In commit v2.3.0rc0-117-g485bc45 (backported to v2.2.0rc0-44-g66721ca),
extcap_prefs_dynamic_vals and extcap_cleanup were added in an attempt to
address dangling pointers.
Unfortunately it is not sufficient:
- A pointer to the preference value is stored in extcap_arg and passed
to the prefs API, but this extcap_arg structure can become invalid
which result in use-after-free whenever the preference is accessed.
- On exit, a use-after-free occurs in prefs_cleanup when the preference
value is being checked.
As the preference subsystem actually manages the memory for the string
value and consumers should only provide a pointer where the value can be
stored, convert the char* field in extcap to char**. This has as
additional benefit that values are not limited to 256 bytes anymore.
extcap_cleanup is moved after epan_cleanup to ensure that prefs_cleanup
does not operate on dangling pointers.
Crash is reproducible under ASAN with: tshark -i randpkt
Ping-Bug: 12183
Change-Id: Ibf1ba1102a5633aa085dc278a12ffc05a4f4a34b
Reviewed-on: https://code.wireshark.org/review/17631
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Note that you should probably uninstall the NSIS package first if it's
installed. Set the compression level to "high".
Change-Id: I10de8df580f8410fd13cdf414db1b1812a9fcf02
Reviewed-on: https://code.wireshark.org/review/17566
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Append the length to the extension and display the contents of
unknown extensions as bytes.
Change-Id: Iba1204a1d5e187f28cb41c4369b10eeb86e6b43a
Reviewed-on: https://code.wireshark.org/review/17265
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
mkcap.c is not used in any place.
Change-Id: Ie29b2ed66bc304a5b6a19fc9128ead2958f8062a
Reviewed-on: https://code.wireshark.org/review/17610
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
wtap_get_all_file_extensions_list was renamed in v2.3.0rc0-621-g4a6dde1
ws_strtou* functions were introduced in v2.3.0rc0-544-gba981ac
get_guint32 and get_nonzero_guint32 were added in v2.3.0rc0-595-ge09b03e
Change-Id: I9aea9c48f2da03590952b995fd21cddb17532af0
Reviewed-on: https://code.wireshark.org/review/17629
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The bytes that are not part of the address are not dissected.
Added them to the tree as "unused", to have a complete dissection
of the packet.
Found by incomplete dissector check.
Change-Id: Iafffebe8bc0f8254ac0b451d007e0a99aab91924
Reviewed-on: https://code.wireshark.org/review/17608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12687
Change-Id: Ib489b4c6aff1e0611e9b8a086054e56284f24b84
Reviewed-on: https://code.wireshark.org/review/16787
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These programs resulted on a memleak report on exit.
Change-Id: I630618f50d723b7af4cb00ba29671d4e7c6fcdc2
Reviewed-on: https://code.wireshark.org/review/17623
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The version string stuff mirrors an earlier tshark change. Move some
cleanup calls (in case no packets are selected) and add wtap_close.
Change-Id: I6f282e89279a732c226824e10857be04b40841e8
Reviewed-on: https://code.wireshark.org/review/17621
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Mirrors the behavior of wtap_close.
Change-Id: I1a04878fdd0409fa74931737332f9b8a1ae77fb1
Reviewed-on: https://code.wireshark.org/review/17620
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We support reading some types of files that aren't capture files, in
case we have a dissector for that file format (because, for example,
it's often transported over HTTP). Don't include them in the set of
files "All Capture Files" matches; you can still look for them as they
have individual entries in the drop-down menu of file type patterns.
Ultimately, there should be Fileshark/TFileshark programs to read those
files - and other file types, and even capture files if the goal is to
look at the file structure rather than at the packets - and *that's* the
program that should offer the ability to load JPEGs and so on.
(No, this does not reduce the "All Capture Files" list down to a level
that makes the problem in bug 12837 go away. The right way to fix
*that* is to arrange, somehow, that the "All Capture Files" entry not
actually list all the suffixes it matches.)
Change-Id: I705bff5fcd0694c6c6a11892621a195aa7cd0264
Reviewed-on: https://code.wireshark.org/review/17619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The documentation for the [Launch]SingleAppInstance key doesn't seem
to match its behavior in that its default value (true) keeps multiple
portable instances from running, at least for us. Set it to false since
we're happy with users running as many concurrent instances as they can
stand. Set the related SinglePortableAppInstance key to false while
we're here in case its default value ever changes.
Change-Id: Iea1a6a80d5b204814b7569776734e0b0e254d657
Reviewed-on: https://code.wireshark.org/review/17616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A single name resolution checkbox was added to the file dialog way back
in 2000 in g0f7cf64. At that time it was needed because resolution was
synchronous and could drastically affect your load time. Since then
we've added asynchronous name resolution and more recently made it
mandatory (ge005bc8). We've also added more name resolution checkboxes
and other controls.
Remove the name resolution checkboxes. You can just as easily change
resolution options before or after opening a file and they take up
valuable real estate.
Combine the size and packets in the Qt and Win32 dialogs and
pretty-print the size. Combine the start and elapsed times in the Qt,
Win32, and GTK+ dialogs. This lets us shrink the custom areas of the
file dialogs even further. Make the default file type combo item more
descriptive.
Change-Id: Id770adc0f284a4c7f08ee5a7db84f8435f4bf907
Reviewed-on: https://code.wireshark.org/review/17597
Tested-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It was just a wrapper over regular HTTP dissector, which can already
pick its own ports to use.
Also some other minor cleanup related to removal.
Change-Id: I20dd37670c676551a06aaeb69fd657684af9685d
Reviewed-on: https://code.wireshark.org/review/17567
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-Manufacturer error field has 5 bytes (not 4)
-corrected two descriptions
Change-Id: Ic6f3e8fdf08c52f1d4f987410e1e0597a9f6aaed
Reviewed-on: https://code.wireshark.org/review/17575
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protocol version from a SSL/TLS record contains the minimum
supported SSL/TLS version and is the best guess for Client Hello
handshake messages if no authorative version is available.
By considering the version from the conversation for the initial
col_set_str call, we can also remove some other calls down the road.
Change-Id: I4be25f5c9057ffd0abcea7280d826867c135fed7
Reviewed-on: https://code.wireshark.org/review/17490
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Have xml_get_int() handle the setting of the two error reporting values
and give a better error message. Have it check to make sure that there
isn't cruft after the digits.
Change-Id: Id590430eb52668ef76de8aa7096a27d8fc094208
Reviewed-on: https://code.wireshark.org/review/17601
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Show the filehandle and lockowner for the callback.
Change-Id: Id09b260d4b31f8fa35ba8452dc143095e5cc88ec
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-on: https://code.wireshark.org/review/17574
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some messages related to LVB data are mistakenly treated as malformed.
This patch fixes it by checking LVB flags before parsing LVB data.
I found that "Convert lock" and "Unlock" use PUT_LVB flags, but "Proxy AST" uses GET_LVB flags.
Ping-Bug: 12122
Change-Id: I2c62c8cc9f9bd84abaf92de9f216550101962520
Reviewed-on: https://code.wireshark.org/review/17532
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
By analogy to get_natural_int() and get_positive_int(), add routines to
get a guint32 and to get a non-zero guint32, doing all the necessary
error checks, and use it.
Change-Id: I65a9ac8a3d136886df3588806ae7af5bdc7b8cb6
Reviewed-on: https://code.wireshark.org/review/17586
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- xxx-time values are not UNIX timestamps (that is a CUPS-ism - they are
time since bootup in IPP itself)
- Change all of the display strings to use the official IANA values
(confusing otherwise)
- Add support for newer value/group tags.
- Add support for all enum attribute values.
- Add request/response tracking so you can easily match things up.
- Decode octetString, rangeOfInteger, textWithLanguage, nameWithLanguage,
dateTime, and resolution values.
- Don't treat integers and enums as interchangeable (they aren't).
- Integers and enums are signed integers.
- Put operation id or status code in info column.
Change-Id: I9fb5cd89d3c386a2b3932ef4c75967ce2547bc22
Reviewed-on: https://code.wireshark.org/review/17192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Smith Kennedy <smith.kennedy@hp.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu