diff options
| author | Stig Bjørlykke <stig@bjorlykke.org> | 2015-08-14 09:26:50 +0200 |
|---|---|---|
| committer | Stig Bjørlykke <stig@bjorlykke.org> | 2015-08-14 07:30:02 +0000 |
| commit | 28b52060d40aa3aa716a76eb757a3ce159705625 (patch) | |
| tree | 439a07ee0cfcd05ba8454aff62f0d8fd0e6496e3 | |
| parent | 842622594a1ac05adb2b5e6fbca69ec8b327b1dc (diff) | |
Free protocol in proto_free_deregistered_fields
This fixes some issues with use-after-free when reload Lua plugins.
Change-Id: I63f3fd9ebe8a19008f560e72067f2078f5eaf759
Reviewed-on: https://code.wireshark.org/review/10026
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
| -rw-r--r-- | epan/proto.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/epan/proto.c b/epan/proto.c index 0658342509..2aebbf5e06 100644 --- a/epan/proto.c +++ b/epan/proto.c @@ -5275,6 +5275,7 @@ proto_deregister_protocol(const char *short_name) g_ptr_array_add(deregistered_fields, gpa_hfinfo.hfi[hfinfo->id]); } g_ptr_array_free(protocol->fields, TRUE); + protocol->fields = NULL; /* Remove this protocol from the list of known protocols */ protocols = g_list_remove(protocols, protocol); @@ -5282,9 +5283,6 @@ proto_deregister_protocol(const char *short_name) g_ptr_array_add(deregistered_fields, gpa_hfinfo.hfi[proto_id]); g_hash_table_steal(gpa_name_map, protocol->filter_name); - g_free((gchar *)protocol->short_name); - g_free(protocol); - return TRUE; } @@ -5506,10 +5504,6 @@ proto_get_frame_protocols(const wmem_list_t *layers, gboolean *is_ip, while (protos != NULL) { proto_id = GPOINTER_TO_INT(wmem_list_frame_data(protos)); - if (gpa_hfinfo.hfi[proto_id] == NULL) { - protos = wmem_list_frame_next(protos); - continue; /* This is a deregistered protocol */ - } proto_name = proto_get_protocol_filter_name(proto_id); if (is_ip && ((!strcmp(proto_name, "ip")) || @@ -5544,10 +5538,6 @@ proto_is_frame_protocol(const wmem_list_t *layers, const char* proto_name) while (protos != NULL) { proto_id = GPOINTER_TO_INT(wmem_list_frame_data(protos)); - if (gpa_hfinfo.hfi[proto_id] == NULL) { - protos = wmem_list_frame_next(protos); - continue; /* This is a deregistered protocol */ - } name = proto_get_protocol_filter_name(proto_id); if (!strcmp(name, proto_name)) @@ -5737,6 +5727,12 @@ free_deregistered_field (gpointer data, gpointer user_data _U_) header_field_info *hfi = (header_field_info *) data; gint hf_id = hfi->id; + if (hfi->type == FT_PROTOCOL) { + protocol_t *protocol = (protocol_t *)hfi->strings; + g_free((gchar *)protocol->short_name); + g_free(protocol); + } + g_free((char *)hfi->name); g_free((char *)hfi->abbrev); g_free((char *)hfi->blurb); |