Replace some g_new()s, g_strdup()s and GArrays used in prefix
registration with their epan_scoped wmem equivalents. This reduces
the amount of memory we leak so that we come in below the Valgrind
fuzzer's current threshold (102400).
Bug: 14106
Change-Id: I7308ac89465316c06773552253dabc876b6c2425
Reviewed-on: https://code.wireshark.org/review/23891
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also keep track of last frame of data response, and work out duration of
ftp-data stream.
Change-Id: I460aaa5c8736e044410eab428707651cede39d7e
Reviewed-on: https://code.wireshark.org/review/23880
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
that it exists.
Change-Id: I1986b7678193f3b4c9ed8cabff7e411cef5bf185
Reviewed-on: https://code.wireshark.org/review/23892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Expose the PSN (packet sequence number) and the RETH DMA length
to protocol's dissectors.
Change-Id: Ied53a8964d7cd5c3d148ec7c7642017951e56118
Reviewed-on: https://code.wireshark.org/review/23886
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tcpdump just got a --print option, which causes packet information to be
printed even if the raw packets are being saved to a file with -w. We
have -P for the same purpose; make --print another name for it.
While we're at it:
document --help and --version;
just speak of -P/--print as causing printing even of the packet
details, even though -V forces printing with -w, for consistency
with how --print is documented for tcpdump;
fix the description of -h/--help.
Change-Id: Idf650a202a09a2d1682edbd9d76123f1b1412b55
Reviewed-on: https://code.wireshark.org/review/23888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4f3af7e06169461a15507ed8ecce8f15075b9667
Reviewed-on: https://code.wireshark.org/review/23835
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
declaration of rand shadows a global declaration
Change-Id: I98f4edb14cd241bd709d50e8ac9151448773a658
Reviewed-on: https://code.wireshark.org/review/23884
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Protobuf dissector supports the almost all basic protobuf types of
varint, sint, string, and so on.
2. Protobuf messages are not self-described protocol, for example,
varint in protobuf may be int32, int64, uint32, uint64, sint32,
sint64, bool or enum. Currently dissector will dissect field without
detail definition in common way, for numeric field it show uint32 or
uint64, for length-delimited field it just show as bytes. But user
turn the try_dissect_all_length_delimited_field_as_string or
show_all_possible_field_types options on, that dissect will show all
possible value for each field according to wire type. (for example,
a numeric field will parsed in int32, uint32, sint32, sint64 and so
on).
Ping-Bug: 13932
Change-Id: Idfe49307b1c84fe461603756f75daeb3e410a905
Reviewed-on: https://code.wireshark.org/review/23814
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
filter.
Change-Id: Idcfa53d1db9e9f7b5501ca92592fb0fa0790ffe9
Reviewed-on: https://code.wireshark.org/review/23873
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
FI_BITS_XXX were using bits 5-15 of the field_info->flags bitmask.
Move FI_VARINT to be outside of that range.
Change-Id: I92efcb5644cdbb562537d2813b611e583315874b
Reviewed-on: https://code.wireshark.org/review/23871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9e0314ae2e975a1c50cfaf2b00e469ad7f640357
Reviewed-on: https://code.wireshark.org/review/23866
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Estimating the effort required to process a capture based on its size
isn't very reliable. Instead of rejecting files that are too large, just
limit Valgrind fuzzing to the first 100,000 packets in each file. This
should fix a timeout issue we're seeing on the master fuzzer.
Change-Id: I0117735341d3a183c6131f5f05dbd1d559fc4b3f
Reviewed-on: https://code.wireshark.org/review/23872
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make string mapping for UC_RDMA_WRITE_MIDDLE consistent with
all other mappings in the OpCodeMap table.
Remove extra blank lines in the OpCodeMap table.
Change-Id: Ifb3e242a89458103f3db3b5718d5d939dffb6dae
Reviewed-on: https://code.wireshark.org/review/23867
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When we exit due to excessive memory leaks make sure we say so in the
error log.
Change-Id: I03f60271f3e4bb467fbaa5b9ac17431eed96f300
Reviewed-on: https://code.wireshark.org/review/23870
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Let's perform the check before potentially breaking the loop.
While we are at it, let's update the test to remove the last layer so as to
match the one used to add it.
Change-Id: I5807219de75c4e2c23b9435d6271ad60aec45783
Reviewed-on: https://code.wireshark.org/review/23844
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I6031600ee3d764a7b2690ff88dbbfb01a1d6244b
Reviewed-on: https://code.wireshark.org/review/23824
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the chunk_size to the offset to get the correct write list
count, this issue was introduced by the fix for Bug: 13558
Change-Id: I306a9c0c9d601f7bdf4cc0e49eacd5466a6adb89
Reviewed-on: https://code.wireshark.org/review/23851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename osx-app.sh to osx-app.sh.in and add the version to the plugin
path at configure time.
Instead up updating Autotools accordingly just remove the macOS
packaging targets. gf61c381b5a removed support for Autotools in
osx-app.sh and if anyone wants to build macOS packages I'd prefer that
they use the same toolchain as the buildbot.
Change-Id: Ide5205265bf8859a85b1afab68fa8f8285952bd3
Reviewed-on: https://code.wireshark.org/review/23839
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. fix returing new offset value
dissect_grpc_message() is called with the offset to the message that
needs to be parsed and returns new offset (e.g. offset to the next
message in stream).
Before this change length of the parsed message (including 5 bytes
header) were returned which was incorrect and may lead to infinite
loops.
2. fix reported length in case of invalid packet
3. fix typo in comment: "streaam"
Change-Id: I577cdcc0203a87122a4d8d8c660f43295609e8aa
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
Reviewed-on: https://code.wireshark.org/review/23843
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some menu actions registered at startup are not freed at shutdown
making Valgrind complain. Fix by clearing the lists holding them
and making sure all actions have a parent to free them.
Bug: 14071
Change-Id: I8d99d062d394a7262b0f9b7ddea4ed71049636ac
Reviewed-on: https://code.wireshark.org/review/23793
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some dialogs are allocated on heap but not freed when the dialog
boxes are closed. This means one dialog instance is leaked each
time opened/closed. Also dialogs being subclasses of
GeometryStateDialog means they might lack a parent reference and
are not automatically freed on application shutdown either.
Fix these leaks by letting the dialogs automatically destroy
themselves on close (via WA_DeleteOnClose).
Capture filter, display filter and capture interfaces dialogs are
also leaked on application shutdown. These dialogs are protected by
a NULL check that at least prevent multiple instances. Though
none of them are freed on application shutdown. Fix leaks by
freeing when main window is destroyed.
Bug: 14071
Change-Id: I8c5c5a75ad3c89abb5996941875ba5d616a22d9c
Reviewed-on: https://code.wireshark.org/review/23747
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This extra parameter allows to use wireshark functionality like: prepare as filter,
and also apply quick filter in protocol tree (for instance show only TCP protocol fields: tcp.),
Change-Id: I1f380b79e3802e6aaf646fdd4770c903ee9f3781
Reviewed-on: https://code.wireshark.org/review/23837
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch the file_data handling to use the captured length. In a test
capture here this lets us call the GIF dissector in a truncated packet.
Fixup a variable type and some whitespace.
Change-Id: I21b64519ad84f730e1412115035125c2bf1f361c
Reviewed-on: https://code.wireshark.org/review/23838
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 24384 is at indices 72 (DF.EIA/TIA-533) and 78 (DF.WLAN))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28421 is at indices 31 (EF.LP) and 80 (EF.LI))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28472 is at indices 37 (EF.SST) and 89 (EF.USI))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28481 is at indices 41 (EF.PUCT) and 96 (EF.PUCI))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28489 is at indices 23 (EF.SDN) and 103 (EF.SIN))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28494 is at indices 28 (EF.EXT4) and 107 (EF.EXT5)
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28495 is at indices 29 (EF.ECCP) and 108 (EF.CCP2))
Change-Id: I4bde0cc644131e9b088fca07837fa1b909f30f44
Reviewed-on: https://code.wireshark.org/review/21381
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add extra check for token type, previously it was possible to pass for example:
{"columns":["one","two","three"]}. Such format is not supported.
Change-Id: I6ac2e3ca9eba868cd72ed886ad40745ebbc43d73
Reviewed-on: https://code.wireshark.org/review/23834
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added new user preference 'restore_filter_after_following_stream',
defaults to false.
When true, the current display filter is restored after following a stream.
Change-Id: I153107761003658c6d7f1464711da7b3adeb60a8
Reviewed-on: https://code.wireshark.org/review/22455
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove Autotools-specific code from osx-app.sh. The official builders
have used CMake for a while and as far as I know no one else uses our
packaging scripts.
Change-Id: I6fc20114b42e10dacc69346c379055b68184b85c
Reviewed-on: https://code.wireshark.org/review/23833
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In TLS 1.2, the "certificate_status" extension in the CH would result in
a response in the CertificateStatus handshake message. In TLS 1.3, the
response appears in a SH extension instead. Refactor the code to use
ssl_add_vector and hook it up with SH extensions dissection.
Do not stop dissection on a non-empty Responder ID list. Remove
misleading "CertificateStatus" tree item, it only covered the
"OCSPResponse" vector, now its two children (just OCSP Response Length
and the OCSP Response tree) are displayed directly.
Enable DTLS support, the spec does not forbid it and there is a user:
https://mta.openssl.org/pipermail/openssl-users/2016-August/004306.html
Tested with tls-sct.pcap (bug 13372) which now shows one tree item less
and tls13-18-cert-sct-ocsp.pcap (bug 12779) which now dissects the OCSP
response in the Certificate Extensions.
Change-Id: I2ccde84cb1e3bcb1bc47676eadc5cb542248cd92
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/23819
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rpathify_dir is not recursive so the plugin path fix in g94af9724d1
wasn't sufficient. Make sure $pkgplugin is set to the versioned plugin
subdirectory so that both rpathification and code signing work.
Find the Qt frameworks directory using qmake while we're here. This
should be more reliable than calling pkg-config (which doesn't work on
my laptop).
Bug: 14096
Change-Id: I0196015f849fd27994a439359cddd88c21106fde
Reviewed-on: https://code.wireshark.org/review/23832
Reviewed-by: Gerald Combs <gerald@wireshark.org>