reported by check_typed_proto_items.py
packet-capwap.c:1810 proto_tree_add_item called for hf_capwap_fortinet_mesh_eth_bridge_enable - item type is FT_UINT32 but call has len 1
packet-capwap.c:3015 proto_tree_add_item called for hf_capwap_control_header_msg_type_enterprise_nbr - item type is FT_UINT32 but call has len 3
reported by check_typed_proto_items.py
packet-dns.c:1688 proto_tree_add_item called for hf_dns_rr_len - item type is FT_UINT32 but call has len 2
packet-dns.c:1719 proto_tree_add_item called for hf_dns_rr_len - item type is FT_UINT32 but call has len 2
packet-dns.c:2493 proto_tree_add_item called for hf_dns_px_preference - item type is FT_UINT8 but call has len 2
reported by check_typed_proto_items.py
packet-couchbase.c:1403 proto_tree_add_item called for hf_extras_nmeta - item type is FT_UINT32 but call has len 2
packet-couchbase.c:1405 proto_tree_add_item called for hf_extras_nru - item type is FT_UINT16 but call has len 1
packet-couchbase.c:1426 proto_tree_add_item called for hf_extras_nmeta - item type is FT_UINT32 but call has len 2
packet-couchbase.c:1453 proto_tree_add_item called for hf_extras_nmeta - item type is FT_UINT32 but call has len 2
packet-couchbase.c:1471 proto_tree_add_item called for hf_extras_nmeta - item type is FT_UINT32 but call has len 2
packet-couchbase.c:1522 proto_tree_add_item called for hf_extras_nru - item type is FT_UINT16 but call has len 1
reported by check_typed_proto_items.py
packet-cdp.c:298 proto_tree_add_item called for hf_cdp_ttl - item type is FT_UINT16 but call has len 1
packet-cdp.c:1225 proto_tree_add_item called for hf_cdp_nrgyz_tlvtype - item type is FT_UINT16 but call has len 4
reported by check_typed_proto_items.py
packet-bluecom.c:435 proto_tree_add_item called for hf_bcp_hdr_cmd - item type is FT_UINT32 but call has len 1
packet-bluecom.c:441 proto_tree_add_item called for hf_bcp_hdr_len - item type is FT_UINT8 but call has len 2
reported by check_typed_proto_items.py
packet-bgp.c:8440 proto_tree_add_item called for hf_bgp_update_encaps_tunnel_subtlv_lb_block_length - item type is FT_UINT16 but call has len 4
packet-bgp.c:9152 proto_tree_add_item called for hf_bgp_route_refresh_orf_entry_sequence - item type is FT_UINT8 but call has len 4
reported by check_typed_proto_items.py
packet-awdl.c:889 proto_tree_add_item called for hf_awdl_electionparams_private_phc - item type is FT_UINT32 but call has len 2
reported by check_typed_proto_items.py
epan/dissectors/packet-aim.c:2380 proto_tree_add_item called for hf_generic_idle_time - item type is FT_UINT32 but call has len 2
epan/dissectors/packet-aim.c:3222 proto_tree_add_item called for hf_aim_messaging_unknown - item type is FT_UINT16 but call has len 1
reported by check_typed_proto_items.py
epan/dissectors/packet-aruba-iap.c:113 proto_tree_add_item called for hf_iap_unknown_uint - item type is FT_UINT32 but call has len 1
One entry in the list of strings didn't have the comma at the end, so
the entry after it was concatenated with it, forming a bogus entry and
causing neither "application/vnd.3gpp.mcptt-info+xml" nor
"application/vnd.3gpp.mid-call+xml" to be recognized by media type as
XML.
Should resolve Coverity CID 1355680.
Pull the value-formatting code in proto_custom_set into
proto_item_fill_display_label. Use that in FieldInformation::toString
instead of fvalue_to_string_repr. Fixes#16911.
Make Protobuf fields that are not serialized on the wire (missing in
capture files) to be displayed with default values by setting the new
'add_default_value' preference. The default values might be explicitly
declared in 'proto2' files, or false for bools, first value for enums,
zero for numeric types.
Default values are generated in epan/protobuf_lang_tree.c during the
nodes of fields are created. The default_value_xxx() methods of field
descriptor are added into epan/protobuf-helper.c/h and
epan/protobuf_lang_tree.c/h files.
close#17000
After a key update, we should update Packet Protection cipher but
we shouldn't touch the Header Protection one.
With the current code, PP and HP ciphers are quite entangled and we
always reset both of them. Therefore, at the second key update we
reset the used 1-RTT HP cipher too; no wonder even header decryption
fails from that point on.
To properly fix this issue, all the ciphers structures has been rewritten,
clearly separating PP code from HP one.
Close#16920Close#16916
coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes#16994.
Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.
Each peer in a get_peers response has its own entry in the list, unlike
the way nodes are represented, so if we see a string_len we don't
recognize (like 18 for IPv6 peers) treating it as several IPv4 peers
doesn't make sense.
When due to limited capture length the tailing part of the SRTCP packet
is missing it might be impossible to know the encryption status of this
packet. Before retrieving that information make sure that's even possible,
otherwise continue as if not encrypted.
This is roughly 10% of tshark startup time.
- Enterprise string does not need to be trimmed at the beginning
- No need to call g_hash_table_replace() as keys are just guint32
Many of the Kafka dissector's type dissection routines either returned
an offset or -1 in the event of an error. We don't appear to check for
errors anywhere, so ensure that those routines always return a valid
offset.
Make those routines always initialize their type offset and length
variables. Fixes#16985.
Without a default swich case Coverity flags a possible
divide by zero error.
While at it remove unneeded initializers because it is a symptom
of the same issue.
Added dissection for Dynamic Access Control (DAC) specific ACEs.
These are Conditional ACEs, System Resource Attribute ACEs and System
Scoped Policy ID ACEs.
A Condition ACE must be one of the following types:
ACE_TYPE_ACCESS_ALLOWED_CALLBACK
ACE_TYPE_ACCESS_DENIED_CALLBACK
ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT
ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT
ACE_TYPE_SYSTEM_AUDIT_CALLBACK
ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT
Such an ACE may include a conditional expression (that will, if
present, be evaluated to determine whether or not the ACE allows or
denies access). If a conditional expression is present the ACE data
will start with the string "artx". The remainder of the ACE data will
be the conditional expression which is simply a list of tokens
(see MS-DTYP for details of each token type). With this change,
filter "nt.ace.cond" can be used to find packets containing one or
more Conditional ACEs and their details are dissected.
A System Resource Attribute ACE has a name, value type and a list of
values. The value types are: INT64, UINT64, STRING, SID, BOOLEAN and
OCTET_STRING (i.e. binary data). With this change, filter "nt.ace.sra"
can be used to find packets containing one or more System Resource
Attribute ACEs and their details are dissected.
System Scoped Policy ID is simply a new ACE type and it does not
require any new dissection. The SID associated with a System Scoped
Policy ID ACE will start with S-1-17 and identifies the "Central
Access Policy" that should be used.
Declare padding_item outside the while loop and initialize it, as we
want the value from the previous loop iteration when using it for
expert_info. Fixes clang build warnings.
Change PT_DECIMALLIT, PT_OCTALLIT and PT_HEXLIT tokens to uint64
type, and make PT_IDENT excluding '-' numbers which will be parsed
in protobuf_lang.y. That negative enum number and number type of
constant can be correctly parsed.
Note, intLit is uint32 for parsing fieldNumber and enumNumber,
but might be uint64 as constant.
close#16988
Return nil from Dissector.get() and DissectorTable.get() when the
reference is not found. This can be used to check for existence of
a dissector or dissector table before use.
We already do this for DissectorTable.get_dissector().
RFC 3550, Section 6.4.1 describes that the padding flag may only be set
on the last packet in a compound RTCP packet. Add an expert item if that
is not the case.
You can't use packet scope if you're not dissecting a packet;
read_IOR_strings_from_file() is called from giop_init(), which is called
when a file is opened, not when dissecting a packet.
Use NULL as the scope, which just does a regular allocation, and free
the buffer when we're done.
Expand a comment to indicate that using dissection routines is *also* a
bad idea in code that's not used when dissecting packets.
Fixes#16984.