| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-SMC-Add-support-for-SMCD-v2.patch | [PATCH] SMC: Add support for SMCD(v2) Add SMCD(v2) clc proposal/accept/confirm and decline support. Proposal and decline parsing routines are used by SMC-R and SMC-D(v2). Enhance the existing SMC-R protocol dissector in such a generic way that it supports both SMC-R and SMC-D(v2) protocols. These two protocols are similar to each other. SMC-D has a version 1 and version 2. |
Guvenc Gulce <guvenc@linux.ibm.com> | no | 2020-05-03 | ||
| 09_idl2wrs.patch | Do not try to locate wireshark_be.py and wireshark_gen.py in non-standard places. |
Frederic Peters <fpeters@debian.org> | no | 2019-12-22 | ||
| 16_licence_about_location.patch | Change location of license file in about dialog | Frederic Peters <fpeters@debian.org> | not-needed | 2019-12-22 | ||
| 0004-Use-packaged-JS-and-CSS-resources-instead-of-pulling.patch | Use packaged JS and CSS resources instead of pulling them from the Internet | Balint Reczey <balint.reczey@canonical.com> | no | 2019-03-10 | ||
| 0001-kafka-remove-compiler-warnings.patch | kafka: remove compiler warnings. 1508 | proto_item_append_text(header_ti, " (Key: %s)", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1509 | tvb_get_string_enc(pinfo->pool, tvb, key_off, key_len, ENC_UTF_8)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../epan/dissectors/packet-kafka.c:1501:18: note: ‘key_len’ was declared here 1501 | int key_off, key_len; | ^~~~~~~ ../epan/dissectors/packet-kafka.c:1508:5: warning: ‘key_off’ may be used uninitialized in this function [-Wmaybe-uninitialized] 1508 | proto_item_append_text(header_ti, " (Key: %s)", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1509 | tvb_get_string_enc(pinfo->pool, tvb, key_off, key_len, ENC_UTF_8)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../epan/dissectors/packet-kafka.c:1501:9: note: ‘key_off’ was declared here 1501 | int key_off, key_len; | ^~~~~~~ (cherry picked from commit ae9d3d1d4ffd34e256c45a3230abeba41150daf0) |
Dario Lombardo <lomato@gmail.com> | no | 2021-12-30 | ||
| 0002-kafka-stop-decompressing-once-all-input-is-consumed.patch | kafka: stop decompressing once all input is consumed (cherry picked from commit 9412adf7bfa6d1b6749f9dd25a15241c9450ec3e) |
Kevin Albertson <kevin.eric.albertson@gmail.com> | no | 2022-12-02 | ||
| 0003-Kafka-Add-more-loop-checks.patch | Kafka: Add more loop checks Add a safeguard to limit the maximum number of iterations. Do not allocate a new buffer for every loop iterations in a loop that depends on the result of the decompression routine. Either allocate the buffer once or free after use. Defensive programming is more important than speed in this case. (cherry picked from commit f8d308e9affefea9cca4bd5f2672f4c09688d4e0) |
=?UTF-8?q?Jo=C3=A3o=20Valverde?= <j@v6e.pt> | no | 2022-12-05 | ||
| 0004-kafka-Don-t-try-to-decompress-if-the-length-is-zero.patch | kafka: Don't try to decompress if the length is zero. There's no point in trying to decompress a message with length zero, and some of the third party decompression libraries (e.g. zstd) can give unexpected results that lead to infinite loops if we do so. A message length zero is almost surely a file with errors. (cherry picked from commit 0e119321837e6ec69fe6cb04aee04935e0386d7a) |
John Thacker <johnthacker@gmail.com> | no | 2022-12-01 | ||
| 0005-kafka-Don-t-use-after-free.patch | kafka: Don't use after free Neither tvb_new_child_real_data() nor tvb_composite_append() copy the real data buffer that they're given. So we can't free a decompressed buffer after making it a tvb. We can realloc if the output size is smaller. Fix #19105 (cherry picked from commit b673bc022aa28c2c381cb96cae09357bd27eb0df) |
John Thacker <johnthacker@gmail.com> | no | 2023-05-28 | ||
| 0006-kakfa-fix-sync_group_request-missing-version-check-f.patch | kakfa: fix sync_group_request missing version check for instance_id Close #19290 (cherry picked from commit 7e7cd293720186ee0af4479e581d74c566112a66) |
Alexis La Goutte <alexis.lagoutte@gmail.com> | no | 2023-08-22 | ||
| 0007-bpv6-Prevent-infinite-loops.patch | bpv6: Prevent infinite loops display_extension_block is supposed to return the current offset, not the number of bytes remaining, which can be less than the current offset and cause an infinite loop. In the case of errors, set lastheader and return the current offset to break out of loops. (cherry picked from commit f2a0d25dba1152f1f34c91cd2addab11c9c8b250) |
John Thacker <johnthacker@gmail.com> | no | 2022-11-30 | ||
| 0008-openflow_v6-Prevent-infinite-loops-in-too-short-ofp_.patch | openflow_v6: Prevent infinite loops in too short ofp_stats The ofp_stats struct length field includes the fixed 4 bytes. If the length is smaller than that, report the length error and break out. In particular, a value of zero can cause infinite loops if this isn't done. (cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db) |
John Thacker <johnthacker@gmail.com> | no | 2022-12-01 | ||
| 0009-bpv6-Fix-possible-infinite-loop.patch | bpv6: Fix possible infinite loop display_extension_block is supposed to return the current offset, not the number of bytes remaining. The number of bytes remaining can be less than the current offset and cause an infinite loop. In the case of an error, set lastheader and return the current offset in order to break out of the main processing loop. Fix #18711. (cherry picked from commit 2fd04b6ba9d830cd1324572530237b6fea58f96e) |
John Thacker <johnthacker@gmail.com> | no | 2022-12-13 | ||
| 0010-NCP-Add-offset-overflow-checking.patch | NCP: Add offset overflow checking. Add and use check_offset_addition, which adds an expert item and throws an exception if we're about to overflow our offset. Fixes #18720 (cherry picked from commit dcf00fc3bdbd0884208b017b30d387d0fc0d2b93) |
Gerald Combs <gerald@wireshark.org> | no | 2022-12-13 | ||
| 0011-RTPS-Add-offset-overflow-checking.patch | RTPS: Add offset overflow checking. Add and use check_offset_addition, which adds an expert item and throws an exception if we're about to overflow our offset. Fixes #18737 (cherry picked from commit b0cf030b30a9b63e678fee294321642beb42b724) |
Gerald Combs <gerald@wireshark.org> | no | 2022-12-15 | ||
| 0012-TIPC-Add-a-recursion-check.patch | TIPC: Add a recursion check Add a recursion check. Fixes #18770. (cherry picked from commit 659b830aef88753d7b1ba67230d30add31f7d24e) |
Gerald Combs <gerald@wireshark.org> | no | 2022-12-30 | ||
| 0013-conversation-Remove-conversation-from-the-correct-ta.patch | conversation: Remove conversation from the correct table In conversation_set_addr2, if the existing conversation has a port2, remove it from the _no_addr2 hashtable, not the _no_port2 hashtable. Fix #18766 (backported from 55ffdb08bb5c12cfd5e2fee05f8c01d23ceaf9a3) |
John Thacker <johnthacker@gmail.com> | no | 2022-12-30 | ||
| 0014-iSCSI-Handle-invalid-opcodes-inside-Reject-message.patch | iSCSI: Handle invalid opcodes inside Reject message Allow dissect_iscsi_pdu to handle iSCSI messages with invalid opcodes, so that it does not crash when receiving them in Reject messages. Fix #18796 (cherry picked from commit 1e1e733d8cae8e6f6b6f463160061896cb1daed2) |
John Thacker <johnthacker@gmail.com> | no | 2023-01-15 | ||
| 0015-GNW-Ensure-that-tvbuff-proto-data-has-the-proper-sco.patch | GNW: Ensure that tvbuff proto data has the proper scope. Add security tvbuffs to our proto data using pinfo->pool. Fixes #18779. (cherry picked from commit 693dc40936a9eeac0e1c10ff496b3d327e25642b) |
Gerald Combs <gerald@wireshark.org> | no | 2023-01-04 | ||
| 0016-NFS-Fix-string-decoding-to-use-UTF-8.patch | NFS: Fix string decoding to use UTF-8 Use tvb_get_string_enc() to read a string. I think NFSv3 doesn't specify an encoding so interoperabilty is dicey. I believe NFSv4 specifies UTF-8. Fixes #18628. (cherry picked from commit ae0c38a07a64a7c002d64b31e13c349ee4919791) |
=?UTF-8?q?Jo=C3=A3o=20Valverde?= <j@v6e.pt> | no | 2022-11-12 | ||
| 0017-RTPS-Fixup-our-g_strlcpy-dest_sizes.patch | RTPS: Fixup our g_strlcpy dest_sizes Use the proper dest_size in various g_strlcpy calls. Fixes #19085 (cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7) |
Gerald Combs <gerald@wireshark.org> | no | 2023-05-18 | ||
| 0018-MS-MMS-Use-format_text_string.patch | MS-MMS: Use format_text_string() The length of a string transcoded from UTF-16 to UTF-8 can be shorter (or longer) than the original length in bytes in the packet. Use the new string length, not the original length. Use format_text_string, which is a convenience function that calls strlen. Fix #19086 (cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b) |
John Thacker <johnthacker@gmail.com> | no | 2023-05-18 | ||
| 0019-synphasor-Use-val_to_str_const.patch | synphasor: Use val_to_str_const Don't use a value from packet data to directly index a value_string, particularly when the value string doesn't cover all possible values. Fix #19087 (cherry picked from commit c4f37d77b29ec6a9754795d0efb6f68d633728d9) |
John Thacker <johnthacker@gmail.com> | no | 2023-05-20 | ||
| 0020-ISO15765-memory-corruption-bugfix.patch | ISO15765 memory corruption bugfix Fixes a situation in which the code wrote behind the frag_id_high array and corrupted memory. Closes #18839 |
=?UTF-8?q?Dr=2E=20Lars=20V=C3=B6lker?= | no | 2023-02-03 | ||
| 0021-RPCoRDMA-Frame-end-cleanup-for-global-write-offsets.patch | RPCoRDMA: Frame end cleanup for global write offsets Add a frame end routine for a global which is assigned to packet scoped memory. It really should be made proto data, but is used in a function in the header (that doesn't take the packet info struct as an argument) and this fix needs to be made in stable branches. Fix #18852 (cherry picked from commit 3c8be14c827f1587da3c2b3bb0d9c04faff57413) |
John Thacker <johnthacker@gmail.com> | no | 2023-03-19 | ||
| 0022-LISP-Don-t-go-past-a-LCAF-payload-length.patch | LISP: Don't go past a LCAF payload length The LISP Canonical Address Format has a payload length indicator. Use that to create a payload tvb and don't dissect outside the payload length. With fuzzed and malformed packets, this was causing the same bytes to be dissected many times, particularly in the recursive address types. A LCAF would be dissected outside the payload region, but then elsewhere the offset was only advanced by the payload length. Fix #18900 (cherry picked from commit b911cf286f495ba068c77b8b2b3445d1a325a819) |
John Thacker <johnthacker@gmail.com> | no | 2023-03-10 | ||
| 0023-GQUIC-Fix-a-null-pointer-exception.patch | GQUIC: Fix a null pointer exception Ensure that dissect_gquic_frame_type has a valid info pointer. Fixes #18947. (cherry picked from commit ee314ace8ae2d2fa8c6f7280231010252054fd7b) |
Gerald Combs <gerald@wireshark.org> | no | 2023-04-02 | ||
| 0024-candump-check-for-a-too-long-frame-length.patch | candump: check for a too-long frame length. If the frame length is longer than the maximum, report an error in the file. Fixes #19062, preventing the overflow on a buffer on the stack (assuming your compiler doesn't call a bounds-checknig version of memcpy() if the size of the target space is known). (backported from commit 0181fafb2134a177328443a60b5e29c4ee1041cb) |
Guy Harris <gharris@sonic.net> | no | 2023-05-16 | ||
| 0025-vms-fix-the-search-for-the-packet-length-field.patch | vms: fix the search for the packet length field. The packet length field is of the form Total Length = DDD = ^xXXX where "DDD" is the length in decimal and "XXX" is the length in hexadecimal. Search for "length ". not just "Length", as we skip past "Length ", not just "Length", so if we assume we found "Length " but only found "Length", we'd skip past the end of the string. While we're at it, fail if we don't find a length field, rather than just blithely acting as if the packet length were zero. Fixes #19083. (backported from commit db5135826de3a5fdb3618225c2ff02f4207012ca) |
Guy Harris <gharris@sonic.net> | no | 2023-05-18 | ||
| 0026-netscaler-add-more-checks-to-make-sure-the-record-is.patch | netscaler: add more checks to make sure the record is within the page. Whie we're at it, restructure some other checks to test-before-casting - it's OK to test afterwards, but testing before makes it follow the pattern used elsewhere. Fixes #19081. (cherry picked from commit cb190d6839ddcd4596b0205844f45553f1e77105) |
Guy Harris <gharris@sonic.net> | no | 2023-05-19 | ||
| 0027-GDSDB-Make-sure-our-offset-advances.patch | GDSDB: Make sure our offset advances. add_uint_string() returns the next offset to use, not the number of bytes consumed. So to consume all the bytes and make sure the offset advances, return the entire reported tvb length, not the number of bytes remaining. Fixup 8d3c2177793e900cfc7cfaac776a2807e4ea289f Fixes #19068 (cherry picked from commit 118815ca7c9f82c1f83f8f64d9e0e54673f31677) |
John Thacker <johnthacker@gmail.com> | no | 2023-05-13 | ||
| 0028-CP2179-Handle-timetag-info-response-without-records.patch | CP2179: Handle timetag info response without records Fixes #19229 (cherry picked from commit 44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d) |
Jaap Keuter <jaap.keuter@xs4all.nl> | no | 2023-07-27 | ||
| 0029-XRA-Fix-an-infinite-loop.patch | XRA: Fix an infinite loop C compilers don't care what size a value was on the wire. Use naturally-sized ints, including in dissect_message_channel_mb where we would otherwise overflow and loop infinitely. Fixes #19100 (cherry picked from commit ce87eac0325581b600b3093fcd75080df14ccfda) Conflicts: epan/dissectors/packet-xra.c |
Gerald Combs <gerald@wireshark.org> | no | 2023-05-23 | ||
| 0030-iscsi-Check-bounds-when-extracting-TargetAddress.patch | iscsi: Check bounds when extracting TargetAddress Use tvb_ functions that do bounds checking when parsing the TargetAddress string, instead of incrementing a pointer to an extracted char* and sometimes accidentally overrunning the string. While we're there, go ahead and add support for IPv6 addresses. Fix #19164 (backported from commit 94349bbdaeb384b12d554dd65e7be7ceb0e93d21) |
John Thacker <johnthacker@gmail.com> | no | 2023-06-24 | ||
| 0031-btsdp-Keep-offset-advancing.patch | btsdp: Keep offset advancing hf_data_element_value is a FT_NONE, so we can add the item with the expected length and get_hfi_length() will adjust the length without throwing an exception. There's no need to add it with zero length and call proto_item_set_len. Also, don't increment the offset by 0 instead of the real length when there isn't enough data in the packet, as that can lead to failing to advance the offset. When dissecting a sequence type (sequence or alternative) and recursing into the sequence member, instead of using the main packet tvb directly, create a subset using the indicated length of the sequence. That will properly throw an exception if a contained item is larger than the containing sequence, instead of dissecting the same bytes as several different items (inside the sequence recursively, as well in the outer loop.) Fix #19258 (cherry picked from commit ef9c79ae81b00a63aa8638076ec81dc9482972e9) |
John Thacker <johnthacker@gmail.com> | no | 2023-08-10 | ||
| 0032-CBOR-Add-a-recursion-check.patch | CBOR: Add a recursion check Fixes #19144 (cherry picked from commit 76719d21eb1aff3ae8d2d4536d9dc118107631b4) |
Gerald Combs <gerald@wireshark.org> | no | 2023-07-12 | ||
| 0033-wmem-Fix-leak-in-block_fast-when-realloc-ing-jumbo-b.patch | wmem: Fix leak in block_fast when realloc'ing jumbo blocks In block fast wmem_allocator is used, keep the double linked list of jumbo blocks accurate by pointing the prev pointer of the old head (if it exists) to the newly allocated jumbo block. This prevents a leak if a jumbo block which is not the most recently added jumbo block is realloc'ed. If the prev pointer isn't set properly, then all the jumbo blocks added afterwards will be lost from the list and leaked. Fix #19259 (cherry picked from commit d086f2733bc611eb310aafec51bd28d44166fa42) |
John Thacker <johnthacker@gmail.com> | no | 2023-08-10 | ||
| 0034-netscreen-do-bounds-checking-for-each-byte-of-packet.patch | netscreen: do bounds checking for each byte of packet data. Make sure each byte we add to the packet data from the file fits in the buffer, rather than stuffing bytes into the buffer and checking afterwards. This prevents a buffer overflow. Fixes #19404, which was filed as part of Trend Micro's Zero Day Initiative as ZDI-CAN-22164. While we're at it, expand a comment and make error messages give some more detail. (backported from commit 3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e) |
Guy Harris <gharris@sonic.net> | no | 2023-10-17 | ||
| 0035-gvcp-Don-t-try-to-add-a-NULL-string-to-a-column.patch | gvcp: Don't try to add a NULL string to a column This was caught as an invalid argument by g_strlcpy before 4.2, but it was never a good idea. Fix #19496 (backported from commit a8586fde3a6512466afb2a660538ef3fe712076b) |
John Thacker <johnthacker@gmail.com> | no | 2023-11-23 | ||
| 0036-asn2wrs-Add-recursion-checks.patch | asn2wrs: Add recursion checks Add a recursion depth check whenever we have cyclic dependencies. Fixes #19501 (cherry picked from commit 8f797db63ca44875a07d0d8a5d298a79d09b44ec) |
Gerald Combs <gerald@wireshark.org> | no | 2023-12-31 | ||
| 0037-asn2wrs-Fix-our-recursion-checks.patch | asn2wrs: Fix our recursion checks Don't subtract our cycle size when resetting our proto depth. Fixes #19580 (cherry picked from commit 218db319559a9f18d4ae105442799b9a8a3c75e1) |
Gerald Combs <gerald@wireshark.org> | no | 2024-01-08 | ||
| 0038-DOCSIS-Extended-EH-Elements-are-not-recursive.patch | DOCSIS: Extended EH Elements are not recursive Extended EH Elements, which are still not defined as of DOCSIS 4.0 and must be ignored (CM-SP-MULPIv4.0-I08-231211), are not recursive but instead have a full byte each for type and length instead of a nibble, allowing specifying more than 15 extended header types or extended header types with length longer than 15. Increment the position for the first type/length byte to make the logic more straightforward. Part of #19557 (backported from commit 77b0583568836554bd51ee8fde54ba5a3d000c0e) |
John Thacker <johnthacker@gmail.com> | no | 2024-01-01 | ||
| 0039-t38-Allocate-forced-defragmented-memory-in-correct-s.patch | t38: Allocate forced defragmented memory in correct scope Fragment data can't be allocated in pinfo->pool scope, as it outlives the frame. Set it to be freed when the associated tvb is freed, as done in the main reassemble.c code. Fix #19695 (cherry picked from commit 6fd3af5e999c71df67c2cdcefb96d0dc4afa5341) |
John Thacker <johnthacker@gmail.com> | no | 2024-03-06 | ||
| 0040-editcap-Don-t-memmove-more-than-allocated-in-the-buf.patch | editcap: Don't memmove more than allocated in the buffer When moving from the begining with a beginning offset specified, don't run off the end. Subtract the source memory area's full offset from the beginning of the buffer from the capture length. Fix #19724 (cherry picked from commit 7c744e7933794b09e7af4d9703194ad0b01be282) |
John Thacker <johnthacker@gmail.com> | no | 2024-03-29 | ||
| 0041-Mongo-Ensure-the-offset-advances.patch | Mongo: Ensure the offset advances The MongoDB Wire Protocol uses _signed_ 32 bit integers for lengths. dissect_bson_document checks for bogus values and ensures that a non-negative (and at least 5) size is returned, but we need to make sure to use that return value instead of trusting the value read from the packet in dissect_op_msg_section. Fix #19726 (cherry picked from commit 38c0efcee8d22d922e446888b268effc3ccf725f) |
John Thacker <johnthacker@gmail.com> | no | 2024-03-30 | ||
| 0042-ntlmssp-Don-t-insert-a-key-created-on-the-stack-into.patch | ntlmssp: Don't insert a key created on the stack into a hash table We could change this table to an autoreset wmem_map as well. Fix #19943 (cherry picked from commit 66dcd56f1eae615697b6588ac4778a61a5576391) |
John Thacker <johnthacker@gmail.com> | no | 2024-07-28 | ||
| 0043-SPRT-Fix-crash.patch | SPRT: Fix crash SDP can setup a RTP conversation with a setup frame before the current frame, which changes the dissection on the second pass. If in the period in the middle there is a SPRT packet, it can be dissected differently on the second pass, and the SPRT conversation data won't be found on the second pass. Fix #19559 (at least prevent the crash. There's some more cleanup that should happen.) (cherry picked from commit 05f6364cbd766e8758f98c5ee2070aef27c1ffef) |
John Thacker <johnthacker@gmail.com> | no | 2024-05-29 |