prefs: fix crash when importing old filter expression preference

When the filter label was missing, it would result in a crash (use-after-free) while reading the next expression. For example: gui.filter_expressions.label: Not-Junk gui.filter_expressions.expr: tcp.flags.reset==1 # note: missing label preference gui.filter_expressions.expr: dns While at it, do not duplicate the filter expression, "filter_expression_new" has always been copying it. Change-Id: I980fd720c9a04b679a71dd2e7e8bf5e53c72ac43 Fixes: 1a046d693b ("Added Filter Toolbar Save functionality.") Bug: 11648 Reviewed-on: https://code.wireshark.org/review/28471 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2018-06-26 15:52:11 -0700
committer: Anders Broman <a.broman58@gmail.com> 2018-06-27 06:10:04 +0000
commit: d3e3c00fbbe205f16fc279068f1cb989259c3b04 (patch)
tree: 0f4ade77060ccf191f3952a5ef78943064028f66 /epan/prefs.c
parent: c20432285adb7dcc08cfbaf596830e2a98a0b4da (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/epan/prefs.c b/epan/prefs.c
index c3b74d3109..bce63b44d3 100644
--- a/epan/prefs.c
+++ b/epan/prefs.c
@@ -5362,7 +5362,6 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
     gchar    *dotp, *last_dotp;
     static gchar *filter_label = NULL;
     static gboolean filter_enabled = FALSE;
-    gchar    *filter_expr = NULL;
     module_t *module, *containing_module;
     pref_t   *pref;
     int type;
@@ -5370,15 +5369,18 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
     //The PRS_GUI field names are here for backwards compatibility
     //display filters have been converted to a UAT.
     if (strcmp(pref_name, PRS_GUI_FILTER_LABEL) == 0) {
+        /* Assume that PRS_GUI_FILTER_EXPR follows this preference. In case of
+         * malicious preference files, free the previous value to limit the size
+         * of leaked memory.  */
+        g_free(filter_label);
         filter_label = g_strdup(value);
     } else if (strcmp(pref_name, PRS_GUI_FILTER_ENABLED) == 0) {
         filter_enabled = (strcmp(value, "TRUE") == 0) ? TRUE : FALSE;
     } else if (strcmp(pref_name, PRS_GUI_FILTER_EXPR) == 0) {
-        filter_expr = g_strdup(value);
         /* Comments not supported for "old" preference style */
-        filter_expression_new(filter_label, filter_expr, "", filter_enabled);
+        filter_expression_new(filter_label, value, "", filter_enabled);
         g_free(filter_label);
-        g_free(filter_expr);
+        filter_label = NULL;
     } else if (strcmp(pref_name, "gui.version_in_start_page") == 0) {
         /* Convert deprecated value to closest current equivalent */
         if (g_ascii_strcasecmp(value, "true") == 0) {
author	Peter Wu <peter@lekensteyn.nl>	2018-06-26 15:52:11 -0700
committer	Anders Broman <a.broman58@gmail.com>	2018-06-27 06:10:04 +0000
commit	d3e3c00fbbe205f16fc279068f1cb989259c3b04 (patch)
tree	0f4ade77060ccf191f3952a5ef78943064028f66 /epan/prefs.c
parent	c20432285adb7dcc08cfbaf596830e2a98a0b4da (diff)