From 2391a436e60b4a1823be983583d5ef34a7faf6de Mon Sep 17 00:00:00 2001
From: Hadriel Kaplan <hadriel@128technology.com>
Date: Wed, 24 Dec 2014 15:04:01 -0500
Subject: Bug 10233 - Wireshark crashes if Lua heuristic dissector returns true

Because call_heur_dissector_direct() didn't set the pinfo->heur_list_name
before calling the heuristic dissector, heur_dissect_lua() would invoke
report_failure().  Unfortunately, calling report_failure() within a dissector
can cause problems because GTK continues invoking timed callbacks while
it displays the modal dialog created by report_failure()... without yet
returning from report_failure().  In such a case, it's possible for
epan_dissect_run() to be called while still within the execution of a
previous call to epan_dissect_run(), which casues an assert since
epan_dissect_run() is not reentrant.

So this commit both fixes the call_heur_dissector_direct() bug as well
as avoids using report_failure() within heur_dissect_lua().  It also
upadtes the dissector.lua script used in the testsuite to match the one
pubshied on the wiki, since that script's heuristic dissector triggered
the bug.

Bug: 10233
Change-Id: If022604347745fadac01c02d370ca1a5d3f88b5b
Reviewed-on: https://code.wireshark.org/review/6040
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
---
 epan/wslua/init_wslua.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'epan/wslua')

diff --git a/epan/wslua/init_wslua.c b/epan/wslua/init_wslua.c
index 9c2cefeaa2..40f03a276a 100644
--- a/epan/wslua/init_wslua.c
+++ b/epan/wslua/init_wslua.c
@@ -214,8 +214,11 @@ gboolean heur_dissect_lua(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, v
     lua_tvb = tvb;
     lua_pinfo = pinfo;
 
-    if (!tvb || !pinfo || !pinfo->heur_list_name || !pinfo->current_proto) {
-        report_failure("internal error in heur_dissect_lua: NULL packet info");
+    g_assert(tvb && pinfo);
+
+    if (!pinfo->heur_list_name || !pinfo->current_proto) {
+        proto_tree_add_expert_format(tree, pinfo, &ei_lua_error, tvb, 0, 0,
+                "internal error in heur_dissect_lua: NULL list name or current proto");
         return FALSE;
     }
 
@@ -235,7 +238,8 @@ gboolean heur_dissect_lua(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, v
     if (!wslua_get_table(L, -1, pinfo->heur_list_name)) {
         /* this shouldn't happen */
         lua_settop(L,0);
-        report_failure("internal error in heur_dissect_lua: no %s heur list table", pinfo->heur_list_name);
+        proto_tree_add_expert_format(tree, pinfo, &ei_lua_error, tvb, 0, 0,
+                "internal error in heur_dissect_lua: no %s heur list table", pinfo->heur_list_name);
         return FALSE;
     }
 
@@ -243,7 +247,8 @@ gboolean heur_dissect_lua(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, v
     if (!wslua_get_field(L,-1,pinfo->current_proto)) {
         /* this shouldn't happen */
         lua_settop(L,0);
-        report_failure("internal error in heur_dissect_lua: no %s heuristic dissector for list %s",
+        proto_tree_add_expert_format(tree, pinfo, &ei_lua_error, tvb, 0, 0,
+                "internal error in heur_dissect_lua: no %s heuristic dissector for list %s",
                         pinfo->current_proto, pinfo->heur_list_name);
         return FALSE;
     }
@@ -256,7 +261,8 @@ gboolean heur_dissect_lua(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, v
     if (!lua_isfunction(L,-1)) {
         /* this shouldn't happen */
         lua_settop(L,0);
-        report_failure("internal error in heur_dissect_lua: %s heuristic dissector is not a function", pinfo->current_proto);
+        proto_tree_add_expert_format(tree, pinfo, &ei_lua_error, tvb, 0, 0,
+                "internal error in heur_dissect_lua: %s heuristic dissector is not a function", pinfo->current_proto);
         return FALSE;
     }
 
@@ -271,13 +277,15 @@ gboolean heur_dissect_lua(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, v
     push_TreeItem(L,lua_tree);
 
     if  ( lua_pcall(L,3,1,0) ) {
-        report_failure(" error calling %s heuristic dissector: %s", pinfo->current_proto, lua_tostring(L,-1));
+        proto_tree_add_expert_format(tree, pinfo, &ei_lua_error, tvb, 0, 0,
+                "Lua Error: error calling %s heuristic dissector: %s", pinfo->current_proto, lua_tostring(L,-1));
         lua_settop(L,0);
     } else {
         if (lua_isboolean(L, -1) || lua_isnil(L, -1)) {
             result = lua_toboolean(L, -1);
         } else {
-            report_failure(" invalid return value from Lua %s heuristic dissector", pinfo->current_proto);
+            proto_tree_add_expert_format(tree, pinfo, &ei_lua_error, tvb, 0, 0,
+                    "Lua Error: invalid return value from Lua %s heuristic dissector", pinfo->current_proto);
         }
         lua_pop(L, 1);
     }
-- 
cgit v1.2.3