x0, instance=0x3844290, args=0x7ffee1668a78, n_params=0, Change-Id: Ic61480f8c1f2cd833c58de0b2acc24dcb831578f Reviewed-on: https://code.wireshark.org/review/16800 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

Program terminated with signal 11, Segmentation fault. #0 0x00007f573e5bdecf in uat_fld_chk_oid (u1=0x2eb1830, strptr=0x7f573c8431e4 "", len=0, u2=0x0, u3=0x0, err=0x7ffee1668748) at uat.c:494 494 if(strptr[len-1] == '.') { (gdb) (gdb) bt #0 0x00007f573e5bdecf in uat_fld_chk_oid (u1=0x2eb1830, strptr=0x7f573c8431e4 "", len=0, u2=0x0, u3=0x0, err=0x7ffee1668748) at uat.c:494 #1 0x0000000000485dfc in uat_dlg_cb (win=0x3844290, user_data=0x3632bc0) at uat_gui.c:364 #2 0x00007f573b2f19a7 in _g_closure_invoke_va (closure=0x3367130, return_value=0x0, instance=0x3844290, args=0x7ffee1668a78, n_params=0, Change-Id: Ic61480f8c1f2cd833c58de0b2acc24dcb831578f Reviewed-on: https://code.wireshark.org/review/16800 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org> (cherry picked from commit bf123ef) Reviewed-on: https://code.wireshark.org/review/16814

Program terminated with signal 11, Segmentation fault. #0 0x00007f573e5bdecf in uat_fld_chk_oid (u1=0x2eb1830, strptr=0x7f573c8431e4 "", len=0, u2=0x0, u3=0x0, err=0x7ffee1668748) at uat.c:494 494 if(strptr[len-1] == '.') { (gdb) (gdb) bt #0 0x00007f573e5bdecf in uat_fld_chk_oid (u1=0x2eb1830, strptr=0x7f573c8431e4 "", len=0, u2=0x0, u3=0x0, err=0x7ffee1668748) at uat.c:494 #1 0x0000000000485dfc in uat_dlg_cb (win=0x3844290, user_data=0x3632bc0) at uat_gui.c:364 #2 0x00007f573b2f19a7 in _g_closure_invoke_va (closure=0x3367130, return_value=0x0, instance=0x3844290, args=0x7ffee1668a78, n_params=0, Change-Id: Ic61480f8c1f2cd833c58de0b2acc24dcb831578f Reviewed-on: https://code.wireshark.org/review/16800 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org> (cherry picked from commit bf123ef) Reviewed-on: https://code.wireshark.org/review/16814 (cherry picked from commit 1c9e52e) Reviewed-on: https://code.wireshark.org/review/16815

1. CIP Safety: SERCOS Safety Network Number attribute should be 6 bytes. Don't just use all remaining bytes 2. Remove cip_byte_array type. The last remaining usage was #1 above and it really shouldn't be used in the future. Any attribute that would eat up all remaining bytes would have issues with Get Attribute List responses and Set Attribute List requests. 3. Optional Attribute List: Display the attribute name if known. 4. Port: Display Port Number name 5. Port: Associated Communication Objects attribute Change-Id: I94d99bb1f07aa4b8c44949b2ffb5d75e72483459 Reviewed-on: https://code.wireshark.org/review/19374 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>

1. CIP Safety: SERCOS Safety Network Number attribute should be 6 bytes. Don't just use all remaining bytes 2. Remove cip_byte_array type. The last remaining usage was wireshark#1 above and it really shouldn't be used in the future. Any attribute that would eat up all remaining bytes would have issues with Get Attribute List responses and Set Attribute List requests. 3. Optional Attribute List: Display the attribute name if known. 4. Port: Display Port Number name 5. Port: Associated Communication Objects attribute Change-Id: I94d99bb1f07aa4b8c44949b2ffb5d75e72483459 Reviewed-on: https://code.wireshark.org/review/19374 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>

Fixes the following UBSAN errors: ui/qt/io_graph_dialog.cpp:1720:75: runtime error: load of value 3200171710, which is not a valid value for type 'io_graph_item_unit_t' #0 0x5611f0b0cd1d in IOGraph::setFilter(QString const&) ui/qt/io_graph_dialog.cpp:1720:75 #1 0x5611f0b737a1 in IOGraph::IOGraph(QCustomPlot*) ui/qt/io_graph_dialog.cpp:1682:5 #2 0x5611f0afb3f3 in IOGraphDialog::addGraph(bool, QString, QString, int, IOGraph::PlotStyles, io_graph_item_unit_t, QString, int) ui/qt/io_graph_dialog.cpp:340:24 #3 0x5611f0af7c19 in IOGraphDialog::IOGraphDialog(QWidget&, CaptureFile&) ui/qt/io_graph_dialog.cpp:289:13 ui/qt/io_graph_dialog.cpp:1818:19: runtime error: load of value 3200171710, which is not a valid value for type 'io_graph_item_unit_t' #0 0x5611f0b1167e in IOGraph::setPlotStyle(int) ui/qt/io_graph_dialog.cpp:1818:19 #1 0x5611f0b062ee in IOGraphDialog::syncGraphSettings(QTreeWidgetItem*) ui/qt/io_graph_dialog.cpp:420:10 ui/qt/io_graph_dialog.cpp:1872:29: runtime error: load of value 3200171710, which is not a valid value for type 'io_graph_item_unit_t' #0 0x5611f0b13e6a in IOGraph::setValueUnits(int) ui/qt/io_graph_dialog.cpp:1872:29 #1 0x5611f0b06640 in IOGraphDialog::syncGraphSettings(QTreeWidgetItem*) ui/qt/io_graph_dialog.cpp:422:10 Note that calling setFilter with an empty string is pretty useless, especially since the filter is initialized later, so remove it. The choice for IOG_ITEM_UNIT_FIRST is quite arbitrary and needed because setValueUnits reads the "old" (uninitialized) value. Change-Id: I32c65a30593cb718b838c0f324e0d1b0eaab90e5 Reviewed-on: https://code.wireshark.org/review/20767 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>

The Follow Stream dialogue's button "Filter out this stream" filters out the stream's packets and then closes the Follow Stream dialogue. This may take a moment. If the user presses the Close button while the filtering is still running, the dialogue will be closed twice. This causes a crash which can be seen in ASAN builds. ==9485==ERROR: AddressSanitizer: SEGV on unknown address 0x60205e80001b (pc 0x7f923e672b8c sp 0x7fff73104600 bp 0x7fff73104600 T0) #0 0x7f923e672b8b in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9b8b) #1 0x7f924f46010b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x13f10b) #2 0x7f924f4655ff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1445ff) #3 0x7f923e672dca in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9dca) #4 0x7f924f49ae54 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x179e54) #5 0x55f3e249582f in FollowStreamDialog::close() /media/sf_wireshark.git/ui/qt/follow_stream_dialog.cpp:327 #6 0x55f3e236e534 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:155 ... SUMMARY: AddressSanitizer: SEGV ??:0 QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) ==9485==ABORTING Ignore the Close button if we know that we'll be closing the dialogue shortly. Change-Id: Ibf1684fd75937e6b24fcb9ea62ae6acb038260e6 Reviewed-on: https://code.wireshark.org/review/24777 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>

The Follow Stream dialogue's button "Filter out this stream" filters out the stream's packets and then closes the Follow Stream dialogue. This may take a moment. If the user presses the Close button while the filtering is still running, the dialogue will be closed twice. This causes a crash which can be seen in ASAN builds. ==9485==ERROR: AddressSanitizer: SEGV on unknown address 0x60205e80001b (pc 0x7f923e672b8c sp 0x7fff73104600 bp 0x7fff73104600 T0) #0 0x7f923e672b8b in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9b8b) #1 0x7f924f46010b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x13f10b) #2 0x7f924f4655ff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1445ff) #3 0x7f923e672dca in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9dca) #4 0x7f924f49ae54 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x179e54) #5 0x55f3e249582f in FollowStreamDialog::close() /media/sf_wireshark.git/ui/qt/follow_stream_dialog.cpp:327 #6 0x55f3e236e534 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:155 ... SUMMARY: AddressSanitizer: SEGV ??:0 QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) ==9485==ABORTING Ignore the Close button if we know that we'll be closing the dialogue shortly. Change-Id: Ibf1684fd75937e6b24fcb9ea62ae6acb038260e6 Reviewed-on: https://code.wireshark.org/review/24777 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net> (cherry picked from commit 621498f) Reviewed-on: https://code.wireshark.org/review/24781 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Anders Broman <a.broman58@gmail.com>

The Follow Stream dialogue's button "Filter out this stream" filters out the stream's packets and then closes the Follow Stream dialogue. This may take a moment. If the user presses the Close button while the filtering is still running, the dialogue will be closed twice. This causes a crash which can be seen in ASAN builds. ==9485==ERROR: AddressSanitizer: SEGV on unknown address 0x60205e80001b (pc 0x7f923e672b8c sp 0x7fff73104600 bp 0x7fff73104600 T0) #0 0x7f923e672b8b in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9b8b) #1 0x7f924f46010b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x13f10b) #2 0x7f924f4655ff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1445ff) #3 0x7f923e672dca in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9dca) #4 0x7f924f49ae54 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x179e54) #5 0x55f3e249582f in FollowStreamDialog::close() /media/sf_wireshark.git/ui/qt/follow_stream_dialog.cpp:327 #6 0x55f3e236e534 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:155 ... SUMMARY: AddressSanitizer: SEGV ??:0 QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) ==9485==ABORTING Ignore the Close button if we know that we'll be closing the dialogue shortly. Change-Id: Ibf1684fd75937e6b24fcb9ea62ae6acb038260e6 Reviewed-on: https://code.wireshark.org/review/24777 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net> (cherry picked from commit 621498f) Reviewed-on: https://code.wireshark.org/review/24780 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Anders Broman <a.broman58@gmail.com>

…flags[]. Add missing NULL terminator to ieee1905_reporting_policy_flags[], in order to fix buffer overflow. ASAN report: ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000092a4af8 at pc 0x00000062afd2 bp 0x7ffce7e468d0 sp 0x7ffce7e468c8 READ of size 8 at 0x0000092a4af8 thread T0 #0 0x62afd1 in proto_item_add_bitmask_tree /src/wireshark/epan/proto.c:10406:9 #1 0x62953f in proto_tree_add_bitmask_with_flags /src/wireshark/epan/proto.c:10786:3 #2 0xfb8271 in dissect_metric_reporting_policy /src/wireshark/epan/dissectors/packet-ieee1905.c:2762:9 #3 0xfb2997 in dissect_ieee1905_tlv_data /src/wireshark/epan/dissectors/packet-ieee1905.c:4390:18 #4 0xfb23c8 in dissect_ieee1905 /src/wireshark/epan/dissectors/packet-ieee1905.c:4577:18 Found by oss-fuzz/5298. Change-Id: I35dbd6d29d0a3a5560286146fbed172c810e5b2d Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5298 Reviewed-on: https://code.wireshark.org/review/25520 Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl> Tested-by: Petri Dish Buildbot Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>

bf_arr is used as %s argument to proto_tree_add_subtree_format(), so it need to be NUL terminated. Add + 1 to bf_arr size, and use sizeof() in memset() calls. ASAN report: ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ff1b179f150 at pc 0x00000044cf31 bp 0x7ffdc7493cf0 sp 0x7ffdc74934a0 READ of size 258 at 0x7ff1b179f150 thread T0 SCARINESS: 41 (multi-byte-read-stack-buffer-overflow) #0 0x44cf30 in printf_common(void*, char const*, __va_list_tag*) /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_format.inc:548 #1 0x498cfc in __vsnprintf_chk /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1558 #2 0x5775cf in proto_tree_set_representation /src/wireshark/epan/proto.c:5508:9 #3 0x577eb1 in proto_tree_add_text_valist_internal /src/wireshark/epan/proto.c:1226:2 #4 0x5782d5 in proto_tree_add_subtree_format /src/wireshark/epan/proto.c:1249:7 #5 0x73c73f in fBitStringTagVS /src/wireshark/epan/dissectors/packet-bacapp.c:7490:15 #6 0x73ad20 in fApplicationTypesEnumeratedSplit /src/wireshark/epan/dissectors/packet-bacapp.c:7569:26 #7 0x73a484 in fApplicationTypes /src/wireshark/epan/dissectors/packet-bacapp.c:7635:12 #8 0x7395db in fIAmRequest /src/wireshark/epan/dissectors/packet-bacapp.c:13412:14 #9 0x7383e1 in dissect_bacapp /src/wireshark/epan/dissectors/packet-bacapp.c:14163:9 Found by oss-fuzz/5452. Change-Id: I57e948904f707c5003a389431b009a37c1212e04 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5452 Reviewed-on: https://code.wireshark.org/review/25544 Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl> Tested-by: Petri Dish Buildbot Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>

It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const. ASAN report: ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88 #1 0x225b038 in g_malloc #2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10 #3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10 #4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14 #5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18 (...) Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88 #1 0x225b038 in g_malloc #2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10 #3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10 #4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14 #5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18 (...) Found by oss-fuzz/5902. Change-Id: I6f8a4597411ee267773225e45043addb69928d66 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902 Reviewed-on: https://code.wireshark.org/review/25571 Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>

next_tvb_add_handle() allocates memory in packet scope. When dissecting another packet from dissect_h225_h225_RasMessage() handler [it don't call next_tvb_init()] next_tvb_add_handle() will write to freed pointer. Fix by calling next_tvb_init() after leaving scope in order to clear list->last pointer. ASAN report: ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000854f0 at pc 0x00000208574a bp 0x7ffca839cf00 sp 0x7ffca839cef8 WRITE of size 8 at 0x6070000854f0 thread T0 #0 0x2085749 in next_tvb_add_handle /src/wireshark/epan/next_tvb.c #1 0xef8728 in dissect_h225_ParallelH245Control_item /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:368:3 (...) #21 0x168f460 in dissect_per_sequence /src/wireshark/epan/dissectors/packet-per.c:1920:12 #22 0xef31d3 in dissect_h225_InfoRequestResponse /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:910:12 #23 0x168e7db in dissect_per_choice /src/wireshark/epan/dissectors/packet-per.c #24 0xeed6e3 in dissect_h225_RasMessage /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:298:12 #25 0xef97af in dissect_RasMessage_PDU /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:339:12 #26 0xeef872 in dissect_h225_h225_RasMessage /src/wireshark/epan/dissectors/./asn1/h225/packet-h225-template.c:385:12 0x6070000854f0 is located 0 bytes inside of 72-byte region [0x6070000854f0,0x607000085538) freed by thread T0 here: #0 0x4e2528 in __interceptor_cfree.localalias.0 /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:76 #1 0x21263a1 in wmem_simple_free_all /src/wireshark/epan/wmem/wmem_allocator_simple.c:107:9 #2 0x205aa4d in wmem_leave_packet_scope /src/wireshark/epan/wmem/wmem_scopes.c:81:5 (...) previously allocated by thread T0 here: #0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88 #1 0x225c588 in g_malloc (/out/fuzzshark_test+0x225c588) #2 0x20855e0 in next_tvb_add_handle /src/wireshark/epan/next_tvb.c:40:10 #3 0xef8728 in dissect_h225_ParallelH245Control_item /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:368:3 Found by oss-fuzz/5921 Change-Id: Iea006914a9e0c433d2073f6f4c7a2973d5a33a11 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5921 Reviewed-on: https://code.wireshark.org/review/25593 Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fixup the order of our "Running in build directory" filename components. This should fix the tshark: Lua: Error during loading: [string "/home/wireshark/builders/wireshark-2.6/ubuntu..."]:700: bad argument #1 to 'dofile' (dofile: file does not exist) errors that we're seeing on the Ubuntu 2.6 builder. Note that WSLUA_ARG_ERROR appears to truncate strings. Change-Id: Ie7e6ed7b9b11c5b06136033d20080c3a3c68b54d Reviewed-on: https://code.wireshark.org/review/27331 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>

To prevent potential interference with other users of the capture file, read data in a private buffer instead of reusing the one from capFile. An accidental (?) change in commit v2.9.0rc0-2001-g123bcb0362 resulted in "cf_read_record" reallocating the capture_file->buf buffer. That issue combined with the current behavior would result in a crash when ignoring a packet followed by two times opening a context menu: ==32187==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fda91642800 at pc 0x55a98f3faaa7 bp 0x7fffa2807860 sp 0x7fffa2807858 READ of size 1 at 0x7fda91642800 thread T0 #0 0x55a98f3faaa6 in QByteArray::operator[](int) const /usr/include/qt/QtCore/qbytearray.h:476:47 #1 0x55a9901006eb in ByteViewText::drawLine(QPainter*, int, int) ui/qt/widgets/byte_view_text.cpp:370:35 #2 0x55a9900fd109 in ByteViewText::paintEvent(QPaintEvent*) ui/qt/widgets/byte_view_text.cpp:217:9 ... #50 0x55a98e9fd32a in PacketList::contextMenuEvent(QContextMenuEvent*) ui/qt/packet_list.cpp:614:15 ... 0x7fda91642800 is located 0 bytes inside of 3038371-byte region [0x7fda91642800,0x7fda919284a3) freed by thread T0 here: #0 0x55a98e65fd99 in __interceptor_realloc (run/wireshark+0x1019d99) #1 0x7fdac6e1bb88 in g_realloc /build/src/glib/glib/gmem.c:164 #2 0x7fdaac12c908 in wtap_read_packet_bytes wiretap/wtap.c:1368:2 #3 0x7fdaabf01e5a in libpcap_read_packet wiretap/libpcap.c:789:7 #4 0x7fdaabef887d in libpcap_seek_read wiretap/libpcap.c:690:7 #5 0x7fdaac12d5f5 in wtap_seek_read wiretap/wtap.c:1431:7 #6 0x55a98e6c8611 in cf_read_record_r file.c:1566:8 #7 0x55a98e6c88c5 in cf_read_record file.c:1576:10 #8 0x55a98ea0b725 in PacketList::getFilterFromRowAndColumn() ui/qt/packet_list.cpp:1041:14 #9 0x55a98e94e4a1 in MainWindow::setMenusForSelectedPacket() ui/qt/main_window_slots.cpp:1175:39 previously allocated by thread T0 here: #0 0x55a98e65fd99 in __interceptor_realloc (run/wireshark+0x1019d99) #1 0x7fdac6e1bb88 in g_realloc /build/src/glib/glib/gmem.c:164 #2 0x7fdaac12c908 in wtap_read_packet_bytes wiretap/wtap.c:1368:2 #3 0x7fdaabf01e5a in libpcap_read_packet wiretap/libpcap.c:789:7 #4 0x7fdaabef887d in libpcap_seek_read wiretap/libpcap.c:690:7 #5 0x7fdaac12d5f5 in wtap_seek_read wiretap/wtap.c:1431:7 #6 0x55a98e6c8611 in cf_read_record_r file.c:1566:8 #7 0x55a98e6c88c5 in cf_read_record file.c:1576:10 #8 0x55a98e6e0bde in cf_select_packet file.c:3777:8 #9 0x55a98e9ea2ff in PacketList::selectionChanged(QItemSelection const&, QItemSelection const&) ui/qt/packet_list.cpp:420:9 This should be fixed now by I4f1264a406a28c79491dcd77c552193bf3cdf62d, but let's avoid the shared buffer. It's not exactly a hot code path anyway. Change-Id: I548d7293a822601f4eb882672477540f066a066b Reviewed-on: https://code.wireshark.org/review/29921 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>

new file: .gitignore modified: ts/bin/release modified: ts/build/boot-images/templates/syslinux/installer/menu/common.inc modified: ts/build/build modified: ts/build/conf/devstation/build.conf.example modified: ts/build/conf/installer/build.conf.example modified: ts/build/packages/geany/build/extra/etc/skel/.config/geany/geany.conf modified: ts/build/packages/geany/build/install modified: ts/build/packages/git/build/extra/bin/proxy-setup modified: ts/build/packages/installer/bin/install.sh modified: ts/build/packages/installer/install/syslinux.tpl modified: ts/ports/chroot/libmicrohttpd/.footprint modified: ts/ports/chroot/libmicrohttpd/.md5sum modified: ts/ports/chroot/libmicrohttpd/Pkgfile new file: ts/ports/chroot/libmicrohttpd/libmicrohttpd#0.9.39-1.pkg.tar.gz deleted: ts/ports/chroot/libmicrohttpd/libmicrohttpd#0.9.9-1.pkg.tar.gz new file: ts/ports/components/cryptodev-linux/.footprint new file: ts/ports/components/cryptodev-linux/.md5sum new file: ts/ports/components/cryptodev-linux/Pkgfile new file: ts/ports/components/cryptodev-linux/cryptodev-linux#1.7-3.14.32.pkg.tar.gz modified: ts/ports/components/cryptsetup/cryptsetup#1.5.0-1.pkg.tar.gz modified: ts/ports/components/TigerVNC/tigervnc#1.1.0-1.pkg.tar.gz modified: ts/ports/components/wireshark/.footprint modified: ts/ports/components/wireshark/.md5sum modified: ts/ports/components/wireshark/Pkgfile renamed: ts/ports/components/wireshark/wireshark#1.8.4-1.pkg.tar.gz -> ts/ports/components/wireshark/wireshark#1.12.3-1.pkg.tar.gz modified: ts/ports/extensions/geany-plugins/Pkgfile modified: ts/ports/extensions/geany-plugins/geany-plugins#git-1.pkg.tar.gz modified: ts/ports/extensions/gpgme/gpgme#1.3.2-1.pkg.tar.gz modified: ts/ports/extensions/libimobiledevice/libimobiledevice#1.0.7-1.pkg.tar.gz modified: ts/ports/extensions/rasqal/rasqal#0.9.30-1.pkg.tar.gz modified: ts/ports/gnome/evince/evince#2.32.0-1.pkg.tar.gz modified: ts/ports/gnome/glib-networking/glib-networking#2.32.3-1.pkg.tar.gz modified: ts/ports/gnome/gnome-disk-utility/gnome-disk-utility#2.30.1-1.pkg.tar.gz modified: ts/ports/gnome/gnome-keyring/gnome-keyring#2.31.4-1.pkg.tar.gz modified: ts/ports/gnome/gnome-python/gnome-python#2.28.1-1.pkg.tar.gz modified: ts/ports/gnome/gvfs/gvfs#1.12.3-1.pkg.tar.gz modified: ts/ports/gnome/libgnome-keyring/libgnome-keyring#2.31.92-1.pkg.tar.gz modified: ts/ports/gnome/libgnomeui/libgnomeui#2.24.5-1.pkg.tar.gz modified: ts/ports/gnome/libsecret/libsecret#0.11-1.pkg.tar.gz modified: ts/ports/gnome/libsoup/libsoup#2.38.1-1.pkg.tar.gz modified: ts/ports/gnome/networkmanager-applet/networkmanager-applet#0.9.6.4-1.pkg.tar.gz modified: ts/ports/gnome/totem-pl-parser/totem-pl-parser#2.32.6-1.pkg.tar.gz modified: ts/ports/gnome/totem/totem.github.io#2.32.0-1.pkg.tar.gz modified: ts/ports/kernel-modules/VERSION modified: ts/ports/kernel-modules/aufs/.footprint modified: ts/ports/kernel-modules/aufs/.md5sum modified: ts/ports/kernel-modules/aufs/aufs#3.14.21+-1.pkg.tar.gz modified: ts/ports/kernel-modules/bbswitch/.footprint modified: ts/ports/kernel-modules/bbswitch/bbswitch#0.8-1.pkg.tar.gz modified: ts/ports/kernel-modules/kernel-TS/.footprint modified: ts/ports/kernel-modules/kernel-TS/.md5sum modified: ts/ports/kernel-modules/kernel-TS/Pkgfile modified: ts/ports/kernel-modules/kernel-TS/kernel-TS#1-1.pkg.tar.gz modified: ts/ports/kernel-modules/kernel-TS/ts.config modified: ts/ports/kernel-modules/kernel-TS_64/.footprint modified: ts/ports/kernel-modules/kernel-TS_64/.md5sum modified: ts/ports/kernel-modules/kernel-TS_64/kernel-TS_64#1-1.pkg.tar.gz modified: ts/ports/kernel-modules/kernel-TS_64/ts.config modified: ts/ports/kernel-modules/kernel-TS_SMP/.footprint modified: ts/ports/kernel-modules/kernel-TS_SMP/.md5sum modified: ts/ports/kernel-modules/kernel-TS_SMP/kernel-TS_SMP#1-1.pkg.tar.gz modified: ts/ports/kernel-modules/kernel-TS_SMP/ts.config modified: ts/ports/kernel-modules/open-vm-tools/.footprint modified: ts/ports/kernel-modules/open-vm-tools/open-vm-tools#9.4.6-1770165-1.pkg.tar.gz modified: ts/ports/kernel-modules/usb-redirector/.footprint modified: ts/ports/kernel-modules/usb-redirector/usb-redirector#3.1-1.pkg.tar.gz modified: ts/ports/proprietary/broadcom-sta/.footprint modified: ts/ports/proprietary/broadcom-sta_64/.footprint modified: ts/ports/xfce/xfwm4-themes/xfwm4-themes#4.10.0-1.pkg.tar.gz modified: usr/ports/opt/git/git#1.9.1-1.pkg.tar.gz new file: usr/ports/opt/gnupg/.footprint new file: usr/ports/opt/gnupg/.md5sum new file: usr/ports/opt/gnupg/Pkgfile new file: usr/ports/opt/gnupg/README new file: usr/ports/opt/gnupg/gnupg#2.0.26-1.pkg.tar.gz modified: usr/ports/opt/gnutls/Pkgfile modified: usr/ports/opt/gnutls/gnutls#2.12.21-1.pkg.tar.gz modified: usr/ports/opt/libassuan/libassuan#2.1.3-1.pkg.tar.gz modified: usr/ports/opt/libgcrypt/libgcrypt#1.5.0-1.pkg.tar.gz modified: usr/ports/opt/libgpg-error/.footprint modified: usr/ports/opt/libgpg-error/.md5sum modified: usr/ports/opt/libgpg-error/Pkgfile deleted: usr/ports/opt/libgpg-error/libgpg-error#1.10-1.pkg.tar.gz new file: usr/ports/opt/libgpg-error/libgpg-error#1.17-3.pkg.tar.gz new file: usr/ports/opt/libksba/.footprint new file: usr/ports/opt/libksba/.md5sum new file: usr/ports/opt/libksba/Pkgfile new file: usr/ports/opt/libksba/libksba#1.3.2-1.pkg.tar.gz new file: usr/ports/opt/libpth/.footprint new file: usr/ports/opt/libpth/.md5sum new file: usr/ports/opt/libpth/Pkgfile new file: usr/ports/opt/libpth/libpth#2.0.7-1.pkg.tar.gz modified: usr/ports/opt/libxslt/libxslt#1.1.26-1.pkg.tar.gz

feat: add tt extension dissector

Caught by ASAN: Direct leak of 88 byte(s) in 1 object(s) allocated from: #0 0x564bccf83549 in malloc (run/tshark+0x1b0549) #1 0x7f8dd1d488d1 in g_malloc glib/glib/gmem.c:99:13 #2 0x7f8dd1d29094 in g_slice_alloc glib/glib/gslice.c:1024:11 #3 0x7f8dd1d64cde in g_hash_table_new_full glib/glib/ghash.c:717:16 #4 0x7f8dde889de6 in smb2_get_session epan/dissectors/packet-smb2.c:1135:15 #5 0x7f8dde89258e in dissect_smb2_session_setup_response epan/dissectors/packet-smb2.c:3356:16 #6 0x7f8dde8867cd in dissect_smb2_command epan/dissectors/packet-smb2.c:9189:12 #7 0x7f8dde87fb6e in dissect_smb2 epan/dissectors/packet-smb2.c:9543:27 Change-Id: I33586e8d27263a8e546efb2ee3a3054eb9a66893 Reviewed-on: https://code.wireshark.org/review/31702 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>

This caused a NULL pointer dereference on ASAN builds with malformed packets. AddressSanitizer:DEADLYSIGNAL ================================================================= ==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0) ==15485==The signal is caused by a WRITE memory access. ==15485==Hint: address points to the zero page. #0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf #1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17 Bug: 15464 Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94 Reviewed-on: https://code.wireshark.org/review/31840 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>

This caused a NULL pointer dereference on ASAN builds with malformed packets. AddressSanitizer:DEADLYSIGNAL ================================================================= ==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0) ==15485==The signal is caused by a WRITE memory access. ==15485==Hint: address points to the zero page. #0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf #1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17 Bug: 15464 Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94 Reviewed-on: https://code.wireshark.org/review/31840 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com> (cherry picked from commit 34873a2) Reviewed-on: https://code.wireshark.org/review/31841 Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Dario Lombardo <lomato@gmail.com>

This caused a NULL pointer dereference on ASAN builds with malformed packets. AddressSanitizer:DEADLYSIGNAL ================================================================= ==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0) ==15485==The signal is caused by a WRITE memory access. ==15485==Hint: address points to the zero page. #0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf #1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17 Bug: 15464 Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94 Reviewed-on: https://code.wireshark.org/review/31840 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com> (cherry picked from commit 34873a2) Reviewed-on: https://code.wireshark.org/review/31842 Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Dario Lombardo <lomato@gmail.com>

In the IEEE 802.11 dissector the conversations concept is (re)used for tracking associations. The conversations are then used to keep data that's unique for a certain association, like negotiated AKMS. Though currently associations are unique per (re)association whereas conversations are unique based only on src/dest address. This is problematic for captures with multiple associations with same STA/BSSI pair. For example: Assoc req frame (assoc #1, conversation #1) Reassoc frame (assoc #2, conversation #1) Assoc req frame (assoc #3, conversation #1) To make a one to one mapping between conversations and associations store an association counter with each frame and use it with the pinfo srcport/destport fields to build a conversation key: (src, dest, association_counter). Bug: 15616 Change-Id: Ie020bdffbcdab4739ee07f73025ef1157c1fc329 Reviewed-on: https://code.wireshark.org/review/32737 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Add the newly create ProtoField to the test_proto.fields in order to be freed. ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x55e041f5ef86 in realloc (/home/vasko/sources/wireshark/build_clang/run/tshark+0x222f86) #1 0x7fd8e0919e7d in g_realloc gmem.c:164:16 #2 0x7fd8e08e457b in g_array_maybe_expand garray.c:820:21 #3 0x7fd8e08e4b49 in g_array_append_vals garray.c:428:3 #4 0x7fd8ef112b6e in value_string_from_table /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:294:9 #5 0x7fd8ef10ee10 in ProtoField_new /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:646:24 Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x55e041f5ef86 in realloc (/home/vasko/sources/wireshark/build_clang/run/tshark+0x222f86) #1 0x7fd8e0919e7d in g_realloc gmem.c:164:16 #2 0x7fd8e08e457b in g_array_maybe_expand garray.c:820:21 #3 0x7fd8e08e4b49 in g_array_append_vals garray.c:428:3 #4 0x7fd8ef111e2e in range_string_from_table /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:226:17 #5 0x7fd8ef10e43f in ProtoField_new /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:642:24 Fixes: v3.1.1rc0-497-g0371994223 ("wslua: Improve parameter check in ProtoField.new()") Change-Id: I05b8bf3d78c8a540c6cf33d11dc3f3e01f83b8c5 Reviewed-on: https://code.wireshark.org/review/34834 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>

The path returned by get_persconffile_path needs to be freed. Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x5653e6c98e06 in realloc (/home/vasko/sources/wireshark/build_clang/run/wireshark+0x2486e06) #1 0x7f5b697f2e7d in g_realloc gmem.c:164:16 #2 0x7f5b69810016 in g_string_maybe_expand gstring.c:102:21 #3 0x7f5b69810369 gstring.c:476:7 #4 0x7f5b69810369 in g_string_insert_len gstring.c:424:1 #5 0x7f5b697d808d in g_build_path_va gfileutils.c:1766:7 #6 0x7f5b697d9518 in g_build_filename_va gfileutils.c:1987:9 #7 0x7f5b697d9518 in g_build_filename gfileutils.c:2069:9 #8 0x7f5b69bd0c28 in get_persconffile_path /home/vasko/sources/wireshark/wsutil/filesystem.c:1856:12 #9 0x5653e8825f82 in extcap_get_extcap_paths /home/vasko/sources/wireshark/extcap.c:258:53 #10 0x5653e8825f82 in extcap_run_all /home/vasko/sources/wireshark/extcap.c:449 #11 0x5653e8825f82 in extcap_load_interface_list /home/vasko/sources/wireshark/extcap.c:2024 #12 0x5653e7775356 in main /home/vasko/sources/wireshark/ui/qt/main.cpp:726:5 Change-Id: I275d0ad6f06fbf3222c2d4ebef7f3079073404a0 Reviewed-on: https://code.wireshark.org/review/34994 Petri-Dish: Roland Knall <rknall@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Roland Knall <rknall@gmail.com>

Add support for explicit curve parameters according to RFC 3279. This allows an exploitation attempt of CVE-2020-0601 to be detected through the pkcs1.specifiedCurve_element filter name. Be aware though that the certificate is encrypted in TLS 1.3, so a negative match does not imply that no exploitation has happened. While these definitions are technically not part of PKCS #1, the PKIXAlgs module is part of the pkcs1 dissector for historical reasons. It probably makes sense splitting it into a separate pkixalgs dissector, but that would result in field name changes. Defer that for now. Bug: 16340 Change-Id: Ia9d47a8337d6246f52983460580310b12e5709cf Reviewed-on: https://code.wireshark.org/review/35986 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

repo-lockdown · 2020-04-07T07:22:11Z

Hi, thank you for your contribution!

GitHub is however not the right place for these, please have a look at
https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcContribute.html
for further instructions.

Corrected a typo.

f325b14

geraldcombs closed this Apr 3, 2015

chenwhql added a commit to chenwhql/wireshark that referenced this pull request Jan 14, 2019

Merge pull request wireshark#1 from chenwhql/wireshark-2.6.5-tt-ext

e39ada8

feat: add tt extension dissector

repo-lockdown bot locked and limited conversation to collaborators Apr 7, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Corrected a typo. #1

Corrected a typo. #1

makcakaya commented Apr 3, 2015

geraldcombs commented Apr 3, 2015

makcakaya commented Apr 5, 2015

repo-lockdown bot commented Apr 7, 2020

Corrected a typo. #1

Corrected a typo. #1

Conversation

makcakaya commented Apr 3, 2015

geraldcombs commented Apr 3, 2015

makcakaya commented Apr 5, 2015

repo-lockdown bot commented Apr 7, 2020