The output buffer needs one more byte for the string terminator.
Bug: 14688
Change-Id: I7d606aa8fb769fd65ba894f0472ada3543a1e3cd
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6420
Reviewed-on: https://code.wireshark.org/review/27539
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add one fixed table for OMA (Normative) defined resource names and
one table for user defined resource names. All resources are identified
by a object ID and a resource ID.
Show number of elements in arrays instead of number of bytes.
Next iteration will add proper hf entries for OMA elements.
Change-Id: I4d6c053a7c448cc65692ba1d1e92a2033ff3b397
Reviewed-on: https://code.wireshark.org/review/27551
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CMake 3.11 with the Ninja generator started complaining about CMP0058
related to ui/qt/CMakeFiles/qtui_autogen.dir/RCCstock_iconsInfo.cmake
amd other files (AUTORCC). While the policy could be set explicitly,
let's try to modernize the CMake configuration:
- Drop CMP0042, if this gives issues with macOS, then it must be solved
in a different way using non-deprecated methods.
- Drop CMP0054 and ensure that all if("${foo}") and if(${foo}) are
converted to if(foo).
- Remove string comparison against "-NOTFOUND", it already evaluates to
false in an if condition.
- Use CXX_STANDARD/CXX_STANDARD_REQUIRED for Qt 5.7 and newer.
- Assume that copy_if_different can accept multiple sources (CMake 3.5).
- Consistency: Out of the 60 CMake 3.11 FindXxx.cmake files that use
find_library, 34 contain "XXX_LIBRAR" while 16 contain "Xxx_LIBRAR".
Let's assume uppercase variables (now custom MaxMindDB include dirs
are correctly used).
CMake 3.5 was chosen as the next version because of its wide support.
Ubuntu 14.04 ships with cmake3 3.5.1, Debian jessie-backports has 3.6.2,
EPEL for CentOS/RHEL6 includes cmake3 3.6.1 and SLES12 SP2 has 3.5.
Change-Id: I2fa7b94bf8cc78411f414987d17bab3a33dfb360
Reviewed-on: https://code.wireshark.org/review/27444
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
if (${GIT_EXECUTABLE}) never worked, hence the variable GIT_BIN_PARAM never had
any value, and by so never added the Optional git-bin parameter
to make-version.pl
Make-version.pl now handle optional git-bin argument with value.
Change-Id: I089539a3d33455b8de09928b54e0ea39d1aecbb8
Reviewed-on: https://code.wireshark.org/review/27485
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
And put hyphens in "out-of-tree" and "in-tree".
Change-Id: I55c54a1334f490f948310139741fecf27203a359
Reviewed-on: https://code.wireshark.org/review/27550
Reviewed-by: Guy Harris <guy@alum.mit.edu>
macOS is a UNIX(R) and FreeBSD isn't a UNIX(R), but we mentioned macOS
along with UNIX but didn't mention FreeBSD along with UNIX.
Instead, just speak of "UN*Xes" and give Linux, macOS, and *BSD as
examples. Feel free to add Solaris, AIX, or HP-UX if you want, assuming
you can build Wireshark on them.
Change-Id: I85be3861fa0bc603b93d077a2d9d587d43cb6e7e
Reviewed-on: https://code.wireshark.org/review/27549
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Developer's Guide recommends Ninja for all UN*Xes, so download it
rather than having to say "but on macOS use make".
Change-Id: I147b96144c25d01151c68e13d249172023b1fccc
Reviewed-on: https://code.wireshark.org/review/27544
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't support 32-bit builds on macOS, so get rid of the now-unused
TARGET_PLATFORM variable and the comment about how to build 32-bit
libraries.
Follow the complex rules that Qt's download directories unfortunately
require to get the .dmg for a given release. Drop support for
installing Qt 4.
CMake doesn't use pkg-config to find the Qt frameworks, so we don't need
to fix up the .pc files (which aren't even shipped with later versions
of Qt).
Change-Id: I5edc69f8b34dac47bb2310689f296ce37347f495
Reviewed-on: https://code.wireshark.org/review/27542
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't have an option not to install it. (If we want to avoid installing
it when it's already been installed by something other than this script,
we should check for its existence before installing, and skip the
installation step for it.)
Get rid of the instructions for autotools builds; always show the
instructions for CMake builds.
We wouldn't get to the uninstall stage if it hadn't been installed by
this script; remove the comment asking about that.
Change-Id: I276ee96bf955ef4ff33dea87bc27c21111301ea0
Reviewed-on: https://code.wireshark.org/review/27540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g_array_free(a, FALSE) returns "a->data". Callers that do not handle
this will leak memory. Convert other users to use the return value
instead of direct access to "a->data".
Change-Id: I0a29864e8106c0bf09e9573ef29e4474179c4171
Reviewed-on: https://code.wireshark.org/review/27438
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
g_ptr_array_free(a, FALSE) returns "a->pdata". Callers that do not
handle this will leak memory (e.g. "tshark -G plugins"). Convert other
users to use the return value instead of direct access to "a->pdata".
Change-Id: I29835477d587f5f54bf0d94cdae9f375e3da3ce3
Reviewed-on: https://code.wireshark.org/review/27437
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
tvb_generic_clone_offset_len uses tvb_bytes_exist to check that the
requested tvb data is actually available. It did not expect negative
values, that would result in an overly large memory allocation.
Bug: 14678
Change-Id: Ie80095a381e55ca5dbbd5c9d835243549d0b212e
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7179
Reviewed-on: https://code.wireshark.org/review/27526
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will no longer be a valid way to check for remaining data.
Change-Id: I5533b8efc3344f0f8e28d873e5363256a014ab05
Reviewed-on: https://code.wireshark.org/review/27525
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are 16-bit fields, not 32-bit. Fixes a malformed packet exception.
While at it, rename fields to match draft-ietf-quic-tls-11-6-g4b762033,
these fields were inconssitently named in draft-11.
Bug: 13881
Change-Id: I797d2b4a24a4f4a9b340db736de0000acd52e639
Reviewed-on: https://code.wireshark.org/review/27491
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug 13741 showed a case where the BGP dissector's failure to validate the
length of the Path Attribute record allowed a pathological BGP UPDATE packet to
generate more than one million items in the protocol tree by repeatedly
dissecting certain segments of the packet.
It's easy enough to detect when the Path Attribute length cannot be valid, so
let's do so. When the condition arises, let's raise an Expert Info error in
the same style and format as used elsewhere in the same routine, and abandon
dissection of the Path Attributes list.
With this check in place, an incorrect length computation is revealed at a
callsite. This would only have prevented a small (less than 5 bytes) Path
Attribute from being dissected if it was at the very end of the Path Attributes
list, but the bounds checking added in this change makes this problem much more
apparent, so we fix the length computation while we're here.
Testing Done: Built wireshark on Linux amd64. Using bgp.pcap from the Sample
Captures page on the wiki, verified that the dissection of the UPDATE
packets were unaltered by this fix. Using the capture attached to bug 13741
(clusterfuzz-testcase-minimized-6689222578667520.pcap), verified that the
packet no longer triggers the "too many items" exception, instead we see
an Expert Info for each oversized Path Attribute length, and eventually an
exception for "length of contained item exceeds length of containing item".
30,000 iterations of fuzz test with bgp.pcap as input, and many iterations
of randpkt-test too. Crafted a packet with a 3-byte ATOMIC_AGGREGATE Path
Attribute at the end of the Path Attributes list; Before this change, an
exception is raised during dissection, but after this change it is dissected
correctly.
Bug: 13741
Change-Id: I80f506b114a61e5b060d93b59bed6b94fb188b3e
Reviewed-on: https://code.wireshark.org/review/27466
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously, checksum code would override the expert_field summary
string configured by dissectors, and display the generic "Bad checksum"
string in the Expert Information dialog.
This change uses the configured expert_field summary string instead.
eg: "CRC-S1 incorrect [should be 0xff]" instead of "Bad checksum [should
be 0xff]"
This fixes problem #2 in the linked bug.
Bug: 14425
Change-Id: I168b2be92ec2d8d6f956beeaf6292574bc1d9dab
Reviewed-on: https://code.wireshark.org/review/25758
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per RFC 2782, the name should follow the "_Service._Proto.Name" format.
If a malformed packet does not adhere to this and provides a zero-length
name, then wmem_strsplit returns NULL.
Bug: 14681
Change-Id: I7b9935238a9800a1526c8b694fd2c63d3b488d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7416
Reviewed-on: https://code.wireshark.org/review/27499
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto_tree_add_split_bits_item_ret_val can handle bits from an arbitrary
sized buffer, as long as it covers no more than 64 bits. If the
octet-aligned mask covers up to 32 bits, then this mask is also shown.
If this mask was larger than 64 bits, then undefined behavior could
occur, so check for that.
For larger masks, instead of "= GmPRS Terminal Type: Unknown (96)",
display "7 bits = GmPRS Terminal Type: Unknown (96)" instead.
Bug: 13613
Change-Id: I111cf6a0705f999e42d83bfe57ac84f414946d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1158
Reviewed-on: https://code.wireshark.org/review/27517
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There were a few undissected fields in the VHT MCS Set and some of the fields
were not being placed under the correct sub tree.
Change-Id: I0dc4be1b69d371f59cc74fa06205a3cba2a65c54
Reviewed-on: https://code.wireshark.org/review/27385
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(Wireshark hasn't been strictly a C program for a while, and we now
allow C99-and-later comments in the C code.)
Change-Id: Ic68e053eed7aae1971a800cf74135bc86d211e97
Reviewed-on: https://code.wireshark.org/review/27520
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoids a warning in epan/dissectors/packet-enip.c due to "time"
appearing in a comment.
Change-Id: I88b6856425c09fc3b8cb2edc345047062a07b662
Reviewed-on: https://code.wireshark.org/review/27516
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those should always be reported, as they indicate that a block type
plugin is trying to do something we don't allow.
We should probably have a mechanism by which ws_g_warning() messages are
logged to the standard error for command-line programs, logged to an
error message window for GUI programs, and logged to some form of system
log for daemons. For now, it's a good way to log non-fatal errors that
should always be shown in *some* fashion, as well as to mark messages
that should be handled in the form described in the previous sentence.
Change-Id: Ieedf87fc2dd3184a4466ae69af01f799165c1b70
Reviewed-on: https://code.wireshark.org/review/27519
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The dissect_q931_number_ie (and indirectly dissect_q931_cause_ie_unsafe)
write to the "q931_pi" structure which seems private to the q931
dissector, but can in fact be called through other dissectors (isup) as
well. Normally this structure is initialized in "dissect_q931_pdu" and
invalidated at the end of the function, but a malformed packet can
prevent the cleanup. In the next packet, a different dissector can thus
trigger a use-after-free via "dissect_q931_number_ie".
Rename "dissect_q931_cause_ie_unsafe" since "unsafe" meant that external
dissectors could not call it directly (see commit a83a87e9ca).
Based on commit 197ceddab1, it seems that the intended purpose of the
structure is to provide information to the VoIP Calls dialog, but it
would only be used when called through dissect_q931_pdu. Dissectors like
isup have their own routines to provide call information, but as a
side-effect of code sharing the problematic code path was reached.
Bug: 14689
Change-Id: I871525db560f24690ade9a0b944c6d0e655ed34b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6711
Reviewed-on: https://code.wireshark.org/review/27495
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Given that we're not using GTK+, the answer to the question is "no".
Change-Id: Ib0e512909993830b1462d1fe3eada9265d9b1cdf
Reviewed-on: https://code.wireshark.org/review/27515
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix memleaks and complaint when trying to load non-JSON file as JSON:
"GError set over the top of a previous GError or uninitialized memory."
Change-Id: If5ab04dbb757636f66130bf1f8de1a45748bf541
Fixes: v2.9.0rc0-276-g73a1e98f4e ("wsutil: use json-glib instead of jsmn if present.")
Reviewed-on: https://code.wireshark.org/review/27469
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The full translation table responses for the v15 format of batman-adv
contain a list of vlans and then a list of entries for these VLANs. The
VLANs itself contain a checksum that is done over the entries which belong
to these VLANs.
The checkum must be correct or otherwise the receiver will not be able to
finish its synchronization of the remote translation table. Having this
information available for filtering is essential to understand such a
situation and to analyze why a node continues to send full table
requests.
Change-Id: I90f3d3d2c19ac85c1c5a6474cf1877583cfd1139
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/27442
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The multicast implementation in batman-adv exists in two different versions
which are incompatible. But their TVLV format for announcing the feature
itself is the same and can be supported by the current dissector.
Change-Id: I0e3012375912355e47adbb9d0e4f91fc7510156b
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/27443
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix compilation error:
.../wireshark/epan/dissectors/packet-ieee80211.c:2641:27:
error: ‘ht_info_service_interval_granularity_flags’ defined but not used
[-Werror=unused-const-variable=]
Change-Id: I0e6e8a46b2bd58923847220f675fe6e4d6a34aef
Reviewed-on: https://code.wireshark.org/review/27498
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Johannes made changes in the handling of LTF Symbols and LTF Symbol count
which are sort of backward compatible.
This brings us into conformance with those.
The specification can be found here: http://www.radiotap.org/fields/HE.html
Change-Id: I82e5458fa871b42549fabd0bcb49f6366c10d8bb
Reviewed-on: https://code.wireshark.org/review/27370
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HT Information element has changed since IEEE802.11n. This updates
that element to bring it in conformance with IEEE802.11-2016.
Change-Id: Ifa380b9a4dee00e0b2f07f5aabb6a18579aa8f71
Reviewed-on: https://code.wireshark.org/review/27371
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A use-after-free is possible through the following path:
// returns wmem_packet_scope() memory
coinfo->ctype_str = val_to_str(coinfo->ctype_value, vals_ctype, "Unknown Type %u");
// leaks packet scoped memory into conversation
coap_trans = wmem_new0(wmem_file_scope(), coap_transaction);
coap_trans->req_ctype_str = coinfo->ctype_str; // <-- oops
// next packet: use-after-free of packet scoped memory
coinfo->ctype_str = coap_trans->req_ctype_str;
This could be fixed by duplicating "ctype_str" with wmem_file_scope, but
since all "ctype_str" strings are constant, make the problematic
"ctype_str" assignment also constant for unknown types (the numeric type
is also stored in "ctype_value" if necessary).
Change-Id: I6249e076fa282bbe0982b8c709788e27f6fdf86e
Fixes: v2.9.0rc0-317-g46fcf452ac ("coap: Store ctype values in transaction tracking")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8196
Reviewed-on: https://code.wireshark.org/review/27477
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Daniel Willmann
Ivan Nardi