If the single byte within a ZeroWindowProbe triggers reassembly within a
subdissector, a new MSP will be created with just a single byte. Be sure
not to mark subsequent segments that contain the full segment data as
retransmission as this prevents the subdissector from seeing the data.
Bug: 15427
Change-Id: I36ae2622689c6606c99cdff70b6beba4b9d25ca7
Reviewed-on: https://code.wireshark.org/review/31732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The single byte within the ZWP could be retransmitted with the next
segment, this is perfectly acceptable behavior. Do not flag these new
segments as retransmissions or Out-Of-Order.
Bug: 15427
Change-Id: I76db2b7a2b684c8c78fa24c9c4b457e1833d12b7
Reviewed-on: https://code.wireshark.org/review/31731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Option --extcap-interface=ssh seems to give an error, update it.
Note that --remote-capture-command overrides other options. Perhaps some
form of template should be supported, but that is currently not
implemented.
Change-Id: Iee132941a460afca91e73cf3e3ec3501dc15f14d
Reviewed-on: https://code.wireshark.org/review/31753
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the username or port number are unspecified, libssh will pick an
appropriate default (the local username or port 22 respectively).
Additionally, it will use the ssh config file if possible.
The eth0 interface is not always appropriate. If the -i option is not
specified, tcpdump will select an appropriate default.
Change-Id: I99d2136ab27d1652bb420f44d16df063030fb9ce
Reviewed-on: https://code.wireshark.org/review/31752
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Capturing with "tshark -i lo" results in capture_opts->descr being set
to "Loopback" via:
#3 0x55c5f575720c in fill_in_interface_opts_from_ifinfo capture_opts.c:547:33
#4 0x55c5f5750dc5 in capture_opts_add_iface_opt capture_opts.c:695:9
#5 0x55c5f574b6bd in capture_opts_add_opt capture_opts.c:843:18
#6 0x55c5f5785efc in main tshark.c:1087:21
but tshark overwrites it, presumably to offer textual descriptions like
"Standard input" for "-i -". Fix this memory leak, reported by ASAN for
three tests from case_tshark_capture that capture from Loopback.
Change-Id: I4f393c4440bde7a621271cca3066bef3d57e250a
Reviewed-on: https://code.wireshark.org/review/31756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes memory leaks reported by ASAN for the test_wslua_pinfo test.
Change-Id: Id7e79e63559db1e7f8b27d566048eab9268d9237
Reviewed-on: https://code.wireshark.org/review/31754
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If a ProtoField object was created, but not linked to a Proto, then some
fields (name, abbrev, blob) could leak. Fixes ASAN test failures for
four wslua tests.
Change-Id: I570ea154153b505ba81edb2bbf538e6dc1438728
Reviewed-on: https://code.wireshark.org/review/31750
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Proto objects were only freed while reloading Lua plugins, be sure to
release these on program exit too. Fix missing deallocation of heur_list
(matches per-protocol cleanup in proto_cleanup_base).
Be sure to keep a reference to the "Pref" object after registering it to
a Proto, otherwise it could be garbage-collected early, resulting in
memleaks (because the preference was still in use).
Fixes a lot of memory leaks reported by ASAN for tests, ten tests were
affected by Proto_new leaks, four were affected by the new_pref leaks.
Change-Id: Ica52718849a33eda614775f533dc0fcefec9cc74
Reviewed-on: https://code.wireshark.org/review/31746
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change the "Field" type to actually point to a structure. Do not cheat
and overload the pointer to mean "char*" in one context, and
"header_field_info*" in another. It was very confusing.
Implement Field__gc to free the Field structure that was allocated in
Field_new. This fixes the memory leak in Field_new.
Now the test_wslua_field test passes when executed with ASAN and a bunch
of other wslua tests also improve.
Change-Id: Ibc4318b76bb893151fd40c3fbc595402fba7a60a
Reviewed-on: https://code.wireshark.org/review/31743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
luaL_optinteger will raise an error when the argument is an invalid
number. Delay the allocation to avoid a leak. Fixes the
test_wslua_nstime test under ASAN.
Change-Id: I6856fd218897565a60786d820f43192b41d489f2
Reviewed-on: https://code.wireshark.org/review/31744
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes leaks of allocations from dissect_key_exch as detected by ASAN
while running the following tests:
test_ikev1_simultaneous
test_ikev1_unencrypted
test_text2pcap_ikev1_certs_pcap
test_ikev1_certs
Change-Id: Ifc102539efadd33d1b9d9921bcdbb35dfd31927f
Fixes: acfe071eb6 ("Add decryption support.")
Reviewed-on: https://code.wireshark.org/review/31740
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'save_file' is used both for holding the -w command-line argument as
well as the current filename that is being written. In ringbuffer mode,
the former is already freed while the latter changes after rotation. Be
sure to free all ringbuffer filenames on exit.
Fixes test failures due to ASAN reporting memory leaks for:
test_dumpcap_ringbuffer_filesize
test_dumpcap_pcapng_single_in_multi_out
test_dumpcap_pcapng_multi_in_multi_out
test_dumpcap_ringbuffer_packets
Change-Id: Ib817d8340275d7afa7e149dcfbbc59ed78293c34
Reviewed-on: https://code.wireshark.org/review/31739
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since v2.9.1rc0-528-g31aba351e2, it is clear that wtap file formats
should free earlier comments before writing a new one. Do so.
Fixes leaks reported by ASAN for test_wslua_file_acme_reader.
Change-Id: Iafb643f01f5973f2d3b88f244ee70e8c0c451080
Reviewed-on: https://code.wireshark.org/review/31738
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the initial segment is OoO, it was recognized as retransmitted. Fix
this by remembering which frame actually contains the initial segment.
Bug: 15420
Change-Id: If63e2ff581775ff9d396a612839f1bfab30f111f
Reviewed-on: https://code.wireshark.org/review/31720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The memory ownership of wtap_rec::opt_comment was not clear. Users of
wtap were leaking memory (editcap.c). wtap readers were not sure about
freeing old comments (erf) or simply ignored memleaks (pcapng).
To fix this, ensure opt_comment is owned by wtap_rec and free it with
wtap_rec_cleanup. The erf issue was already addressed since
cf_get_packet_comment properly duplicates wth.opt_comment memory.
- wtap file formats (readers):
- Should allocate memory for new comments.
- Should free a comment from an earlier read before writing a new one.
- Users of wth:
- Can only assume that opt_comment remains valid until the next read.
- Can assume that wtap_dump does not modify the comment.
- For random access (wtap_seek_read): should call wtap_rec_cleanup
to free the comment.
The test_tshark_z_expert_comment and test_text2pcap_sip_pcapng tests now
pass when built with ASAN.
This change was created by carefully looking at all users opt
"opt_comment" and cf_get_packet_comment. Thanks to Vasil Velichkov for
an initial patch which helped validating this version.
Bug: 7515
Change-Id: If3152d1391e7e0d9860f04f3bc2ec41a1f6cc54b
Reviewed-on: https://code.wireshark.org/review/31713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cf_get_packet_comment already has one code path that returns duplicated
memory. Be sure to document the requirement to free this memory and
adjust Qt to avoid memory leaks.
Be firm and assume that wth.opt_comment is owned by wth, so duplicate it
before returning it from cf_get_packet_comment.
Change-Id: I91f406296c9db5ea21b90fc2e108c37de4528527
Ping-Bug: 7515
Reviewed-on: https://code.wireshark.org/review/31712
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the assertion to check for the actual requirements. Add tests for -T
combined with -e.
Bug: 15444
Change-Id: I83e7663572db0c60194f6d6128b9e1ae7396b3f6
Fixes: v2.9.1rc0-226-g30c90fa745 ("epan: use json_dumper for json outputs.")
Reviewed-on: https://code.wireshark.org/review/31724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* remove _U_ unused attribute for used args
* no need for gcry_err_code() for success
Change-Id: I4c629657328506255da066671b69a98d0f088a3b
Reviewed-on: https://code.wireshark.org/review/31729
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Capture tests fail under ASAN due to leaking capture_opts->save_file.
Since v2.9.0rc0-1493-g787d61c0a4, capture_opts_cleanup takes care of
freeing "save_file", so avoid clearing the pointer.
Change-Id: Ice90efe0959cc8016f47db20970bd2397909e28d
Reviewed-on: https://code.wireshark.org/review/31727
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The change aligns this field with the image size and data size fields,
which are also shown as decimal.
Change-Id: I0e34a2742ae3d18c7b2501e895406f4b416a9ca6
Reviewed-on: https://code.wireshark.org/review/31717
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
HAVE_LIBXML2 can be set while PARSE_XDD is unset, resulting in missing
functions and linker errors.
Bug: 15419
Change-Id: I0aa20a80080d159bfb6eebccc503b66cc148f7f8
Reviewed-on: https://code.wireshark.org/review/31715
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Addresses a -Wmissing-variable-declarations warning from Clang.
Change-Id: I04de4b2017a61f9e605892338426b1a49042671f
Fixes: v2.3.0rc0-1774-g8efb7fece1 ("Adjust proto_tree_add_xxx_format_value calls to use unit string")
Reviewed-on: https://code.wireshark.org/review/31721
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Instead of just reporting a mismatching error code, include the program
output. This should help tracking down unexpected errors. While at it,
check the expected error message too.
Change-Id: Ib8fe51cc06b795bb54bfe1e6eaa828c6ba1128ef
Reviewed-on: https://code.wireshark.org/review/31714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do not rely on strptime("%b") to parse the month, it does not correctly
recognize English month abbreviations on non-English systems. While at
it, do not try to parse milliseconds if seconds are missing.
Change-Id: Ia049bf362195eef1eba2f04ff7217049fa6a7d9d
Reviewed-on: https://code.wireshark.org/review/31707
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid relying on strptime to parse the day of week (%a) and month name
(%b) since these are locale-dependent. Fixes test suite failures with
tvb.lua and LC_ALL=nl_NL.UTF-8.
Additionally it will now reject four-digit years when using ENC_RFC_822
as that requires two digit years. The only user of this API seems to be
the Lua tests though, so this should not make much of a difference.
Bug: 15437
Change-Id: I75436b93faab23869794d9756b9c3ce6128dd1f4
Reviewed-on: https://code.wireshark.org/review/31698
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
For close to 10 years, we have defaulted not to stop processing on an
open error; default not to stop processing on a read error, either. -C
causes us to stop for both.
Bug: 15433
Change-Id: I5cd239c160d0ff85eb0425ca4b172532a4659fd3
Reviewed-on: https://code.wireshark.org/review/31710
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added Common function to convert 256-bit Port Select Mask into a range
string (e.g. "1-3,5-8,10").
Used wmem_strbuf API to allocate range string.
Change-Id: I70d737d1a33e84c7961eaf0bf83a1bc0689380a1
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28506
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Manually checked all callers of wtap_seek_read to ensure that
wtap_rec_cleanup is called. Added missing wtap_rec_cleanup to:
- Completion of sequential read: wtap_sequential_close
- Callers of wtap_seek_read:
- users of cf_read_record_r:
- PacketListRecord::dissect
This fixes one of the two ASAN memleak reports while running
test_tshark_z_expert_comment and test_text2pcap_sip_pcapng (the other is
about opt_comment which is still unfixed).
Vasil Velichkov also found this issue and came up with a similar fix.
Change-Id: I54a6aa70bfdb42a816d03ad4861d0ad821d0ef88
Reviewed-on: https://code.wireshark.org/review/31709
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Windows is excluded because installing Npcap is potentially difficult.
On macOS use ChmodBPF to create more than 4 bpf devices. This fixes
timeout issues in the case_wireshark_capture test due to an error dialog
about permissions.
Change-Id: I4cfd9618df96a3d6ae4bb2ce0229e9c2c3cccaed
Reviewed-on: https://code.wireshark.org/review/31683
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
For some reason the wireshark GUI tests hang on the Travis OS X builds,
but I could not reproduce it locally. It turns out than an error dialog
was present, but I could not know that without the screenshot.
Change-Id: Idf897d33b4fddf3c19c69ebcea60b629f1ca9368
Reviewed-on: https://code.wireshark.org/review/31682
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid pinging www.wireshark.org, this removes an external dependency.
Instead send small UDP datagrams to UDP port 9 (discard) every 50ms.
Enable this for all platforms (including macOS and Linux) by default.
On Windows the tests requires Npcap and will be skipped with WinPcap.
Remove the --capture-interface option since it is no longer needed.
Copy WSDG Wireshark Tests Quick Start to README.test and add a link.
Change-Id: Id4105a6b1e95407ebf69b871c785c68f9ae26368
Reviewed-on: https://code.wireshark.org/review/31677
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Some of the PDU types needed for SA
were missing in earlier RRC versions.
Change-Id: Ida3b091fe91961cf3cd8e7476692d2467211b5fd
Reviewed-on: https://code.wireshark.org/review/31703
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The glib gboolean and integer types are used interchangably,
while a proper use is easily achievable.
Change-Id: I8943bb90c9f23c0e58c296ad3b45153d0364953c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31708
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The string value is stored in the conversation, so use file-scoped
memory instead of g_strdup. Convert to union to save space.
Bug: 15440
Change-Id: Ie2dabfc67ac1db1cc8f864601b8395dcdec7caf8
Fixes: v2.9.0rc0-2719-g8bd0616621 ("SDP: Show callid from all call legs with the same RTP cpnversation.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11845
Reviewed-on: https://code.wireshark.org/review/31704
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN:
Direct leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x564bccf83549 in malloc (run/tshark+0x1b0549)
#1 0x7f8dd1d488d1 in g_malloc glib/glib/gmem.c:99:13
#2 0x7f8dd1d29094 in g_slice_alloc glib/glib/gslice.c:1024:11
#3 0x7f8dd1d64cde in g_hash_table_new_full glib/glib/ghash.c:717:16
#4 0x7f8dde889de6 in smb2_get_session epan/dissectors/packet-smb2.c:1135:15
#5 0x7f8dde89258e in dissect_smb2_session_setup_response epan/dissectors/packet-smb2.c:3356:16
#6 0x7f8dde8867cd in dissect_smb2_command epan/dissectors/packet-smb2.c:9189:12
#7 0x7f8dde87fb6e in dissect_smb2 epan/dissectors/packet-smb2.c:9543:27
Change-Id: I33586e8d27263a8e546efb2ee3a3054eb9a66893
Reviewed-on: https://code.wireshark.org/review/31702
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu