Doing so means we'd close the FD, but we've already closed it.
Addresses Coverity CID 1442274.
Change-Id: I5aab1bd4b82e9ac0901bcdbc1ddb6b16eec30573
Reviewed-on: https://code.wireshark.org/review/31312
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the IPHC TVB wasn't created then bail out of dissection before trying
to use it.
Bug: 15217
Change-Id: I6e297590cdf86e13b0185f75f1d409888f2498d8
Reviewed-on: https://code.wireshark.org/review/31308
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
IEEE1609 and GeoNetworking secured packets containing certificate
contain Service Specific Permission items that was not dissected.
This patch allows dissection of SSP both in IEEE1609dot2 dissector and
in the geonetworking dissector.
It also provides SSP dissectors for ETSI DEN and CA basic services.
Change-Id: Ic5efe403f7c4337c7e51a4eab9a9d674d2fe1cf6
Reviewed-on: https://code.wireshark.org/review/31303
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While there renumber according to latest spec. and fix some indentation.
Change-Id: Ib9b4590d72c3124ffcb96fd719a9a19cadb4c494
Reviewed-on: https://code.wireshark.org/review/31300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way there isn't a need for packet-icmp-int.h.
Change-Id: Ib523c36ab2fdf6a43ee6ff32dadfcd53e9d9bf14
Reviewed-on: https://code.wireshark.org/review/31290
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Pass dissector data to dpaux dissector directly instead of using p_get_proto_data.
2. Don't assume dissector data will always be present and default to "sink" if
that is the case.
3. tvb_memdup isn't needed for proto_tree_add_bytes
4. Use value_string to save switch cases.
5. Bugfix major/minor version dissection.
Change-Id: I018d923537ce276fda8be1884f5bb3a8b2eef862
Reviewed-on: https://code.wireshark.org/review/31297
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gracefully handle repeated calls of ws_buffer_free on the same buffer to
avoid strange crashes in other new users that allocate a "small" buffer.
The first call to ws_buffer_free would store data pointer in the
'small_buffers' array for reuse and set the pointer to NULL. Result:
(gdb) p cfile.rec.options_buf
$2 = {
data = 0x0,
allocated = 2048, // Oops, not modified!
start = 0,
first_free = 0
}
All users of Buffer (including ws_buffer_free) however asssume that
'allocated' reflects the actual size of 'data'. If this is not the case
(if ws_buffer_free is called again), then a data pointer (NULL!) will be
stored and the next ws_buffer_init request for a "small buffer" will
result in unexpected behavior (including crashes).
Fix the issue by clearing the 'allocated' field as well. Add assertions
to catch such issues earlier rather than crashing at random users of
these buffers (such as frame_tvbuff).
Bug: 15263
Change-Id: I0b491c3fccac8c6fddd43779629343d721638ca9
Reviewed-on: https://code.wireshark.org/review/31278
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've already reported the files that couldn't be saved; no need to tell
the user something they already know by that point.
Change-Id: I8251a46134342df6b40a6324aa76a5237fde7c93
Reviewed-on: https://code.wireshark.org/review/31298
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I9bf885dcd9b8c15212062f8e6205816521e707c3
Reviewed-on: https://code.wireshark.org/review/31292
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Erik de Jong <erikdejong@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a particular save failed, always let the user know.
Change-Id: I618e0ff82813cd4249ab7b1714f9a50e095a1ea8
Reviewed-on: https://code.wireshark.org/review/31296
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Limiting the maximum *path* name length is bogus; if the user wants to
store the file in some directory deep under the root (UN*X) or the root
of the drive (Windows), that's their choice - don't prevent them from
saving in a directory with a path longer than some maximum or limit the
file name based on the length of the path leading up to it.
Limiting the maximum *file* name is presumably to cope with, for
example, HTTP objects with a URL that had a very long query component,
so it makes sense.
Change-Id: Idfc7de8124ee80bdd4950341ff2239834eb9f6f6
Reviewed-on: https://code.wireshark.org/review/31295
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have eo_save_entry() use the report_ routines to report errors, so they
pop up a dialog in Wireshark and print an error message in command-line
programs such as TShark. Use it instead of local_eo_save_entry().
Change-Id: I689fd880ff2a31486372374560129ee9d9692b1e
Reviewed-on: https://code.wireshark.org/review/31294
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Secured packets contain Common and Extended header.
Change-Id: I60b5ed35811c19c9596bd142c1315b341d760968
Reviewed-on: https://code.wireshark.org/review/31238
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For unsecured and signed data, the dissector uses a dissector table to
determine the next dissector. It uses the psId field to index the table.
In the case no psId is provided inside, the caller can set a default
psid if it is provided beforehand. If none is provided, data are not
dissected.
Change-Id: I6f9d6989cd87dd373a155a5b893c460344a0c857
Reviewed-on: https://code.wireshark.org/review/31237
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I decided that packet-z3950.h was unnecessary at this time, but I didn't eliminate all trace of it.
Change-Id: Iaff41e143bac6bf42779de49f7390ac129cef3e1
Reviewed-on: https://code.wireshark.org/review/31288
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
In some cases (e.g. when a field has a user defined dissection function)
the type reported for this field is a 'virtual' one and the latter is not
contained in selt.type. Consequently, BASE_VAL64_STRING is not set.
Function eth_get_type_attr should return all the attributes of a type and
it seems resonable to expect it to return the BASE_VAL64_STRING. This
will solve the above mentioned error and may solve any possible issue in
other parts that call this function.
Change-Id: Iaee9ce5bd30f2a768cfcecf628df23bf1ed54e55
Reviewed-on: https://code.wireshark.org/review/31287
Reviewed-by: Michael Mann <mmann78@netscape.net>
Per [MS-SFU] 2.2.2 PA_S4U_X509_USER in AS-REQ consists of
the certificate data instead of the corresponding struct.
Also, the subject-certificate field in the struct consists
of the certificate data as well, so let's decode it as such.
Change-Id: I6f03a66eac74b7d42c0893f63cab772d8ddcb803
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/31279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
PsId and ITS-AID are defined in several documents and listed in
ieee1609.12. Put these definitions in ieee1609.2 ASN1 definition and
export it so that GeoNetworking and wsmp dissectors may use it.
Change-Id: Ia3ac181a4c9092b555decb3ee7c5e78adcece5c0
Reviewed-on: https://code.wireshark.org/review/31236
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of Metro Ethernet Forum specification of Implementation
Agreement for the Emulation of PDH Circuits over Metro Ethernet
Networks [MEF 8]. This includes the introduction of a RTP shim header
dissection function, as is not uncommon in PW and CES services.
Signed-off-by: Jaap Keuter <jaap.keuter@aimvalley.nl>
Change-Id: I6de81007ce11793cd5352fadadd80d3f6f45ae0d
Reviewed-on: https://code.wireshark.org/review/31239
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Accept version value 1 for geonetworking, dissect last 4 bytes of SHB
and traffic class as per EN 302 636-4.
Change-Id: I254e48f888aae063d2f4b5178c2e0eadc839f8ea
Reviewed-on: https://code.wireshark.org/review/31245
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "Please report this to us" and "Please report this to whoever wrote
the program that's writing to the pipe" secondary error messages. Use
the latter for most of the errors, as the most likely cause is that the
program writing to the pipe is messing up somehow.
If we don't recoginze the first 4 bytes of the file, say "Data written
to the pipe is neither in a supported pcap format nor in pcapng
format." - it's not necessarily a pcap file.
Speak of "pcap" rather than "libpcap" format - it's not completely tied
to libpcap (although two of the libraries not called "libpcap" that read
it are basically libpcap+a Windows driver+a library for the Windows
driver, at this point), and the suffix generally used it ".pcap".
Change-Id: Ifb5518af5cade788294c93a7ac416893f57f6bc8
Reviewed-on: https://code.wireshark.org/review/31273
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the images and descriptions for the packet list, column header
popup, packet list popup, and packet detail popups.
Add images and descriptions for the byte view popup.
Use title case in more places.
Change-Id: Icf3af426c97c6e7cf97dee377c20039b7b8791ce
Reviewed-on: https://code.wireshark.org/review/31271
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When UINT64 contains value strings, in addition to using VALS64 to give
the list of names, the type of the structure has to be val64_string and
the display parameter has to be ORed with BASE_VAL64_STRING.
Change-Id: I0a619c91027df1eaae8209ada816f45b85d6431d
Reviewed-on: https://code.wireshark.org/review/31268
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use consistent capitalization and whitespace. Remove library names from
find_library that are unsuitable. No functional change intended.
Change-Id: Ic40516542777d768b6eef656fe5c0a0af143fb7e
Reviewed-on: https://code.wireshark.org/review/31264
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Upgrade to GnuTLS 3.6.3-1, using MinGW binaries from Fedora 29 packages:
mingw64-gnutls-3.6.3-1.fc29.noarch.rpm
mingw64-gcc-8.2.0-3.fc29.x86_64.rpm
mingw64-gmp-6.1.2-4.fc29.noarch.rpm
mingw64-nettle-3.4-2.fc29.noarch.rpm
mingw64-p11-kit-0.23.7-5.fc29.noarch.rpm
mingw64-libffi-3.1-4.fc29.noarch.rpm
mingw64-libtasn1-4.13-3.fc29.noarch.rpm
mingw64-winpthreads-5.0.4-2.fc29.noarch.rpm
This includes libgcc_s_seh-1.dll (64-bit, new) and libgcc_s_sjlj-1.dll
(32-bit, previously included with glib2).
Built with
https://git.lekensteyn.nl/peter/wireshark-notes/tree/windows-libs/make-gnutls-libs-zip.sh?id=b86878e458d5d7deb21218ce6598b98af4ed7ec2
The main motivation is improved PKCS #11 support:
- 3.6.0: fix potential compatibility issue with SafeNet HSMs
https://gitlab.com/gnutls/gnutls/merge_requests/398/
- 3.6.2: gnutls_pkcs11_token_get_flags now forwards token info.
- 3.6.3: new APIs for low-level PKCS #11 token or object operations.
Change-Id: I235774e3b27f3426cb74d3d9c0ab593d06870e89
Reviewed-on: https://code.wireshark.org/review/31128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use proto_tree_add_item (and friends) instead of a protocol specific
wrapper for integer types
2. Create #defines for command IDs and properly sort them in the their value_string
3. Improve heuristics for command specific parameters to reduce false positives
4. Use length value in TLV for strings
5. Remove "sub tvb" creation. The tvb passed into the pdu should be used.
6. Use proto_tree_add_bitmask_list and proto_tree_add_bitmask_list_value where applicable
7. Allow empty fields for vendor-specific TLVs.
8. Treat version fields as FT_UINT8 and use format with BASE_CUSTOM
9. Condense all command response codes to a single range_string.
Bug: 5206
Bug: 15267
Change-Id: I49751d287af1ebb9e27ae7463c08f4724ee60c07
Reviewed-on: https://code.wireshark.org/review/31267
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Heuristic is weak, but length of packet should be non-zero.
Change-Id: I68d6d85092c84d5d421731be3ada008fe7a5b06f
Reviewed-on: https://code.wireshark.org/review/31266
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Protects against some false positives because by default GSM over IP
claims some "frequently used" ports.
Change-Id: I94736ecef8ac1422bb330a364a3f77edd9a52a2b
Reviewed-on: https://code.wireshark.org/review/31265
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The third URL works, but let's go https: for it. The other two don't.
Line-wrap another part of the comment while we're at it.
Change-Id: I744770c859b317ace2a71e82f86e2419b6d7ef2b
Reviewed-on: https://code.wireshark.org/review/31276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Thanks for killing off a bunch of comment mechanisms, not saving the
old comments and placing them somewhere useful, and not even allowing
the Wayback Machine to archive at least some of those sites, Microsoft.)
Change-Id: Ie4258250a0176a56ee33be77604acf43c6886e0f
Reviewed-on: https://code.wireshark.org/review/31274
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Class TrafficTableTreeWidget is used by the conversation and enpoint
dialogs, both of which are subclasses of WiresharkDialog.
Those dialogs use WiresharkDialog::registerTapListener() to register tap
listeners. When the dialog is closed, those listeners are removed by
WiresharkDialog::removeTapListeners().
TrafficTableTreeWidget's destructor tries to remove its tap listener a
2nd time after WiresharkDialog did its cleanup. This causes warnings
Warn remove_tap_listener(): no listener found with that tap data
Don't call remove_tap_listener() from TrafficTableTreeWidget's
destructor. The destructor is now empty and can be removed completely.
Change-Id: I3143fa1c5116203f4a0be791bd4c5f08135aefb0
Reviewed-on: https://code.wireshark.org/review/31259
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use consistent lowercase capitalization and whitespace. Windows: clarify
libgpg-error names and remove libgcc_s (1.7.6/1.8.3 do not need it).
Change-Id: I5d1b1a67f7a992ccfca4c28d0e19bbbfc41b7a4d
Reviewed-on: https://code.wireshark.org/review/31244
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
FT_(U)INT64 are restricted to integer types only currently.
Do not use VALS64() for other types.
Change-Id: Id2299a9291c53ef246b90d732eb84811510ccb85
Reviewed-on: https://code.wireshark.org/review/31257
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This reverts commit 5953756305.
The public API should not be polluted with Windows-specific hacks. As we
already override dofile/loadfile, those should be fixed instead.
Ping-Bug: 15118
Change-Id: Ia9d5e64e8ef14032f982f695ffd4cac59067bb17
Reviewed-on: https://code.wireshark.org/review/31134
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
VALS generation did not take into account the constraints on integers.
We now generate VALS if no constraints are present and VALS64 if the
interger needs 64 bits.
Change-Id: Ia044ee1ba1bd5b45554c19a458876e20110b1b7f
Reviewed-on: https://code.wireshark.org/review/31252
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Purely cosmetic, show the various VC redist paths using the native
format.
Change-Id: I96d0b088f703e3e8dea6623ec258139eff066d90
Reviewed-on: https://code.wireshark.org/review/31251
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris