URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=840eba72fb6b30f3919e563085b761ac4b770ed7
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-3.0
Repository: wireshark
Commits:
840eba7 by Peter Wu (peter@xxxxxxxxxxxxx):
Qt: do not expose a UAT record if the update callback fails
The default chk callbacks for individual fields only catches basic
errors such as invalid, too large numbers. Many dissectors perform
additional validation in the update_cb which is invoked for a record as
a whole. If this check fails, then the UAT must not be marked as valid
or else invalid records (like NULL pointers) could be exposed.
Thanks to Uli Heilmeier for noticing this.
Bug: 15709
Change-Id: I1cc4c6925322011a561ad6df840fbac67796e5b2
Fixes: v2.3.0rc0-1002-g1cd22559a8 ("Qt: convert UatDialog to model/view pattern, improve UX")
Reviewed-on: https://code.wireshark.org/review/33157
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@xxxxxxxxxxxx>
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 7b43c480f6c2914e7d5fa69d78e69b0a50fed7c7)
Reviewed-on: https://code.wireshark.org/review/33209
Petri-Dish: Anders Broman <a.broman58@xxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 21963b9 TLS: fix DISSECTOR_ASSERT for zero-length records fragments
add 840eba7 Qt: do not expose a UAT record if the update callback fails
Summary of changes:
ui/qt/models/uat_model.cpp | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)