Systemd journal: Fix timestamp conversions.

Use ws_strtou64 to convert __REALTIME_TIMESTAMP= and other timestamps,
which should work across platforms.

Bug: 16664
Change-Id: I371f2b60e1957e57dbbdbbc3ded5ad49e8eb79d1
Reviewed-on: https://code.wireshark.org/review/37849
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Gerald Combs 2020-07-13 12:20:58 -07:00 committed by Anders Broman
parent 73f24f5ad8
commit 4a4c8bdfea
2 changed files with 24 additions and 9 deletions

View File

@ -30,6 +30,8 @@
#include <epan/packet.h>
#include <epan/expert.h>
#include <wsutil/strtoi.h>
#include "packet-syslog.h"
#define PNAME "systemd Journal Entry"
@ -157,6 +159,7 @@ static int hf_sj_unhandled_field_type = -1;
static expert_field ei_unhandled_field_type = EI_INIT;
static expert_field ei_nonbinary_field = EI_INIT;
static expert_field ei_undecoded_field = EI_INIT;
#define MAX_DATA_SIZE 262144 // WTAP_MAX_PACKET_SIZE_STANDARD. Increase if needed.
@ -287,12 +290,17 @@ static void init_jf_to_hf_map(void) {
static void
dissect_sjle_time_usecs(proto_tree *tree, int hf_idx, tvbuff_t *tvb, int offset, int len) {
unsigned long rt_ts = strtoul(tvb_format_text(tvb, offset, len), NULL, 10);
// XXX Check errno?
nstime_t ts;
ts.secs = (time_t) rt_ts / 1000000;
ts.nsecs = (rt_ts % 1000000) * 1000;
proto_tree_add_time(tree, hf_idx, tvb, offset, len, &ts);
guint64 rt_ts = 0;
char *time_str = tvb_format_text(tvb, offset, len);
gboolean ok = ws_strtou64(time_str, NULL, &rt_ts);
if (ok) {
nstime_t ts;
ts.secs = (time_t) (rt_ts / 1000000);
ts.nsecs = (rt_ts % 1000000) * 1000;
proto_tree_add_time(tree, hf_idx, tvb, offset, len, &ts);
} else {
proto_tree_add_expert_format(tree, NULL, &ei_undecoded_field, tvb, offset, len, "Invalid time value %s", time_str);
}
}
static void
@ -851,6 +859,10 @@ proto_register_systemd_journal(void)
{ &ei_nonbinary_field,
{ "systemd_journal.nonbinary_field", PI_UNDECODED, PI_WARN,
"Field shouldn't be binary", EXPFILL }
},
{ &ei_undecoded_field,
{ "systemd_journal.undecoded_field", PI_UNDECODED, PI_WARN,
"Unable to decode field", EXPFILL }
}
};

View File

@ -22,6 +22,7 @@
#include <errno.h>
#include <wsutil/ws_printf.h>
#include <wsutil/strtoi.h>
#include "wtap-int.h"
#include "file_wrappers.h"
@ -2509,8 +2510,10 @@ pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, pcapng_block_head
}
errno = 0;
rt_ts = strtoul(ts_pos+rt_ts_len, NULL, 10);
if (errno) {
const char *ts_end;
gboolean ok = ws_strtou64(ts_pos+rt_ts_len, &ts_end, &rt_ts);
if (!ok) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("%s: invalid timestamp", G_STRFUNC);
return FALSE;
@ -2522,7 +2525,7 @@ pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, pcapng_block_head
wblock->rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
wblock->rec->tsprec = WTAP_TSPREC_USEC;
wblock->rec->ts.secs = (time_t) rt_ts / 1000000;
wblock->rec->ts.secs = (time_t) (rt_ts / 1000000);
wblock->rec->ts.nsecs = (rt_ts % 1000000) * 1000;
/*