From nobody Tue Oct 28 17:27:03 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1760424085; cv=none; d=zohomail.com; s=zohoarc; b=TJeXt4gy45cFZPjtS8rDcnRUiNZq/MufQbqsmY0wk0W8Kw9FzMYpOHh8+J/LEL4mrk0LBX2K5kyJVZls6X/ohM3+HQNypfHu0gvUBT1PpSGWPpcIW7CXRKApA4FeacUNrrvq9ifeZ5BeCc/A/cZS/c6wu+9n0+B5sZ/U8wdj8NI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1760424085; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=blE4ZJ3SVxtruZai20yCpEeiWL5nVAcMhIAr5Xosc9g=; b=k7QwDL3cC3RvEDI/NkuV8nQOX/JWYfVHt7gqx9X9pTKarrE1o19EVs9ggktSrIm2+hitPwlhz8mPw+FxxROyPESbwBQk3f9NSyo4yuxc5n0GaXrb8ZiMhXd4Tp2iaV8dz2e2wATmGiKnlsRFEGf33yzAv2HCm+Hv34gQKl1fpm0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1760424085318795.1048063514834; Mon, 13 Oct 2025 23:41:25 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 5056D3F303; Tue, 14 Oct 2025 02:41:20 -0400 (EDT) Received: from [172.19.199.20] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 84A81447A4; Tue, 14 Oct 2025 02:37:41 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id E777543DB1; Tue, 14 Oct 2025 02:32:04 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 9350C43DB1 for ; Tue, 14 Oct 2025 02:32:03 -0400 (EDT) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-379-o7JrHclkOISpij8h5eLGsg-1; Tue, 14 Oct 2025 02:32:01 -0400 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5482E180034C for ; Tue, 14 Oct 2025 06:32:00 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id B0FAF300018D for ; Tue, 14 Oct 2025 06:31:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1760423523; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=blE4ZJ3SVxtruZai20yCpEeiWL5nVAcMhIAr5Xosc9g=; b=Hn7qwIZnRCi6roFGEf70c18+ORrF+625xugKKKRtYj6FY6fDNaXrKg0v/eGzbKF177joko lN2xs8RUto54fvLL4NzCpFxgUBUTjZL4JvJcLrVQjz7vOEYh++nuaLStTbtpWXVlsX+xZa RKYcudWjnR1zIOnlZIwsKKH5YvtGTTg= X-MC-Unique: o7JrHclkOISpij8h5eLGsg-1 X-Mimecast-MFC-AGG-ID: o7JrHclkOISpij8h5eLGsg_1760423520 To: devel@lists.libvirt.org Subject: [PATCH 7/8] wireshark: Don't leak column strings Date: Tue, 14 Oct 2025 08:31:46 +0200 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: zDP2JUyXeuLxrjfkOxmipWrRQhlNLGMZ7Olx4pcfzMU_1760423520 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 4QNWDQPC6S4UJTZ2GJZAUEMZLJCXH77R X-Message-ID-Hash: 4QNWDQPC6S4UJTZ2GJZAUEMZLJCXH77R X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1760424086465158500 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik One of the problems of using val_to_str() is that it may return a const string from given table ('vs'), OR return an allocated one. Since the caller has no idea which case it is, it resides to safe option and don't free returned string. But that might lead to a memleak. This behaviour is fixed with wireshark-4.6.0 and support for it will be introduced soon. But first, make vir_val_to_str() behave like fixed val_to_str() from newer wireshark: just always allocate the string. Now, if val_to_str() needs to allocate new memory it obtains allocator by calling wmem_packet_scope() which is what we may do too. Hand in hand with that, we need to free the memory using the correct allocator, hence wmem_free(). But let's put it into a wrapper vir_wmem_free() because just like val_to_str(), it'll need additional argument when adapting to new wireshark. Oh, and freeing the memory right after col_add_fstr() is safe as it uses vsnprintf() under the hood to format passed args. One last thing, the wmem.h file used to live under epan/wmem/ but then in v3.5.0~240 [1] was moved to wsutil/wmem/. 1: https://gitlab.com/wireshark/wireshark/-/commit/7f9c1f5f92c131354fc8b2b8= 8d473706786064c0 Signed-off-by: Michal Privoznik Reviewed-by: Peter Krempa --- meson.build | 20 ++++++++++++++++ tools/wireshark/src/meson.build | 1 + tools/wireshark/src/packet-libvirt.c | 35 ++++++++++++++++++++++------ 3 files changed, 49 insertions(+), 7 deletions(-) diff --git a/meson.build b/meson.build index bcc18b20e5..a1e0e5ecd5 100644 --- a/meson.build +++ b/meson.build @@ -1365,6 +1365,26 @@ if wireshark_dep.found() if cc.check_header('wireshark/ws_version.h') conf.set('WITH_WS_VERSION', 1) endif + + # Find wmem.h + # But it's not as easy as you'd think. Ubuntu 20.04 has split parts of + # libwireshark.so into libwsutil.so but: + # a) wireshark.pc never mentions it, + # b) libwsutil-dev package doesn't install pkg-config file. + # Fortunately, it's fixed in 24.04. + if cc.check_header('wireshark/epan/wmem/wmem.h', dependencies: wireshark= _dep) + conf.set('WITH_WS_EPAN_WMEM', 1) + elif cc.check_header('wireshark/wsutil/wmem/wmem.h', dependencies: wires= hark_dep) + conf.set('WITH_WS_WSUTIL_WMEM', 1) + else + error('Unable to locate wmem.h file') + endif + + # TODO: drop wsutil dep once support for Ubuntu 20.04 is dropped + wsutil_dep =3D dependency('', required: false) + if not cc.has_function('wmem_free', dependencies: wireshark_dep) + wsutil_dep =3D cc.find_library('wsutil', required: true) + endif endif =20 # generic build dependencies checks diff --git a/tools/wireshark/src/meson.build b/tools/wireshark/src/meson.bu= ild index 9b452dc5ca..ba0df913e0 100644 --- a/tools/wireshark/src/meson.build +++ b/tools/wireshark/src/meson.build @@ -9,6 +9,7 @@ shared_library( ], dependencies: [ wireshark_dep, + wsutil_dep, xdr_dep, tools_dep, ], diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/pac= ket-libvirt.c index f6ad2c4578..3178ac6f27 100644 --- a/tools/wireshark/src/packet-libvirt.c +++ b/tools/wireshark/src/packet-libvirt.c @@ -21,6 +21,11 @@ #include #include #include +#ifdef WITH_WS_EPAN_WMEM +# include +#elif WITH_WS_WSUTIL_WMEM +# include +#endif #include #include #include "packet-libvirt.h" @@ -140,13 +145,19 @@ static const value_string status_strings[] =3D { { -1, NULL } }; =20 -static const char * +static char * G_GNUC_PRINTF(3, 0) vir_val_to_str(const uint32_t val, const value_string *vs, const char *fmt) { - return val_to_str(val, vs, fmt); + return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt); +} + +static void +vir_wmem_free(void *ptr) +{ + wmem_free(wmem_packet_scope(), ptr); } =20 static gboolean @@ -462,6 +473,10 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pi= nfo, proto_tree *tree, uint32_t prog, serial; int32_t proc, type, status; const value_string *vs; + char *prog_str =3D NULL; + char *proc_str =3D NULL; + char *type_str =3D NULL; + char *status_str =3D NULL; =20 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt"); col_clear(pinfo->cinfo, COL_INFO); @@ -474,15 +489,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *p= info, proto_tree *tree, serial =3D tvb_get_ntohl(tvb, offset); offset +=3D 4; status =3D tvb_get_ntohil(tvb, offset); offset +=3D 4; =20 - col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=3D%s", - vir_val_to_str(prog, program_strings, "%x")); + prog_str =3D vir_val_to_str(prog, program_strings, "%x"); + col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=3D%s", prog_str); + vir_wmem_free(prog_str); =20 vs =3D get_program_data(prog, VIR_PROGRAM_PROCSTRINGS); - col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=3D%s", vir_val_to_str(p= roc, vs, "%d")); + proc_str =3D vir_val_to_str(proc, vs, "%d"); + col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=3D%s", proc_str); + vir_wmem_free(proc_str); =20 + type_str =3D vir_val_to_str(type, type_strings, "%d"); + status_str =3D vir_val_to_str(status, status_strings, "%d"); col_append_fstr(pinfo->cinfo, COL_INFO, " Type=3D%s Serial=3D%u Status= =3D%s", - vir_val_to_str(type, type_strings, "%d"), serial, - vir_val_to_str(status, status_strings, "%d")); + type_str, serial, status_str); + vir_wmem_free(status_str); + vir_wmem_free(type_str); =20 if (tree) { gint *hf_proc; --=20 2.49.1