Since draft-ietf-quic-tls-17, QUIC uses TLS 1.3 base secrets for
decryption, so no separate key label is necessary. Applications should
not generate such non-standard key log entries. quiche has already been
updated, picoquic will presumably follow soon if it has not already.
Check the tag end offset - the offset in the packet of the tag's value's
end - to make sure that 1) it's at or after the offset of the
*beginning* of the tag's value and 2) that it's not past the end of the
packet; in either case, report an error with an expert info, and do not
show the value of that tag or any subsequent tags, as we don't have a
valid value for the length of this tag's value or even the *offset* of
subsequent tags' values.
For tags whose values have a fixed length, report an error, with an
expert info, if the tag value length isn't the expected value, and don't
dissect it.
For tags whose values have a minimum length, report an error, with an
expert value, if the tag value length isn't at least the minimum value,
and don't dissect it.
For tags whose values consist of a sequence of zero or more fixed-length
items, report an error, with an expert value, if there's leftover data
after processing those items.
Add some comments while we're at it.
These appear to be copy/paste errors detected by running
./tools/check_typed_item_calls.py --consecutive
Quite a few issues still remain after this batch.
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
The condition aimed to avoid interpreting padding bytes after the
Initial Packet as Short Header to avoid breaking decryption. However it
also prevents actual Short Header packets from being matched that have
the QUIC bit cleared.
To avoid breaking the latter, strengthen the condition to match the
former only. Tested with quic-31_grease_quic_bit__with_keys.pcapng (from
!429). Regression tested against a private Firefox Nightly trace.
MAX_UNCOMPRESSED_SIZE is currently 16MiB.
Fix Coverity report CID 1467509: Insecure data
handling (TAINTED_SCALAR) Using tainted variable "times" as a loop
boundary.
If we did not find an msp that matched the current segment we would
try to find the msp for set-1 instead. This will only work IFF
we do not know the the exact size of the PDU and where it ends,
i.e. DESEGMENT_ONE_MORE_SEGMENT and friends.
In the case where "get msp for seq-1" gives us an msp where we know the exact
PDU boundary and the current seq is beyond the end of that boundary, then
we should not use the msp for seq-1 but instead treat this as a brand new PDU.
This fixes issues with SMB2-over-QUIC dissection that can be seen in the
sample capture for the "add smb2-over-quic" bug where only the first
multi-segment PDU would be dissected correctly for each direction.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Add an encoding for "unpacked" 3GPP TS 23.038 7-bit strings, in which
each code position is in a byte of its own, rather than with the code
positions packed into 7 bits. Rename the packed encoding to explicitly
indicate that it's packed.
Add an encoding for ETSI TS 102 221 Annex A strings.
Use the new encodings.
These were detected by running check_typed_item_calls.py
with --consecutive, which flags items that have different
labels but the same filter string. Usually this is because
of copy/paste.
Quite a few similar bugs still exist, will address in a future commit.
Simple decompression algorithm that encodes a single byte and the
number of times it is repeated.
This algorithm can only be used in chained compression packets.
The compression header "reserved" field is now a flags field.
If the flags have the CHAINED bit, the meaning of the offset field
changes and becomes a length field.
"old" compressed method:
[COMPRESS_TRANSFORM_HEADER with Flags=0]
[OPTIONAL UNCOMPRESSED DATA]
[COMPRESSED DATA]
new "chained" compressed method:
[fist 8 bytes of COMPRESS_TRANSFORM_HEADER with Flags=CHAINED]
[ sequence of
[ COMPRESSION_PAYLOAD_HEADER ]
[ COMPRESSED PAYLOAD ]
Implements [1]. Some code was intentionally simplified from the previous draft
implementation, pending some real-world motivation.
[1]https://datatracker.ietf.org/doc/rfc8754/
Until now, mistakenly, the buffer for decompressing compressed BLIP messages
has been statically allocated as 16 Kb, but that is not valid behavior.
16 Kb is the maximum size of a _compressed_ frame. In theory, due to the
ability to zipbomb, there is virtually no upper bound on what the maximum
size of an uncompressed frame could be. However, to keep sanity, it has
been made into a preference with a reasonable default that is not likely to
be exceeded (64 Kb). The behavior before for this was that wireshark would
crash because the dissector would return NULL for a decompressed buffer due
to error and then try to deference it later. A null check has been added,
so that the behavior is now that the packet will show
'<Error decompressing message>' instead, and log why it couldn't handle the
compressed message. Closes#16866.
In requests:
There appear to be 2 bytes of unknown data (typically 0) after the
2-byte Request Flags field (are they just 2 bytes of additional flags?).
Skip past them before dissecting the iterator.
If there are no bytes remaining in the packet after the parent ID, stop
dissecting; some packets seem to stop there. For those requests, assume
that the response will contain :
entry ID;
entry flags;
subordinate count;
modification time;
base class;
relative distinguished name;
although the last of those might be something else (it appears to be of
the form "CN={name}").
In replies:
For each returned entry, if the requested field flags in the request had
the DSI_OUTPUT_FIELDS bit set, fetch the returned field flags and use
that to determine what fields are present; otherwise, use the requested
field flags.
In dissect_nds_request():
Fill in fieds of the ncp_record structure only on the first pass; once
the first pass is complete, the structure's fully filled in.
That fixes cases where NDS replies aren't fully dissected because the
NDS verb isn't added to the ncp_record structure when the request is
dissected.
Fill in elements as soon as we have the value needed to fill it in, so
that it's filled in even if we throw an exception later, and so that
it's filled in only if we have the value in the packet, so that a valid
value isn't overwritten by a later packet that doesn't have the value.
This fixes cases where, in the second pass, NDS replies aren't fully
dissected because the NDS verb is overwritten in the ncp_record
structure when a continuation of the request is dissected.
Note that we should perhaps make the object_name field a pointer to a
wmem-allocated string, so that NULL can indicate "not set, hence not
known".
Following changes in the file:
1. Explain usbll_address_t and usbll_data_t.
2. Grouping header fields belonging to the same type of packets.
3. Removed unnecessary condition check for usbll_data pointer
in dissect_usbll_data function.
4. Brief comments on the Macros.
5. Correct code indentation at a few places.
Signed-off-by: Ameya Deshpande <ameyanrd@outlook.com>