From 5dc8c6d5fb547020aa489b427b1fa2970879c60e Mon Sep 17 00:00:00 2001 From: Martin Mathieson Date: Sat, 27 Jan 2024 18:13:44 +0000 Subject: [PATCH 1/5] Check valid display value set for ipv4 fields --- epan/dissectors/packet-pathport.c | 2 +- epan/dissectors/packet-zbee-zcl-hvac.c | 46 +++++++++++++------------- tools/check_typed_item_calls.py | 9 ++++- 3 files changed, 32 insertions(+), 25 deletions(-) diff --git a/epan/dissectors/packet-pathport.c b/epan/dissectors/packet-pathport.c index 3d66bce13e..faddb9f622 100644 --- a/epan/dissectors/packet-pathport.c +++ b/epan/dissectors/packet-pathport.c @@ -660,7 +660,7 @@ proto_register_pathport(void) {&hf_pp_arp_class, {"Device Class", "pathport.arp.class", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, {&hf_pp_arp_type, {"Device Type", "pathport.arp.type", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, {&hf_pp_arp_numdmx, {"Subcomponents", "pathport.arp.numdmx", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - {&hf_pp_arp_ip, {"IP", "pathport.arp.ip", FT_IPv4, 0, NULL, 0x0, NULL, HFILL }} + {&hf_pp_arp_ip, {"IP", "pathport.arp.ip", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }} }; /* Setup protocol subtree array */ diff --git a/epan/dissectors/packet-zbee-zcl-hvac.c b/epan/dissectors/packet-zbee-zcl-hvac.c index 9ec439626a..7e47503b42 100644 --- a/epan/dissectors/packet-zbee-zcl-hvac.c +++ b/epan/dissectors/packet-zbee-zcl-hvac.c @@ -349,39 +349,39 @@ proto_register_zbee_zcl_pump_config_control(void) 0x00, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_device_fault, - { "Device Fault", "zbee_zcl_hvac.pump_config_control.attr.status.device_fault", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Device Fault", "zbee_zcl_hvac.pump_config_control.attr.status.device_fault", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_DEVICE_FAULT, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_supply_fault, - { "Supply Fault", "zbee_zcl_hvac.pump_config_control.attr.status.supply_fault", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Supply Fault", "zbee_zcl_hvac.pump_config_control.attr.status.supply_fault", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_SUPPLY_FAULT, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_speed_low, - { "Speed Low", "zbee_zcl_hvac.pump_config_control.attr.status.speed_low", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Speed Low", "zbee_zcl_hvac.pump_config_control.attr.status.speed_low", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_SPEED_LOW, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_speed_high, - { "Speed High", "zbee_zcl_hvac.pump_config_control.attr.status.speed_high", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Speed High", "zbee_zcl_hvac.pump_config_control.attr.status.speed_high", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_SPEED_HIGH, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_local_override, - { "Local Override", "zbee_zcl_hvac.pump_config_control.attr.status.local_override", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Local Override", "zbee_zcl_hvac.pump_config_control.attr.status.local_override", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_LOCAL_OVERRIDE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_running, - { "Running", "zbee_zcl_hvac.pump_config_control.attr.status.running", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Running", "zbee_zcl_hvac.pump_config_control.attr.status.running", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_RUNNING, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_rem_pressure, - { "Remote Pressure", "zbee_zcl_hvac.pump_config_control.attr.status.rem_pressure", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Remote Pressure", "zbee_zcl_hvac.pump_config_control.attr.status.rem_pressure", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_REMOTE_PRESSURE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_rem_flow, - { "Remote Flow", "zbee_zcl_hvac.pump_config_control.attr.status.rem_flow", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Remote Flow", "zbee_zcl_hvac.pump_config_control.attr.status.rem_flow", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_REMOTE_FLOW, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_status_rem_temp, - { "Remote Temperature", "zbee_zcl_hvac.pump_config_control.attr.status.rem_temp", FT_BOOLEAN, 8, TFS(&tfs_no_yes), + { "Remote Temperature", "zbee_zcl_hvac.pump_config_control.attr.status.rem_temp", FT_BOOLEAN, 16, TFS(&tfs_no_yes), ZBEE_ZCL_PUMP_CONFIG_CONTROL_STATUS_REMOTE_TEMP, NULL, HFILL } }, /* end Pump Status fields */ @@ -391,59 +391,59 @@ proto_register_zbee_zcl_pump_config_control(void) 0x00, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_volt_too_low, - { "Supply voltage too low", "zbee_zcl_hvac.pump_config_control.attr.alarm.volt_too_low", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Supply voltage too low", "zbee_zcl_hvac.pump_config_control.attr.alarm.volt_too_low", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_VOLTAGE_TOO_LOW, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_volt_too_high, - { "Supply voltage too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.volt_too_high", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Supply voltage too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.volt_too_high", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_VOLTAGE_TOO_HIGH, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_pwr_missing_phase, - { "Power missing phase", "zbee_zcl_hvac.pump_config_control.attr.alarm.pwr_missing_phase", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Power missing phase", "zbee_zcl_hvac.pump_config_control.attr.alarm.pwr_missing_phase", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_PWR_MISSING_PHASE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_press_too_low, - { "System pressure too low", "zbee_zcl_hvac.pump_config_control.attr.alarm.press_too_low", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "System pressure too low", "zbee_zcl_hvac.pump_config_control.attr.alarm.press_too_low", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_PRESSURE_TOO_LOW, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_press_too_high, - { "System pressure too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.press_too_high", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "System pressure too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.press_too_high", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_PRESSURE_TOO_HIGH, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_dry_running, - { "Dry running", "zbee_zcl_hvac.pump_config_control.attr.alarm.dry_running", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Dry running", "zbee_zcl_hvac.pump_config_control.attr.alarm.dry_running", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_DRY_RUNNING, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_mtr_temp_too_high, - { "Motor temperature too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.mtr_temp_too_high", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Motor temperature too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.mtr_temp_too_high", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_MTR_TEMP_TOO_HIGH, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_pump_mtr_fatal_fail, - { "Pump motor has fatal failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.mtr_fatal_fail", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Pump motor has fatal failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.mtr_fatal_fail", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_PUMP_MTR_FATAL_FAILURE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_elec_temp_too_high, - { "Electronic temperature too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.elec_temp_too_high", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Electronic temperature too high", "zbee_zcl_hvac.pump_config_control.attr.alarm.elec_temp_too_high", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_ELEC_TEMP_TOO_HIGH, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_pump_block, - { "Pump blocked", "zbee_zcl_hvac.pump_config_control.attr.alarm.pump_block", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Pump blocked", "zbee_zcl_hvac.pump_config_control.attr.alarm.pump_block", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_PUMP_BLOCK, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_sensor_fail, - { "Sensor failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.sensor_fail", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Sensor failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.sensor_fail", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_SENSOR_FAILURE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_elec_non_fatal_fail, - { "Electronic non-fatal failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.elec_non_fatal_fail", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Electronic non-fatal failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.elec_non_fatal_fail", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_ELEC_NON_FATAL_FAILURE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_fatal_fail, - { "Electronic fatal failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.elec_fatal_fail", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "Electronic fatal failure", "zbee_zcl_hvac.pump_config_control.attr.alarm.elec_fatal_fail", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_ELEC_FATAL_FAILURE, NULL, HFILL } }, { &hf_zbee_zcl_pump_config_control_alarm_gen_fault, - { "General fault", "zbee_zcl_hvac.pump_config_control.attr.alarm.gen_fault", FT_BOOLEAN, 8, TFS(&tfs_disabled_enabled), + { "General fault", "zbee_zcl_hvac.pump_config_control.attr.alarm.gen_fault", FT_BOOLEAN, 16, TFS(&tfs_disabled_enabled), ZBEE_ZCL_PUMP_CONFIG_CONTROL_ALARM_GENERAL_FAULT, NULL, HFILL } } /* end Alarm Mask fields */ }; diff --git a/tools/check_typed_item_calls.py b/tools/check_typed_item_calls.py index 992ce93274..d6bf21e8c3 100755 --- a/tools/check_typed_item_calls.py +++ b/tools/check_typed_item_calls.py @@ -1274,6 +1274,13 @@ def check_string_display(self): + def check_ipv4_display(self): + global errors_found + if self.item_type == 'FT_IPv4' and self.display not in { 'BASE_NETMASK', 'BASE_NONE' }: + print('Error:', self.filename, self.hf, 'type is FT_IPv4, should be BASE_NETMASK or BASE_NONE, is instead', self.display) + errors_found += 1 + + class CombinedCallsCheck: def __init__(self, file, apiChecks): self.file = file @@ -1694,7 +1701,7 @@ def checkFile(filename, check_mask=False, mask_exact_width=False, check_label=Fa for hf in items_defined: items_defined[hf].check_boolean_length() items_defined[hf].check_string_display() - + items_defined[hf].check_ipv4_display() From c77448d793b6301e100549097616dee3800393cd Mon Sep 17 00:00:00 2001 From: John Thacker Date: Sat, 27 Jan 2024 13:32:03 -0500 Subject: [PATCH 2/5] GTP, GTPv2: stat taps can't be wmem_file_scope Stat tap windows can be opened by the GUI (e.g., a ServiceResponseTimeDialog) when no file is open, and persist past a file being closed, i.e. outside of wmem_file_scope(). Items concerning the taps should not be created in wmem_file_scope(). This fails an assert, which crashes when built for a Debug target. To use wmem, we would need to create a scope appropriate for the lifetime of the ServiceReponseTimeDialog or other Tap dialog (or else add a callback mechanism to srt table to free items created in epan scope.) Partially revert 47b310da470c6dc527a63f2ee2b4bbafafd5e290 (the part where the stat taps are concerned.) Related to #19620 --- epan/dissectors/packet-gtp.c | 13 ++++++++----- epan/dissectors/packet-gtpv2.c | 13 ++++++++----- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/epan/dissectors/packet-gtp.c b/epan/dissectors/packet-gtp.c index 5bf29d86e0..1667bd59d7 100644 --- a/epan/dissectors/packet-gtp.c +++ b/epan/dissectors/packet-gtp.c @@ -2426,12 +2426,15 @@ static const value_string gtp_ext_hdr_pdu_ses_cont_pdu_type_vals[] = { #define MM_PROTO_SESSION_MGMT 0x0A #define MM_PROTO_NON_CALL_RELATED 0x0B -static wmem_map_t *gtpstat_msg_idx_hash = NULL; +static GHashTable *gtpstat_msg_idx_hash = NULL; static void gtpstat_init(struct register_srt* srt _U_, GArray* srt_array) { - gtpstat_msg_idx_hash = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal); + if (gtpstat_msg_idx_hash != NULL) { + g_hash_table_destroy(gtpstat_msg_idx_hash); + } + gtpstat_msg_idx_hash = g_hash_table_new(g_direct_hash, g_direct_equal); init_srt_table("GTP Requests", NULL, srt_array, 0, NULL, NULL, NULL); } @@ -2461,12 +2464,12 @@ gtpstat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const voi gtp_srt_table = g_array_index(data->srt_array, srt_stat_table*, i); - idx = GPOINTER_TO_UINT(wmem_map_lookup(gtpstat_msg_idx_hash, GUINT_TO_POINTER(gtp->msgtype))); + idx = GPOINTER_TO_UINT(g_hash_table_lookup(gtpstat_msg_idx_hash, GUINT_TO_POINTER(gtp->msgtype))); /* Store the value incremented by 1 to avoid confusing index 0 with NULL */ if (idx == 0) { - idx = wmem_map_size(gtpstat_msg_idx_hash); - wmem_map_insert(gtpstat_msg_idx_hash, GUINT_TO_POINTER(gtp->msgtype), GUINT_TO_POINTER(idx + 1)); + idx = g_hash_table_size(gtpstat_msg_idx_hash); + g_hash_table_insert(gtpstat_msg_idx_hash, GUINT_TO_POINTER(gtp->msgtype), GUINT_TO_POINTER(idx + 1)); init_srt_table_row(gtp_srt_table, idx, val_to_str_ext_const(gtp->msgtype, >p_message_type_ext, "Unknown")); } else { idx -= 1; diff --git a/epan/dissectors/packet-gtpv2.c b/epan/dissectors/packet-gtpv2.c index aa35cf7ce4..ee942458e8 100644 --- a/epan/dissectors/packet-gtpv2.c +++ b/epan/dissectors/packet-gtpv2.c @@ -1568,12 +1568,15 @@ gtpv2_sn_equal_unmatched(gconstpointer k1, gconstpointer k2) return key1->seq_nr == key2->seq_nr; } -static wmem_map_t *gtpv2_stat_msg_idx_hash = NULL; +static GHashTable *gtpv2_stat_msg_idx_hash = NULL; static void gtpv2_stat_init(struct register_srt* srt _U_, GArray*srt_array) { - gtpv2_stat_msg_idx_hash = wmem_map_new(wmem_file_scope(), g_direct_hash, g_direct_equal); + if (gtpv2_stat_msg_idx_hash != NULL) { + g_hash_table_destroy(gtpv2_stat_msg_idx_hash); + } + gtpv2_stat_msg_idx_hash = g_hash_table_new(g_direct_hash, g_direct_equal); init_srt_table("GTPv2 Requests", NULL, srt_array, 0, NULL, NULL, NULL); } @@ -1603,12 +1606,12 @@ gtpv2_stat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const * (requests and responses have different message types, and we * only use the request value.) */ - idx = GPOINTER_TO_UINT(wmem_map_lookup(gtpv2_stat_msg_idx_hash, GUINT_TO_POINTER(gcrp->msgtype))); + idx = GPOINTER_TO_UINT(g_hash_table_lookup(gtpv2_stat_msg_idx_hash, GUINT_TO_POINTER(gcrp->msgtype))); /* Store the row value incremented by 1 to distinguish 0 from NULL */ if (idx == 0) { - idx = wmem_map_size(gtpv2_stat_msg_idx_hash); - wmem_map_insert(gtpv2_stat_msg_idx_hash, GUINT_TO_POINTER(gcrp->msgtype), GUINT_TO_POINTER(idx + 1)); + idx = g_hash_table_size(gtpv2_stat_msg_idx_hash); + g_hash_table_insert(gtpv2_stat_msg_idx_hash, GUINT_TO_POINTER(gcrp->msgtype), GUINT_TO_POINTER(idx + 1)); init_srt_table_row(gtpv2_srt_table, idx, val_to_str_ext_const(gcrp->msgtype, >pv2_message_type_vals_ext, "Unknown")); } else { idx -= 1; From 859e70fbb3141012cdba07a99bb3098ebb3b75f0 Mon Sep 17 00:00:00 2001 From: John Thacker Date: Sat, 27 Jan 2024 19:13:52 -0500 Subject: [PATCH 3/5] WOW: Fix use of unitialized memory tvb_get_raw_bytes_as_string doesn't check lengths, because it's used elsewhere when the length is unknown. If we use tvb_get_string_enc, that checks the offsets and throws an exception as appropriate, but then we have to use g_utf8_strreverse due to the possibility of UTF-8 REPLACEMENT CHARACTERs. To handle embedded nulls properly, we need to be using counted strings (like wmem_strbuf_t) in more places. Fix #19621 --- epan/dissectors/packet-wow.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/epan/dissectors/packet-wow.c b/epan/dissectors/packet-wow.c index 7ae29243c3..26e0e09c85 100644 --- a/epan/dissectors/packet-wow.c +++ b/epan/dissectors/packet-wow.c @@ -460,7 +460,6 @@ parse_logon_reconnect_challenge_server_to_client(tvbuff_t *tvb, proto_tree *wow_ static void parse_logon_challenge_client_to_server(packet_info *pinfo, tvbuff_t *tvb, proto_tree *wow_tree, guint32 offset) { guint8 srp_i_len; - char buffer[5]; gchar *string; proto_tree_add_item(wow_tree, hf_wow_protocol_version, tvb, @@ -471,10 +470,16 @@ parse_logon_challenge_client_to_server(packet_info *pinfo, tvbuff_t *tvb, proto_ tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; - tvb_get_raw_bytes_as_string(tvb, offset, buffer, 5); - string = get_ascii_string(pinfo->pool, g_strreverse(buffer), 4); + string = tvb_get_string_enc(pinfo->pool, tvb, offset, 4, ENC_ASCII); + /* g_utf8_strreverse handles the REPLACMENT CHARACTERs. + * It would handle embedded NULs correctly if we passed in the + * byte length after conversion, but we need to change the API + * to use counted strings in more places. + */ + string = g_utf8_strreverse(string, -1); proto_tree_add_string(wow_tree, hf_wow_gamename, tvb, offset, 4, string); + g_free(string); offset += 4; @@ -498,22 +503,25 @@ parse_logon_challenge_client_to_server(packet_info *pinfo, tvbuff_t *tvb, proto_ offset, 2, ENC_LITTLE_ENDIAN); offset += 2; - tvb_get_raw_bytes_as_string(tvb, offset, buffer, 5); - string = get_ascii_string(pinfo->pool, g_strreverse(buffer), 4); + string = tvb_get_string_enc(pinfo->pool, tvb, offset, 4, ENC_ASCII); + string = g_utf8_strreverse(string, -1); proto_tree_add_string(wow_tree, hf_wow_platform, tvb, offset, 4, string); + g_free(string); offset += 4; - tvb_get_raw_bytes_as_string(tvb, offset, buffer, 5); - string = get_ascii_string(pinfo->pool, g_strreverse(buffer), 4); + string = tvb_get_string_enc(pinfo->pool, tvb, offset, 4, ENC_ASCII); + string = g_utf8_strreverse(string, -1); proto_tree_add_string(wow_tree, hf_wow_os, tvb, offset, 4, string); + g_free(string); offset += 4; - tvb_get_raw_bytes_as_string(tvb, offset, buffer, 5); - string = get_ascii_string(pinfo->pool, g_strreverse(buffer), 4); + string = tvb_get_string_enc(pinfo->pool, tvb, offset, 4, ENC_ASCII); + string = g_utf8_strreverse(string, -1); proto_tree_add_string(wow_tree, hf_wow_country, tvb, offset, 4, string); + g_free(string); offset += 4; proto_tree_add_item(wow_tree, From 2d22fa26ba6af45175769c32794933b1d15a4e6c Mon Sep 17 00:00:00 2001 From: John Thacker Date: Sat, 27 Jan 2024 19:57:07 -0500 Subject: [PATCH 4/5] XMPP: Fix some leaks on malformed data --- epan/dissectors/packet-xmpp-utils.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/epan/dissectors/packet-xmpp-utils.c b/epan/dissectors/packet-xmpp-utils.c index 1f095a76ec..8b3f3c37e2 100644 --- a/epan/dissectors/packet-xmpp-utils.c +++ b/epan/dissectors/packet-xmpp-utils.c @@ -253,6 +253,13 @@ xmpp_unknown(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t } } +static void +cleanup_glist_cb(void *user_data) { + GList *li = (GList*)user_data; + + g_list_free(li); +} + static void xmpp_unknown_attrs(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo _U_, xmpp_element_t *element, gboolean displ_short_list) { @@ -263,6 +270,9 @@ xmpp_unknown_attrs(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo _U_, xmpp GList *keys_head = keys, *values_head = values; + CLEANUP_PUSH_PFX(k, cleanup_glist_cb, keys_head); + CLEANUP_PUSH_PFX(v, cleanup_glist_cb, values_head); + gboolean short_list_started = FALSE; while(keys && values) @@ -305,8 +315,8 @@ xmpp_unknown_attrs(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo _U_, xmpp if(short_list_started && displ_short_list) proto_item_append_text(item, "]"); - g_list_free(keys_head); - g_list_free(values_head); + CLEANUP_CALL_AND_POP_PFX(v); + CLEANUP_CALL_AND_POP_PFX(k); } void From 57bfe3d4a37a3f0ade9fdb29f83a3cbf4a173741 Mon Sep 17 00:00:00 2001 From: John Thacker Date: Sun, 28 Jan 2024 12:09:44 -0500 Subject: [PATCH 5/5] COSE: Fix a leak Fix #19623 --- epan/dissectors/packet-cose.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/epan/dissectors/packet-cose.c b/epan/dissectors/packet-cose.c index 30ed7c19f2..ef62ea928e 100644 --- a/epan/dissectors/packet-cose.c +++ b/epan/dissectors/packet-cose.c @@ -789,6 +789,9 @@ static void dissect_value_alg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre gint64 *val = wscbor_require_int64(pinfo->pool, chunk); proto_tree_add_cbor_int64(tree, hf_hdr_alg_int, pinfo, tvb, chunk, val); if (value && val) { + if (*value) { + g_variant_unref(*value); + } *value = g_variant_new_int64(*val); } break; @@ -797,6 +800,9 @@ static void dissect_value_alg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tre const char *val = wscbor_require_tstr(pinfo->pool, chunk); proto_tree_add_cbor_tstr(tree, hf_hdr_alg_tstr, pinfo, tvb, chunk); if (value && val) { + if (*value) { + g_variant_unref(*value); + } *value = g_variant_new_string(val); } break;