Wireshark-commits: [Wireshark-commits] lts-1.2.11 4157dc2: Copy over r52570 with manual interventio
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 17 Jun 2014 22:57:55 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4157dc20e67141fe209578672c1d52d58d180ee4 Submitter: Balint Reczey (balint@xxxxxxxxxxxxxxx) Changed: branch: lts-1.2.11 Repository: wireshark Commits: 593e12e by Balint Reczey (balint.reczey@xxxxxxxxxxxx): From Frederic Peters (made endian-aware by me): fixed segfault with some GIOP packets svn path=/trunk/; revision=29509 5945bbc by Chris Maynard (Christopher.Maynard@xxxxxxxxx): As noted by Jaap Keuter on -dev, be sure to use message_size instead of header->message_size for a correct host endianness comparison. svn path=/trunk/; revision=37957 f2e8008 by Balint Reczey (balint.reczey@xxxxxxxxxxxx): Prevent potential crash in libsmi. From: Vincent Bernat <bernat@xxxxxxxxxx> svn path=/trunk/; revision=32006 Change-Id: Id8faaf9aab28a2590117c9649179eb30f1fbd1d1 0dca377 by Balint Reczey (balint.reczey@xxxxxxxxxxxx): From Vincent Bernat <bernat@xxxxxxxxxx>: Refine workaroud for preventing libsmi error. svn path=/trunk/; revision=32017 c25e2fa by Balint Reczey (balint.reczey@xxxxxxxxxxxx): Disable OID resolution and loading SMI modules by default. Add an option to enable OID resolution. Add an option to suppress errors reported by libsmi. svn path=/trunk/; revision=32096 Conflicts: epan/oids.c gtk/prefs_nameres.c Change-Id: Ib85bc076eaa464a6c904944d8266cb9bbf316974 9141502 by Balint Reczey (balint.reczey@xxxxxxxxxxxx): Fix crash when opening About box with disabled OID resolution. Thanks to Hilko Bengen for the detailed bug report at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574086 svn path=/trunk/; revision=32217 5fa495a by Balint Reczey (balint.reczey@xxxxxxxxxxxx): Raise Exceptions containing a string instead of string exceptions This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4846 svn path=/trunk/; revision=35258 528fbd1 by Balint Reczey (balint.reczey@xxxxxxxxxxxx): From Rob Leslie <rob@xxxxxxxx>: [PATCH] Fix dumpcap believing error on ^C i.e. pcap_breakloop() When ^C was pressed during a packet capture, dumpcap believed a pcap error had occurred. We check the return value more closely to avoid this problem. svn path=/trunk/; revision=29510 d47dd37 by Anders Broman (anders.broman@xxxxxxxxxxxx): From Gregor Beck: ERROR:capture.c:141:capture_start: assertion failed: (capture_opts->state == CAPTURE_STOPPED) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5126 svn path=/trunk/; revision=33906 60685b3 by Stig Bjørlykke (stig@xxxxxxxxxxxxx): Revert revision 33780, because the checksum is only calculated from the header and not the content. svn path=/trunk/; revision=34080 9267436 by Balint Reczey (balint.reczey@xxxxxxxxxxxx): Fix the libsmi workaround by adding missing brackets. From Grzegorz Głowacki <g.glowacki@xxxxxxxx> svn path=/trunk/; revision=34280 107231b by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r34111. ------------------------------------------------------------------------ r34111 | gerald | 2010-09-13 11:49:55 -0700 (Mon, 13 Sep 2010) | 6 lines Changed paths: M /trunk/epan/dissectors/packet-ber.c Attempt to fix the stack overflow reported at http://seclists.org/bugtraq/2010/Sep/87 . Unfortunately no one from the NCNIPC pen test team has contacted us or provided a sample capture so the fix hasn't been verified. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.2/; revision=34441 Conflicts: docbook/release-notes.xml Change-Id: Ia569b6c8b3f016c4f5dba4ec90a280db07c97856 206afa7 by Balint Reczey (balint@xxxxxxxxxxxxxxx): Fix for RPC crash backported from Wireshark 1.2.12 Change-Id: I5d7662cc36d3b53f0e5569f0329b6542a1019cfb 70cf7f4 by Balint Reczey (balint@xxxxxxxxxxxxxxx): Fix for LDSS buffer overflow and crash when running tshark -x without -V backported from Wireshark 1.2.13 Change-Id: If731c085c89a2242212d67c049eca0364efac786 13bb7c8 by Balint Reczey (balint@xxxxxxxxxxxxxxx): import patch ../wireshark/debian/patches/29_fixes-from-1.2.14.patch 74a845b by Balint Reczey (balint@xxxxxxxxxxxxxxx): import patch ../wireshark/debian/patches/30_fixes-from-1.2.15.patch 44345fd by Balint Reczey (balint@xxxxxxxxxxxxxxx): import patch ../wireshark/debian/patches/31_fixes-from-1.2.16.patch Change-Id: Id6c0725ec7a334810387b828db34d8632c34c177 3201686 by Balint Reczey (balint@xxxxxxxxxxxxxxx): import patch ../wireshark/debian/patches/32_fixes-from-1.2.17.patch Change-Id: Icfdaae6da0eb77bacfeb320e25c51e00a53a0099 2dd6623 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over revisions from the trunk: ------------------------------------------------------------------------ r38414 | gerald | 2011-08-08 12:10:19 -0700 (Mon, 08 Aug 2011) | 2 lines Changed paths: M /trunk/epan/wslua/template-init.lua Load console.lua and dtd-gen.lua from an explicit path. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.4/; revision=38873 Conflicts: docbook/release-notes.xml Change-Id: I9c46e236f4a405180a302dd2db450edc29507478 b81861b by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r39508 from the trunk: ------------------------------------------------------------------------ r39508 | gerald | 2011-10-21 12:07:42 -0700 (Fri, 21 Oct 2011) | 6 lines Changed paths: M /trunk/wiretap/erf.c From Huzaifa Sidhpurwala of Red Hat Security Response Team: I found a heap-based buffer overflow, when parsing ERF file format. The overflow seems to be controlled by the values read from the file, and hence seems exploitable to me. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.4/; revision=39643 Change-Id: I36d61587cdbceb4ce6b13c0ea34394e8529f3baa Balint: skip release notes update c9c2b42 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over revisions from the trunk: ------------------------------------------------------------------------ r38410 | gerald | 2011-08-08 10:25:35 -0700 (Mon, 08 Aug 2011) | 3 lines Changed paths: M /trunk/epan/packet.c Make sure our root tvb is initialized in case its creation fails. Untested fix for bug 6135. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.4/; revision=38872 Change-Id: If85f91c64ad71d07f1e4976e73f31e4bd53bd857 Balint: skip release note update 265baa9 by Balint Reczey (balint@xxxxxxxxxxxxxxx): fixes from 1.4.11 85a0ae4 by Balint Reczey (balint@xxxxxxxxxxxxxxx): Global variables considered harmful. Pass pinfo along as a parameter; this appears to fix bug 6823 (the actual crash was a null pinfo being passed to call_dissector()). svn path=/trunk/; revision=40962 Conflicts: epan/dissectors/packet-ansi_a.c 800b7a7 by Jeff Morriss (jeff.morriss@xxxxxxxxxxx): Fix the crash reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804 For WTAP_ENCAP_ERF files if we find an Extension and/or Multi-Channel header, ensure that the size of the full pseudoheader is smaller than the packet size to avoid an underflow and subsequent attempt to allocate a rather large amount of memory. svn path=/trunk/; revision=41008 232129e by Balint Reczey (balint.reczey@xxxxxxxxxxxx): Fix crash in PPP dissector Make sure that there is enough space allocated for PPP encapsulated CRTP packet's header. The bug can be triggered on an x86_64 system using the cpature file attached to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056 svn path=/trunk/; revision=43784 4e5b30d by Gerald Combs (gerald@xxxxxxxxxxxxx): Use ep_strbufs instead of trying to track string offsets manually and overflowing a buffer. Fixes a crash in bug 7568 discovered by Laurent Butti. We do the Dance Of The String Offset Pointers in several other places. They should probably be changed to ep_strbufs as well. svn path=/trunk/; revision=44320 Conflicts: epan/dissectors/packet-rtps2.c bba4df9 by Anders Broman (anders.broman@xxxxxxxxxxxx): Copy over: Revision 46646 - Clean up white space. Add a return where I presume it was intended to be - a 4-octet address is completely handled in that if clause, so there's no reason to fall through. Fix a comment. -------------------------------------------------------------------------------- Revision 46645 - Fix some valgrind warnings from the capture attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8110 I can't reproduce the actual reported crash on trunk. -------------------------------------------------------------------------------- Revision 45646 - (try to) fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871 increment offset to point to the first byte after the options (the code used to set an absolute position, if that was 0, we were stuck in an endless loop) -------------------------------------------------------------------------------- Revision 45059 - replaced decode_boolean_bitfield calls with itemized filters svn path=/trunk-1.8/; revision=46659 Conflicts: epan/dissectors/packet-clnp.c epan/osi-utils.c 1563180 by Martin Kaiser (wireshark@xxxxxxxxx): From Evan: sanity checks before setting a packet's total length in fragment_set_tot_len() (from me: check if fragments exist for the given id) hopefully, this fixes #8111 and #8163 without causing troubles for other protocols that use fragmentation and reassembly svn path=/trunk/; revision=46999 80f5dc3 by Jeff Morriss (jeff.morriss.ws@xxxxxxxxx): Copy over from trunk: ------------------------------------------------------------------------ r47125 | martink | 2013-01-16 16:57:34 -0500 (Wed, 16 Jan 2013) | 2 lines no need for if (tree) ------------------------------------------------------------------------ r47123 | martink | 2013-01-16 16:51:16 -0500 (Wed, 16 Jan 2013) | 5 lines don't attempt reassembly if more than 1000 consecutive fragments are missing this fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222 ------------------------------------------------------------------------ r47098 | eapache | 2013-01-15 11:51:55 -0500 (Tue, 15 Jan 2013) | 5 lines Don't run past the end of a fragment array, either in the loop or by putting a useless sentinel in. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213 svn path=/trunk-1.8/; revision=47245 0e0e2c7 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r47114 by hand. ------------------------------------------------------------------------ r47114 | eapache | 2013-01-16 06:14:05 -0800 (Wed, 16 Jan 2013) | 3 lines Changed paths: M /trunk/epan/proto.c Null the finfo pointer after we free it. Reduces (but does not completely fix) the errors from bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ------------------------------------------------------------------------ svn path=/trunk-1.8/; revision=47281 5daa378 by Evan Huus (eapache@xxxxxxxxx): Take a wild guess at what might be causing https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 It can't hurt, in any case. svn path=/trunk/; revision=47084 290556e by Balint Reczey (balint@xxxxxxxxxxxxxxx): Prevent copying longer than expected NTLM SSP key svn path=/trunk/; revision=47248 Conflicts: epan/dissectors/packet-ntlmssp.c b1db200 by Evan Huus (eapache@xxxxxxxxx): Backport the workaround with manual intervention: ------------------------------------------------------------------------ r47979 | eapache | 2013-03-01 14:08:30 -0500 (Fri, 01 Mar 2013) | 3 lines Add a much better workaround for bug #8382 and some expert info. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382 ------------------------------------------------------------------------ The actual fix (when it comes) will be too intrusive to backport. svn path=/trunk-1.6/; revision=47982 2c1f7eb by Michael Mann (mmann78@xxxxxxxxxxxx): Fix potential buffer overflow in RTPS and RTPS2 dissectors by allocating enough memory to fit the "indentation space". Bug 8332 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332) svn path=/trunk/; revision=47658 681afb8 by Evan Huus (eapache@xxxxxxxxx): From Alyssa Milburn via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335 Make length field unsigned so that negative values fail the bounds check and throw a regular exception before getting passed to glib (where they cause a program-ending assert failure instead). svn path=/trunk/; revision=47672 Conflicts: epan/dissectors/packet-mount.c f324256 by Jaap Keuter (jaap.keuter@xxxxxxxxx): From Alyssa Milburn: This patch adds a check for a zero count to the existing sanity check code. From me: In addition drop superfluous sanity check. svn path=/trunk/; revision=47692 c4f9e42 by Michael Mann (mmann78@xxxxxxxxxxxx): Bugfix DoS in CIMD dissector. Bug 8346 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346) svn path=/trunk/; revision=47708 Conflicts: epan/dissectors/packet-cimd.c b3d8619 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over revisions from the trunk: ------------------------------------------------------------------------ r48010 | eapache | 2013-03-02 08:23:21 -0800 (Sat, 02 Mar 2013) | 4 lines Changed paths: M /trunk/epan/dissectors/packet-dtls.c Pass the same offset to tvb_ensure_bytes_exist and fragment_add. One minor part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380 ------------------------------------------------------------------------ Copy over with manual intervention: ------------------------------------------------------------------------ r48011 | eapache | 2013-03-02 08:39:56 -0800 (Sat, 02 Mar 2013) | 23 lines Changed paths: M /trunk/epan/exceptions.h M /trunk/epan/reassemble.c M /trunk/epan/show_exception.c Define a new exception for reassembly errors, and throw it in several cases instead of using DISSECTOR_ASSERT. When a dissector passes bad data to the reassembly machine, that isn't necessarily the dissector's fault - the data may come straight from the packet, and the dissector may not have enough information to know it's bad without telling the reassembly machine in the first place. Also fix a bug in the reassembly machine. If it were given a fragment and all of the following conditions were met: - the other associated fragments were already marked as done (reassembled) - the fragment went beyond the end of the conceptual reassembled buffer - the dissector had not set the PARTIAL_REASSEMBLY flag then the reassembly machine would incorrectly think there was an overlap and run past the end of the already-reassembled buffer. Should fix the rest of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380 #BACKPORT This is probably too big and intrusive to backport directly, and parts of it will need adapting anyways since reassemble.c has changed. But the bug exists and crashes in 1.6 and 1.8, so we'll have to do something. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.6/; revision=48113 Conflicts: docbook/release-notes.xml epan/dissectors/packet-dtls.c epan/reassemble.c a63efdf by Evan Huus (eapache@xxxxxxxxx): Manually backport more of r48011. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8441 for 1.6 branch svn path=/trunk-1.6/; revision=48131 3b6d41b by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r48944 by hand: ------------------------------------------------------------------------ r48944 | eapache | 2013-04-20 14:20:00 -0700 (Sat, 20 Apr 2013) | 5 lines Changed paths: M /trunk/epan/dissectors/packet-ber.c Initialize branch_taken right at the top of dissect_ber_choice so that the caller can depend on it being initialized even in peculiar error conditions. Fixes the other half of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599 ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.6/; revision=49288 Conflicts: docbook/release-notes.xml da4c214 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r49802 from the trunk: ------------------------------------------------------------------------ r49802 | eapache | 2013-06-05 19:53:36 -0700 (Wed, 05 Jun 2013) | 6 lines Changed paths: M /trunk/epan/dissectors/packet-dcp-etsi.c From myself and Julian Cable via (and fixing) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717 Don't add a DCP-ETSI fragment for reassembly if the length is wrong. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.6/; revision=49822 Conflicts: docbook/release-notes.xml epan/dissectors/packet-dcp-etsi.c a37c558 by Balint Reczey (balint@xxxxxxxxxxxxxxx): Copy over with manual intervention: ------------------------------------------------------------------------ r50672 | morriss | 2013-07-16 13:59:26 -0400 (Tue, 16 Jul 2013) | 8 lines Changed paths: M /trunk/epan/dissectors/packet-gsm_a_common.c Fix the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940 : Test whether idx is in range or not (by seeing if it was found in the value_string) before using it as an index into any of the elem_var arrays. This fuzz failure was in elem_telv() but apply the fix to all the elem_*() functions. ------------------------------------------------------------------------ svn path=/trunk-1.8/; revision=50675 Conflicts: epan/dissectors/packet-gsm_a_common.c e3ac4c4 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r49697 with manual intervention: ------------------------------------------------------------------------ r49697 | guy | 2013-06-02 11:09:13 -0700 (Sun, 02 Jun 2013) | 6 lines Changed paths: M /trunk/wiretap/netmon.c Initialize the frame_table_size field of the private data to 0 and the frame_table field to NULL before trying to allocate the frame table, so that if we fail before we allocate the frame table, the attempt to free the private data doesn't crash due to the frame_table field containing a bogus pointer. ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.8/; revision=50684 Conflicts: docbook/release-notes.xml Conflicts: wiretap/netmon.c 5c85fc1 by Evan Huus (eapache@xxxxxxxxx): Ensure that the length parameter to dissect_per_length_determinant is initialized even in cases where we error or otherwise fail to dissect. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722 Thanks to Pascal for his help digging through this one. svn path=/trunk/; revision=49985 409fe3e by Evan Huus (eapache@xxxxxxxxx): Copy over revisions from the trunk: ------------------------------------------------------------------------ r51213 | eapache | 2013-08-08 06:50:11 -0400 (Thu, 08 Aug 2013) | 4 lines Correctly check bounds on dim_max. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9019 ------------------------------------------------------------------------ svn path=/trunk-1.8/; revision=51624 Conflicts: asn1/ldap/packet-ldap-template.c epan/dissectors/packet-ldap.c e0f9fc8 by Evan Huus (eapache@xxxxxxxxx): Make sure our ldap_call_response_t struct is always completely initialized, fixing a "Conditional jump or move depends on uninitialised value" error found by valgrind fuzzing. svn path=/trunk/; revision=51516 Conflicts: asn1/ldap/packet-ldap-template.c epan/dissectors/packet-ldap.c 9ae048f by Evan Huus (eapache@xxxxxxxxx): From Peter Hatina via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9104 Fix double-free on corrupt netmon file. Wiretap frees the struct for us, we don't need to free it as well. svn path=/trunk-1.8/; revision=51781 Conflicts: wiretap/netmon.c 4157dc2 by Gerald Combs (gerald@xxxxxxxxxxxxx): Copy over r52570 with manual intervention: ------------------------------------------------------------------------ r52570 | cmaynard | 2013-10-12 11:03:34 -0700 (Sat, 12 Oct 2013) | 4 lines Changed paths: M /trunk/epan/dissectors/packet-tcp.c Don't assume that tvb_length_remaining() or tvb_reported_length_remaining() always return a value >= 0. Part of fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 #BACKPORT(1.10,1.8) ------------------------------------------------------------------------ Update the release notes. svn path=/trunk-1.8/; revision=52962 Conflicts: epan/dissectors/packet-tcp.c Actions performed: from b33d799 Fix the advisory link. new 593e12e From Frederic Peters (made endian-aware by me): fixed segfault with some GIOP packets new 5945bbc As noted by Jaap Keuter on -dev, be sure to use message_size instead of header->message_size for a correct host endianness comparison. new f2e8008 Prevent potential crash in libsmi. From: Vincent Bernat <bernat@xxxxxxxxxx> new 0dca377 From Vincent Bernat <bernat@xxxxxxxxxx>: Refine workaroud for preventing libsmi error. new c25e2fa Disable OID resolution and loading SMI modules by default. Add an option to enable OID resolution. Add an option to suppress errors reported by libsmi. new 9141502 Fix crash when opening About box with disabled OID resolution. Thanks to Hilko Bengen for the detailed bug report at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574086 new 5fa495a Raise Exceptions containing a string instead of string exceptions This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4846 new 528fbd1 From Rob Leslie <rob@xxxxxxxx>: [PATCH] Fix dumpcap believing error on ^C i.e. pcap_breakloop() When ^C was pressed during a packet capture, dumpcap believed a pcap error had occurred. We check the return value more closely to avoid this problem. new d47dd37 From Gregor Beck: ERROR:capture.c:141:capture_start: assertion failed: (capture_opts->state == CAPTURE_STOPPED) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5126 new 60685b3 Revert revision 33780, because the checksum is only calculated from the header and not the content. new 9267436 Fix the libsmi workaround by adding missing brackets. From Grzegorz Głowacki <g.glowacki@xxxxxxxx> new 107231b Copy over r34111. new 206afa7 Fix for RPC crash backported from Wireshark 1.2.12 new 70cf7f4 Fix for LDSS buffer overflow and crash when running tshark -x without -V new 13bb7c8 import patch ../wireshark/debian/patches/29_fixes-from-1.2.14.patch new 74a845b import patch ../wireshark/debian/patches/30_fixes-from-1.2.15.patch new 44345fd import patch ../wireshark/debian/patches/31_fixes-from-1.2.16.patch new 3201686 import patch ../wireshark/debian/patches/32_fixes-from-1.2.17.patch new 2dd6623 Copy over revisions from the trunk: new b81861b Copy over r39508 from the trunk: new c9c2b42 Copy over revisions from the trunk: new 265baa9 fixes from 1.4.11 new 85a0ae4 Global variables considered harmful. Pass pinfo along as a parameter; this appears to fix bug 6823 (the actual crash was a null pinfo being passed to call_dissector()). new 800b7a7 Fix the crash reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804 new 232129e Fix crash in PPP dissector new 4e5b30d Use ep_strbufs instead of trying to track string offsets manually and overflowing a buffer. Fixes a crash in bug 7568 discovered by Laurent Butti. new bba4df9 Copy over: Revision 46646 - Clean up white space. new 1563180 From Evan: sanity checks before setting a packet's total length in fragment_set_tot_len() new 80f5dc3 Copy over from trunk: new 0e0e2c7 Copy over r47114 by hand. new 5daa378 Take a wild guess at what might be causing https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 new 290556e Prevent copying longer than expected NTLM SSP key new b1db200 Backport the workaround with manual intervention: ------------------------------------------------------------------------ r47979 | eapache | 2013-03-01 14:08:30 -0500 (Fri, 01 Mar 2013) | 3 lines new 2c1f7eb Fix potential buffer overflow in RTPS and RTPS2 dissectors by allocating enough memory to fit the "indentation space". new 681afb8 From Alyssa Milburn via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335 new f324256 From Alyssa Milburn: This patch adds a check for a zero count to the existing sanity check code. new c4f9e42 Bugfix DoS in CIMD dissector. Bug 8346 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346) new b3d8619 Copy over revisions from the trunk: new a63efdf Manually backport more of r48011. new 3b6d41b Copy over r48944 by hand: new da4c214 Copy over r49802 from the trunk: new a37c558 Copy over with manual intervention: new e3ac4c4 Copy over r49697 with manual intervention: new 5c85fc1 Ensure that the length parameter to dissect_per_length_determinant is initialized even in cases where we error or otherwise fail to dissect. new 409fe3e Copy over revisions from the trunk: new e0f9fc8 Make sure our ldap_call_response_t struct is always completely initialized, fixing a "Conditional jump or move depends on uninitialised value" error found by valgrind fuzzing. new 9ae048f From Peter Hatina via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9104 new 4157dc2 Copy over r52570 with manual intervention: The 48 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: asn1/ldap/ldap.cnf | 10 + asn1/ldap/packet-ldap-template.c | 77 ++----- asn1/x509if/packet-x509if-template.c | 20 +- asn1/x509if/x509if.cnf | 20 +- capture.c | 7 +- dumpcap.c | 5 +- epan/diam_dict.l | 6 +- epan/dissectors/packet-acn.c | 4 +- epan/dissectors/packet-ansi_a.c | 387 ++++++++++++++++----------------- epan/dissectors/packet-ber.c | 43 ++-- epan/dissectors/packet-cimd.c | 6 +- epan/dissectors/packet-clnp.c | 2 +- epan/dissectors/packet-dcm.c | 7 + epan/dissectors/packet-dcp-etsi.c | 24 +- epan/dissectors/packet-dns.c | 19 +- epan/dissectors/packet-dns.h | 2 + epan/dissectors/packet-dtls.c | 4 + epan/dissectors/packet-enttec.c | 10 +- epan/dissectors/packet-frame.c | 17 ++ epan/dissectors/packet-giop.c | 15 +- epan/dissectors/packet-gsm_a_common.c | 50 ++++- epan/dissectors/packet-ip.c | 2 +- epan/dissectors/packet-ldap.c | 113 ++++------ epan/dissectors/packet-ldss.c | 2 + epan/dissectors/packet-mac-lte.c | 6 +- epan/dissectors/packet-mount.c | 2 +- epan/dissectors/packet-ms-mms.c | 26 ++- epan/dissectors/packet-ntlmssp.c | 2 +- epan/dissectors/packet-per.c | 3 + epan/dissectors/packet-ppp.c | 5 + epan/dissectors/packet-rpc.c | 8 + epan/dissectors/packet-rtps.c | 10 +- epan/dissectors/packet-rtps2.c | 63 +++--- epan/dissectors/packet-smb-common.c | 79 +------ epan/dissectors/packet-smb-common.h | 2 +- epan/dissectors/packet-smb-logon.c | 16 +- epan/dissectors/packet-tcp.c | 12 +- epan/dissectors/packet-x509if.c | 88 +++++--- epan/epan.c | 1 - epan/exceptions.h | 24 ++ epan/ftypes/ftype-tvbuff.c | 92 ++++---- epan/oids.c | 60 ++++- epan/oids.h | 5 + ... 28 lines suppressed ...
- Prev by Date: [Wireshark-commits] master c9dd677: make dissect_ipmi_cmd() static
- Next by Date: [Wireshark-commits] master 91f58d6: check for correct ftype
- Previous by thread: [Wireshark-commits] master c9dd677: make dissect_ipmi_cmd() static
- Next by thread: [Wireshark-commits] master 91f58d6: check for correct ftype
- Index(es):