Wireshark · Wireshark-commits: [Wireshark-commits] master-2.2 3d8a0a1: extcap: fix use-after-free for preferences

Wireshark-commits: [Wireshark-commits] master-2.2 3d8a0a1: extcap: fix use-after-free for preferenc

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Sun, 11 Sep 2016 09:31:31 +0000 (UTC)

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d8a0a181981c247c5f36731dd12cc3cceee578f
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master-2.2
Repository: wireshark

Commits:

3d8a0a1 by Peter Wu (peter@xxxxxxxxxxxxx):

    extcap: fix use-after-free for preferences
    
    In commit v2.3.0rc0-117-g485bc45 (backported to v2.2.0rc0-44-g66721ca),
    extcap_prefs_dynamic_vals and extcap_cleanup were added in an attempt to
    address dangling pointers.
    
    Unfortunately it is not sufficient:
    
     - A pointer to the preference value is stored in extcap_arg and passed
       to the prefs API, but this extcap_arg structure can become invalid
       which result in use-after-free whenever the preference is accessed.
     - On exit, a use-after-free occurs in prefs_cleanup when the preference
       value is being checked.
    
    As the preference subsystem actually manages the memory for the string
    value and consumers should only provide a pointer where the value can be
    stored, convert the char* field in extcap to char**. This has as
    additional benefit that values are not limited to 256 bytes anymore.
    
    extcap_cleanup is moved after epan_cleanup to ensure that prefs_cleanup
    does not operate on dangling pointers.
    
    Crash is reproducible under ASAN with: tshark -i randpkt
    
    Ping-Bug: 12183
    Change-Id: Ibf1ba1102a5633aa085dc278a12ffc05a4f4a34b
    Reviewed-on: https://code.wireshark.org/review/17631
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Roland Knall <rknall@xxxxxxxxx>
    (cherry picked from commit 583150198b78c84d043455b0afcca58a9659eab3)
    Reviewed-on: https://code.wireshark.org/review/17632
    Petri-Dish: Roland Knall <rknall@xxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  4600041   PortableApps: Allow multiple instances.
    adds  3d8a0a1   extcap: fix use-after-free for preferences


Summary of changes:
 extcap.c                       |   73 ++++++++++++++++++++++++----------------
 extcap.h                       |    4 +++
 extcap_parser.h                |    2 +-
 rawshark.c                     |   16 +++------
 tfshark.c                      |   20 +++--------
 tshark.c                       |   20 +++--------
 ui/gtk/main.c                  |    6 ++--
 ui/qt/extcap_argument.cpp      |   28 +++++++++------
 ui/qt/extcap_argument_file.cpp |    6 ++--
 wireshark-qt.cpp               |    6 ++--
 10 files changed, 87 insertions(+), 94 deletions(-)

Prev by Date: [Wireshark-commits] master 5831501: extcap: fix use-after-free for preferences
Next by Date: [Wireshark-commits] master 456312e: dumpcap: fix memleak on exit
Previous by thread: [Wireshark-commits] master 5831501: extcap: fix use-after-free for preferences
Next by thread: [Wireshark-commits] master 456312e: dumpcap: fix memleak on exit
Index(es):
- Date
- Thread