[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

--- Comment #7 from Gerrit Code Review  ---
Change 25786 merged by Anders Broman:
Qt: Fix the filter expression toolbar layout.

https://code.wireshark.org/review/25786

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

--- Comment #6 from Gerrit Code Review  ---
Change 25785 merged by Anders Broman:
Qt: Fix the filter expression toolbar layout.

https://code.wireshark.org/review/25785

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

--- Comment #5 from Gerrit Code Review  ---
Change 25784 merged by Anders Broman:
Qt: Fix the filter expression toolbar layout.

https://code.wireshark.org/review/25784

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

--- Comment #4 from Gerrit Code Review  ---
Change 25786 had a related patch set uploaded by Gerald Combs:
Qt: Fix the filter expression toolbar layout.

https://code.wireshark.org/review/25786

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

--- Comment #3 from Gerrit Code Review  ---
Change 25785 had a related patch set uploaded by Gerald Combs:
Qt: Fix the filter expression toolbar layout.

https://code.wireshark.org/review/25785

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

--- Comment #2 from Gerrit Code Review  ---
Change 25784 had a related patch set uploaded by Gerald Combs:
Qt: Fix the filter expression toolbar layout.

https://code.wireshark.org/review/25784

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14121] Change placement of "double chevron" in Filter Toolbar to eliminate overlap

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14121

Gerald Combs  changed:

   What|Removed |Added

 CC||philip.f.vi...@boeing.com

--- Comment #1 from Gerald Combs  ---
*** Bug 14426 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

Gerald Combs  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #5 from Gerald Combs  ---


*** This bug has been marked as a duplicate of bug 14121 ***

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

Gerald Combs  changed:

   What|Removed |Added

  Component|GTK+ UI |Qt UI

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14430] Wireshark should not offer invalid completions for capture filters

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14430

Guy Harris  changed:

   What|Removed |Added

   See Also||https://bugs.wireshark.org/
   ||bugzilla/show_bug.cgi?id=14
   ||427

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #10 from Guy Harris  ---
(In reply to Guy Harris from comment #9)
> (In reply to Jurko Gospodnetić from comment #0)
> > The original tried queries were constructed based on what Wireshark offered
> > in its auto-completion popups.
> 
> Then Wireshark shouldn't offer those in its auto-completion popups.  I'll
> file a bug.

Bug 14430 filed.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

Guy Harris  changed:

   What|Removed |Added

   See Also||https://bugs.wireshark.org/
   ||bugzilla/show_bug.cgi?id=14
   ||430

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14430] New: Wireshark should not offer invalid completions for capture filters

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14430

Bug ID: 14430
   Summary: Wireshark should not offer invalid completions for
capture filters
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: g...@alum.mit.edu
  Target Milestone: ---

Build Information:
Version 2.5.1 (v2.5.1rc0-104-gd332507e)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.5.0, with libpcap, without POSIX capabilities, with
GLib 2.36.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with MIT Kerberos, with GeoIP,
with nghttp2 1.21.0, with LZ4, with Snappy, with libxml2 2.9.4, with
QtMultimedia, with SBC, with SpanDSP, with bcg729.

Running on Mac OS X 10.12.6, build 16G1036 (Darwin 16.7.0), with Intel(R)
Core(TM) i7-4980HQ CPU @ 2.80GHz (with SSE4.2), with 16384 MB of physical
memory, with locale en_US.UTF-8, with libpcap version 1.8.1 -- Apple version
67.60.2, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with zlib 1.2.8, binary plugins
supported (13 loaded). Built using clang 4.2.1 Compatible Apple LLVM 9.0.0
(clang-900.0.39.2). 
--
If, for example, you type "ip a" into the capture filter entry box in the main
screen, it offers "address1", "address2", "address3", and "address4" as
completions.

"ip address1 {anything}" is not a valid capture filter; "address1" is valid
only as an 802.11 MAC address.

Furthermore, unless you have a libpcap with the change that I just now checked
into the master branch, it may *crash* with "ip address1 {IP address or valid
host name}".

Note also that the official documented qualifiers for the four MAC addresses in
802.11 headers are "addr1", "addr2", "addr3", and "addr4"; to quote the
pcap-filter man page:

   wlan addr1 ehost
  True if the first IEEE 802.11 address is ehost.

   wlan addr2 ehost
  True if the second IEEE 802.11 address, if  present,  is  ehost.
  The  second  address  field is used in all frames except for CTS
  (Clear To Send) and ACK (Acknowledgment) control frames.

   wlan addr3 ehost
  True if the third IEEE 802.11 address,  if  present,  is  ehost.
  The  third  address field is used in management and data frames,
  but not in control frames.

   wlan addr4 ehost
  True if the fourth IEEE 802.11 address, if  present,  is  ehost.
  The  fourth address field is only used for WDS (Wireless Distri-
  bution System) frames.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #9 from Guy Harris  ---
(In reply to Jurko Gospodnetić from comment #0)
> The original tried queries were constructed based on what Wireshark offered
> in its auto-completion popups.

Then Wireshark shouldn't offer those in its auto-completion popups.  I'll file
a bug.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

Guy Harris  changed:

   What|Removed |Added

   Hardware|x86-64  |All
 OS|Windows 10  |All

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #8 from Guy Harris  ---
(In reply to Uli Heilmeier from comment #4)
> Yes, seems to be a libpcap issue.
> Crashes also with capture filter 'address1 X' or 'address2 X' or 'address3
> X' or 'address4 X' where X can be any digit.
> Doesn't crash with 'address1 X'

That's "doesn't crash with 'address1 X', where "X" is a syntactically-valid
host name but doesn't correspond to a known host.  If "X" were a valid host
name, i.e. one that libpcap can resolve, it *will* crash; if it's not, the
parse fails because the host name isn't valid, before it even gets to the point
where the crash occurs.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #7 from Guy Harris  ---
I've checked a fix into the libpcap repository.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

Guy Harris  changed:

   What|Removed |Added

 Resolution|--- |NOTOURBUG
 Status|CONFIRMED   |RESOLVED

--- Comment #6 from Guy Harris  ---
libpcap bug, still in the current tip of the master libpcap branch:

$ ./tcpdump --version
tcpdump version 4.10.0-PRE-GIT
libpcap version 1.9.0-PRE-GIT
OpenSSL 1.1.0e  16 Feb 2017
SMI-library: 0.4.8
$ ./tcpdump -i en0 -d ip address1 198.73.17.116
Abort trap: 6 (core dumped)

Please file a bug at

https://github.com/the-tcpdump-group/libpcap/issues

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #5 from Uli Heilmeier  ---
(In reply to Uli Heilmeier from comment #4)

> Doesn't crash with 'address1 X'
I mean when X is a alphabetical character like 'A'.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #4 from Uli Heilmeier  ---
Yes, seems to be a libpcap issue.
Crashes also with capture filter 'address1 X' or 'address2 X' or 'address3 X'
or 'address4 X' where X can be any digit.
Doesn't crash with 'address1 X'

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14406] Wireshark doesn't report EAP packet as malformed packet when EAP LENGTH field has wrong length value

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14406

--- Comment #4 from Alexis La Goutte  ---
There is no often (never ?) a really check of length (only if it is need for
decode payload)

and it is too complicated to add a check for each value for say it is correct
or not...

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14429] New: [oss-fuzz] #6279 radius: Direct-leak in g_realloc (dissect_attribute_value_pairs)

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14429

Bug ID: 14429
   Summary: [oss-fuzz] #6279 radius: Direct-leak in g_realloc
(dissect_attribute_value_pairs)
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: darkjames...@darkjames.pl
  Target Milestone: ---

Created attachment 16135
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16135=edit
Capture file

Build Information:
TShark (Wireshark) 2.5.1 (v2.5.1rc0-73-ge438cf2e)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) without libpcap, with GLib 2.42.2, with zlib 1.2.8, without
SMI, without c-ares, without Lua, without GnuTLS, with Gcrypt 1.6.3, without
Kerberos, without GeoIP, without nghttp2, without LZ4, without Snappy, without
libxml2.

Running on Linux 3.17.4-301.fc21.x86_64, with Intel(R) Xeon(R) CPU  
E5530  @ 2.40GHz (with SSE4.2), with 24093 MB of physical memory, with locale
en_US.UTF-8, with Gcrypt 1.6.3, with zlib 1.2.8.

Built using gcc 4.9.2 20150212 (Red Hat 4.9.2-6).

--
A memleak was found by oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6279

Valgrind log:

==24834== 154 bytes in 1 blocks are definitely lost in loss record 42 of 46
==24834==at 0x4C2BB9C: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24834==by 0xA7434C5: g_realloc (gmem.c:162)
==24834==by 0x7162FAB: dissect_attribute_value_pairs (packet-radius.c:1778)
==24834==by 0x71637E5: dissect_radius (packet-radius.c:2261)
==24834==by 0x6A7731A: call_dissector_through_handle (packet.c:694)
==24834==by 0x6A782B1: call_dissector_work (packet.c:779)
==24834==by 0x6A78C1E: dissector_try_uint_new (packet.c:1361)
==24834==by 0x6A78C60: dissector_try_uint (packet.c:1385)
==24834==by 0x731CB39: decode_udp_ports (packet-udp.c:666)
==24834==by 0x731D490: dissect (packet-udp.c:1127)
==24834==by 0x731D9DD: dissect_udp (packet-udp.c:1133)
==24834==by 0x6A7731A: call_dissector_through_handle (packet.c:694)

Related lines:

1775 if (eap_buffer == NULL)
1776 eap_buffer = (guint8
*)g_malloc(eap_tot_len_captured + tvb_len);
1777 else
1778 eap_buffer = (guint8
*)g_realloc(eap_buffer,
1779   
eap_tot_len_captured + tvb_len);

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

Stig Bjørlykke  changed:

   What|Removed |Added

 CC||s...@bjorlykke.org

--- Comment #3 from Stig Bjørlykke  ---
This seems to be a bug in libpcap, this test program also crashes:

#include 

int main (int argc, char *argv[])
{
struct bpf_program fcode;

pcap_t *pd = pcap_open_dead (DLT_EN10MB, 1);

if (pcap_compile (pd, , "ip address1 10.0.0.1", 1, 0)) {
printf ("Error: %s\n", pcap_geterr (pd));
} else {
printf ("Ok\n");
}
pcap_close (pd);

return 0;
}

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

--- Comment #2 from Uli Heilmeier  ---
Process:   Wireshark [71698]
Path: 
/Users/USER/Downloads/*/Wireshark.app/./Contents/MacOS/Wireshark
Identifier:org.wireshark.Wireshark
Version:   2.5.1-105-g048c4373 (2.5.1-105-g048c4373)
Code Type: X86-64 (Native)
Parent Process:bash [764]
Responsible:   Wireshark [71698]
User ID:   501

Date/Time: 2018-02-13 20:56:35.418 +0100
OS Version:Mac OS X 10.13.3 (17D47)
Report Version:12
Anonymous UUID:194A8059-000D-7C12-6751-6776AD47EEC5

Sleep/Wake UUID:   3DD87D6C-EB72-4872-8B8D-5D70184268AC

Time Awake Since Boot: 98000 seconds
Time Since Wake:   580 seconds

System Integrity Protection: enabled

Crashed Thread:7  QThread

Exception Type:EXC_CRASH (SIGABRT)
Exception Codes:   0x, 0x
Exception Note:EXC_CORPSE_NOTIFY

Application Specific Information:
abort() called

Thread 0:: Dispatch queue: com.apple.main-thread
0   QtCore  0x0001131ccf20 0x112f85000 +
2391840
1   QtCore  0x0001131c825b
QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType,
QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument,
QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument,
QGenericArgument, QGenericArgument, QGenericArgument) + 155
2   QtCore  0x000113172765
QAbstractItemModel::endResetModel() + 309
3   QtWidgets   0x00010e68eff2 0x10e342000 +
3461106
4   QtCore  0x0001131f3b6f
QMetaObject::activate(QObject*, int, int, void**) + 1871
5   QtCore  0x00011317276d
QAbstractItemModel::endResetModel() + 317
6   org.wireshark.Wireshark 0x00010dafc8e8
CaptureFilterEdit::buildCompletionList(QString const&) + 542
7   org.wireshark.Wireshark 0x00010db8005f
SyntaxLineEdit::completionKeyPressEvent(QKeyEvent*) + 429
8   QtWidgets   0x00010e3a7bb6
QWidget::event(QEvent*) + 3974
9   QtWidgets   0x00010e496fb4
QLineEdit::event(QEvent*) + 660
10  org.wireshark.Wireshark 0x00010db80213
SyntaxLineEdit::event(QEvent*) + 61
11  QtWidgets   0x00010e45f129
QComboBox::keyPressEvent(QKeyEvent*) + 505
12  QtWidgets   0x00010e3a7bb6
QWidget::event(QEvent*) + 3974
13  QtWidgets   0x00010e45ec54
QComboBox::event(QEvent*) + 388
14  QtWidgets   0x00010e36effc
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300
15  QtWidgets   0x00010e370ce0
QApplication::notify(QObject*, QEvent*) + 2640
16  QtCore  0x0001131bf932
QCoreApplication::notifyInternal(QObject*, QEvent*) + 114
17  QtWidgets   0x00010e3c48b4 0x10e342000 + 534708
18  QtWidgets   0x00010e36effc
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300
19  QtWidgets   0x00010e371abb
QApplication::notify(QObject*, QEvent*) + 6187
20  QtCore  0x0001131bf932
QCoreApplication::notifyInternal(QObject*, QEvent*) + 114
21  QtGui   0x000112ad117e
QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*)
+ 190
22  QtGui   0x000112acf9e3
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
+ 1267
23  QtGui   0x000112abe1cb
QWindowSystemInterface::sendWindowSystemEvents(QFlags)
+ 315
24  libqcocoa.dylib 0x000115da6f0d 0x115d87000 + 130829
25  libqcocoa.dylib 0x000115da78a8 0x115d87000 + 133288
26  com.apple.CoreFoundation0x7fff3c8a8721
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
27  com.apple.CoreFoundation0x7fff3c9620ac __CFRunLoopDoSource0
+ 108
28  com.apple.CoreFoundation0x7fff3c88b260
__CFRunLoopDoSources0 + 208
29  com.apple.CoreFoundation0x7fff3c88a6dd __CFRunLoopRun +
1293
30  com.apple.CoreFoundation0x7fff3c889f43 CFRunLoopRunSpecific
+ 483
31  com.apple.HIToolbox 0x7fff3bba1e26
RunCurrentEventLoopInMode + 286
32  com.apple.HIToolbox 0x7fff3bba1a9f
ReceiveNextEventCommon + 366
33  com.apple.HIToolbox 0x7fff3bba1914
_BlockUntilNextEventMatchingListInModeWithFilter + 64
34  com.apple.AppKit0x7fff39e6cf5f _DPSNextEvent + 2085
35  com.apple.AppKit

[Wireshark-bugs] [Bug 14427] Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

Uli Heilmeier  changed:

   What|Removed |Added

 CC||u...@heilmeier.eu
 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

--- Comment #1 from Uli Heilmeier  ---
Confirmed with master-2.4 and latest master on macOS. WS crashes while typing
'ip address1 1' as capture filter.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14427] New: Crash on `ip address1 198.73.17.116` filter

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14427

Bug ID: 14427
   Summary: Crash on `ip address1 198.73.17.116` filter
   Product: Wireshark
   Version: 2.4.4
  Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: jurko.gospodne...@pke.hr
  Target Milestone: ---

Build Information:
Version 2.4.4 (v2.4.4-0-g90a7be11a4)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.3, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with
SBC, with SpanDSP.

Running on 64-bit Windows 10, build 16299, with Intel(R) Core(TM) i7-6700HQ CPU
@ 2.60GHz (with SSE4.2), with 49087 MB of physical memory, with locale
Croatian_Croatia.1250, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap.

Built using Microsoft Visual C++ 14.0 build 24215

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
If I try to enter a capture filter ``` Wireshark crashes as soon as I start
entering the IP address or paste it in.

Same happens with `tcp address1 198.73.17.116`.

The actual IP address used does not seem to be important.

I later on figured out I can filter by IPv4 address using `host 198.73.17.116`
and that one works fine.

The original tried queries were constructed based on what Wireshark offered in
its auto-completion popups.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

--- Comment #4 from Phil  ---
Version 2.4.4 (v2.4.4-0-g90a7be11a4)

Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.3, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with
SBC, with SpanDSP.

Running on 64-bit Windows 10, build 14393, with Intel(R) Core(TM) i7-6820HQ CPU
@ 2.70GHz (with SSE4.2), with 16315 MB of physical memory, with locale
English_United States.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.4.11, with Gcrypt 1.7.6, with AirPcap 4.1.1 build 1838.

Built using Microsoft Visual C++ 14.0 build 24215

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

--- Comment #3 from Phil  ---
Attachment show picture of no dropdown arrow to access saved displayed filters.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

--- Comment #2 from Phil  ---
Attached picture shows no dropdown for saved displayed filters.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

--- Comment #1 from Phil  ---
Created attachment 16133
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16133=edit
Picture

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14426] New: Display filter dropdown to access saved filters missing

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14426

Bug ID: 14426
   Summary: Display filter dropdown to access saved filters
missing
   Product: Wireshark
   Version: 2.4.4
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: GTK+ UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: philip.f.vi...@boeing.com
  Target Milestone: ---

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14406] Wireshark doesn't report EAP packet as malformed packet when EAP LENGTH field has wrong length value

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14406

--- Comment #3 from Trotters  ---
(In reply to Trotters from comment #2)
> Created attachment 16131 [details]
> A correct EAP SUCCESS packet

For clarification:

AFAIK there are three mandatory fields (EAP CODE, EAP ID, EAP LENGTH), and one
optional (EAP DATA) in an EAP packet.

As a result, the shortest EAP LENGTH possible = 4 bytes.
(1 byte EAP CODE + 1 byte EAP ID + 2 bytes EAP LENGTH + 0 or more bytes EAP
DATA)

The contents of EAP DATA depends on the EAP CODE. For a code 3 (EAP SUCCESS)
there is no EAP DATA, so EAP LENGTH for EAP SUCCESS should always be 4 bytes.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14425] New: Expert Information Summary for Bad Checksum is incorrect

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14425

Bug ID: 14425
   Summary: Expert Information Summary for Bad Checksum is
incorrect
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: daul...@gmail.com
  Target Milestone: ---

Created attachment 16132
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16132=edit
PCAP with bad TCP and CIP Safety checksums

Build Information:
Version 2.5.1-del (v2.5.1rc0-88-g27b571e6) 
Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.9.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.11, with SMI 0.4.8, with c-ares 1.13.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Xeon(R)
CPU E3-1270 v5 @ 3.60GHz (with SSE4.2), with 4095 MB of physical memory, with
locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
with GnuTLS 3.4.11, with Gcrypt 1.7.6, with AirPcap 4.1.0 build 1622, binary
plugins supported (14 loaded). Built using Microsoft Visual C++ 12.0 build
40629 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and http://www.wireshark.org for more information. 
--
This affects the latest git (27b571e62f6a672804c6f8e7b0558ccfb589cf9b) and the
beta 2.5.0.

This only applies when "Group by summary" is checked.

There are 2 issues:
1. The Expert Information Summary field for checksum failures is being
formatted as this: "Bad checksum [should be 0x45d2]". This is incorrect because
the checksum referenced (0x45d2) is only for the first entry in the grouping.
If there are multiple entries in the grouping, the other entries should have
other checksums.
2. The summary of "Bad checksum" isn't as descriptive as it used to be.
Individual protocols have more specific information. eg: "CRC-S3 incorrect",
"CRC-S5 incorrect", etc.

This seems to affect all protocols.

To reproduce:
1. Load attached pcap: cipsafety_bad_crc.pcap
2. Edit -> Preferences -> Protocols -> TCP -> Check "Validate the TCP checksum
if possible". This is only needed to show the problem for TCP checksums
3. Open Expert Information page.
4. TCP errors show "TCP: Bad checksum [should be 0x1fb1]" for 3 entries, even
only one of those entries should have the checksum 0x1fb1
5. CIP Safety errors show "CIP Safety: Bad checksum [should be 0x45d2]", even
only one of those entries should have the checksum 0x45d2

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14406] Wireshark doesn't report EAP packet as malformed packet when EAP LENGTH field has wrong length value

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14406

--- Comment #2 from Trotters  ---
Created attachment 16131
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16131=edit
A correct EAP SUCCESS packet

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14424] Packet line height explodes in 3 times when view LDAP packet with invalidDNSyntax

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14424

--- Comment #2 from Kirill  ---
Created attachment 16130
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16130=edit
screenshot after explosion

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14424] Packet line height explodes in 3 times when view LDAP packet with invalidDNSyntax

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14424

--- Comment #1 from Kirill  ---
Created attachment 16129
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16129=edit
screenshot before explosion

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14424] New: Packet line height explodes in 3 times when view LDAP packet with invalidDNSyntax

2018-02-13 Thread bugzilla-daemon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14424

Bug ID: 14424
   Summary: Packet line height explodes in 3 times when view LDAP
packet with invalidDNSyntax
   Product: Wireshark
   Version: 2.4.4
  Hardware: x86-64
OS: Windows 8.1
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: ajax...@mail.ru
  Target Milestone: ---

Created attachment 16128
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16128=edit
PCAP with invalid LDAP packet

Build Information:
Version 2.4.4 (v2.4.4-0-g90a7be11a4)
--
If open a PCAP file it looks ok - 1 line per packet. Then I scroll down to the
packet #69 which is LDAP packet with invalidDNSyntax and then all PCAP packet
heights explode and every packet starts taking 3 rows instead of 1: 1 row with
packet info and 2 empty.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe