Backport part of d7bdd77a4c, which adds a -t option to
tools/fuzz-test.sh which lets you specify a maximum fuzz time.
Copy over the current (as of 7c6df3848f) fuzz jobs from the master
branch.
Copy over various updates from the master branch including:
- Setting a git clone depth.
- Running manually in forks.
- Rule reuse.
- Using "extends" instead of YAML anchors.
We don't set rec.rec_header.packet_header.pack_flags, so don't set
WTAP_HAS_PACK_FLAGS in the presence flags. (Copy-and-pasteo?)
(cherry picked from commit faf2e62db8)
Make sure we have enough bytes for Length and Type fields before we read
from tvb.
Using existing msg_len for the checks.
Closes: wireshark/wireshark#17355
(cherry picked from commit fd14396972)
As noted in be2b0fc810, we need to set CMAKE_AUTO* before searching for
Qt packages when using 3.20.0 and later. However, this fails if we're
using CMake 3.9.6 or earlier. Set CMAKE_AUTO* where needed depending on
our CMake version.
Ping #17314.
(cherry picked from commit a80ea46ff7)
Conflicts:
ui/qt/CMakeLists.txt
For QT >5.11, stringWidth() uses horizontalAdvance, which gives different
(longer) widths than the old boundingRect().width() method.
Other locations use the boundRect().width() method directly, resulting
in underestimating line widths and clipping the last characters in
the byte view window.
Fix by forcing all width calculations to use stringWidth().
Closes#17087.
(cherry picked from commit 95f3d1b075)
Conflicts:
ui/qt/widgets/byte_view_text.cpp
commit 19b3376a24
("LDAP bogus malformed errors: decoding encrypted data")
introduced 2 problems:
- guint decr_len = tvb_reported_length(decr_tvb); was
always called with decr_tvb==NULL
- dissect_ldap_payload() was not called if sasl_tree is NULL,
it needs to be called even if the tree pointer are NULL
in order to have the COL_INFO setup correctly.
I guess this should also be backported to stable branches
(together with 2e6d3b571b
"LDAP: SASL Buffer doesn't include Length field")
https://gitlab.com/wireshark/wireshark/-/issues/17347
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1d623fd541)
SASL Buffer starts after the SASL Buffer Length field. Therefore
we should only mark the bytes without the Length field.
Sample capture can be found in wireshark/wireshark#15128
(cherry picked from commit 2e6d3b571b)
If the proto tree is more than 8 levels deep, the subtree_lvl array
length is extended, by allocating a new area and copying everything into
that new area. However the old array length wasn't calculated correctly,
so only part of the subtree_lvl array was copied, causing a crash after
two ptvcursor_pop_subtree() calls.
(cherry picked from commit fa483ac191)
Ensure that if using tshark -q -t e -z conv,tcp the reported
start time is relative to the epoch time and not relative to
the time of the first packet in the capture file.
Thanks to Theresa Enghardt for reporting the issue and to
Peter Lei for initialy looking into it.
(cherry picked from commit f099bd179a)
Drop in the comment from libpcap about version 1.2 (I wrote that
comment, and generously double-license it under the BSD license and the
GPL :-)).
Redo the version test as
if (!({version is one we handle}))
to match the way it's done in libpcap.
(cherry picked from commit 7de6b0822a)
- parse the number of system call arguments in a way that works for both V1 and V2 event blocks
- returned the correct error string when unable to read the nparams entry from a sysdig event block V2
(cherry picked from commit 7894b1d0ea)
Update the pcap-ng reader and sysdig event dissector to support the second version of the sysdig event block, which was introduced after Wireshark's original implementation
(cherry picked from commit fbe8d3a00f)
When tshark enables synchronous resolution of IP addresses to names,
forces calls to maxmind_db_lookup_ipv4()/_ipv6() to block-wait for the
maxmind response.
Proposed fix for #14691.
(backported from commit c0abaa06f7)
COContainerContent dissects PDInterfaceMrpDataAdjust and
PDInterfaceMrpDataAdjust dissects remaining COContainerContent
because of offset problem. Offset problem is fixed.
(cherry picked from commit ccec04ede0591a5e83d2664c26ed5cb4481a6809)
(cherry picked from commit ecbe04e0bbc6634eaa6c54968870fee61760107c)
Both subset_find_guint8() and subset_pbrk_guint8() pass the parent
tvbuff to tvb_find_guint8()/tvb_ws_mempbrk_pattern_guint8(), along with
the offset in that tvbuff.
That means that the offset they get back is relative to that tvbuff, so
it must be adjusted to be relative to the tvbuff *they* were handed.
For subsets of frame and "real data" tvbuffs, there's a single lump of
data containing the content of the subset tvbuff, so they go through the
"fast path" and get the offset correct, bypassing the broken code;
that's the vast majority of calls to those routines.
For subsets of *composite* tvbuffs, however, they don't go through the
"fast path", and this bug shows up.
This causes both crashes and misdissection of HTTP if the link-layer is
PPP with Van Jacobson compression, as the decompression uses composite
tvbuffs.
Fixes#17254 and its many soon-to-be-duplicates.
(cherry picked from commit 2ba52cdc0e)
The length specified in a TvbRange is the *actual packet length*, not
the *sliced-to* length, so use tvb_new_subset_length() to cut it short.
This fixes the fix for #15655, and addresses at least some of the issues
in #17255.
(cherry picked from commit cda18f951e)
Enable CMAKE_AUTOMOC, CMAKE_AUTOUIC, and CMAKE_AUTORCC before searching
for Qt packages. This is apparently required for CMake 3.20.0 and later.
Fixes#17314.
(cherry picked from commit be2b0fc810)
Conflicts:
ui/qt/CMakeLists.txt
* Since c3342930 we don't free anymore the entries in the files hashtables.
The cleanest solution is probably to convert these hashtables into two
wmem_map_t structures and let the wmem core handling any cleanup.
* b0f5b2c174 added supported for chained compression; the uncompressed
tvb must be freed
(cherry picked from commit e677a909e1)
IXFR and AXFR queries can have multiple DNS responses. As all responses
belong to one transaction, they have the same transaction ID.
We shouldn't handle them as retransmits.
Fix: wireshark/wireshark#17293
(cherry picked from commit 07fb47111e)
That's necessary in order to make sure that the required -D flags show
up when building code from all subdirectories.
(cherry picked from commit 3f556a6e76)
The existing stuff doesn't appear to work (I tried it on 32-bit Ubuntu
18.04, and it did *not* add any flags to the compilation, as it appeared
not to conclude that they were necessary, even though they were).
Pull in the stuff from libpcap, which *does* appear to work. (it does
so in my 32-bit Ubuntu testing).
This should fix#17301.
While we're at it, fix cppcheck.sh so that it doesn't attempt to run
cppcheck on files that have been deleted.
(cherry picked from commit 0cc59d38ab)
Here's a grab bag of trivial cleanup to the documentation. This change:
- Cleans up some comments in the asciidoctor macros which are no longer
accurate (and do not appear in the build products anyway).
- Fixes a missing space in the text "Wireshark Q&A" in the release notes.
- Allows the "docbook" backend to produce hyperlinks too... That seems to be
necessary if we want to start using our custom link macros in WSDG, which
seems like a reasonable thing to do. And fixes up a wrong variable name in
the handling of the case where we are not able to produce a hyperlink.
(cherry picked from commit 4c513fb4ab)
Have separate #ifdef HAVE_LIBPCAP ... #endif sections for the includes
and the definitions/declarations.
(There are no good solutions that don't require hopping in a time
machine and changing history.)
(cherry picked from commit 5a4cb7ce33)
Instead, declare each function with EXTERN_C, #defined as extern "C" in
C++ and just extern in C.
This avoids all the thrashing to try to keep headers outside extern "C"
{ by the simple expedient of not *having* extern "C" {.
(cherry picked from commit 4584b9d1d3)
The extern declaration must be put outside the ifdef to match the
closing statement as well as surrounding al the functions.
Fixes: 2820156fbd (Move still *more* headers outside of extern "C".)
(cherry picked from commit 9ca121bcf8)
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
(cherry picked from commit 2820156fbd)
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
(cherry picked from commit e434d404d0)