Have pcapng_read_section_header_block(),
pcapng_read_section_header_block(), and pcapng_read_block() just return
errors when they get errors or get a non-SHB block; let pcap_open() turn
EOF, short read, and "bad file" into "not a pcapng file" rather than
"read error".
Change-Id: If018d21ffe3de3fe7eb1f8f2973f80f685c89274
Reviewed-on: https://code.wireshark.org/review/25601
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These binaries are not intended for end-users.
Change-Id: I1e1ecd7424bbbe1b2935390e2daf7e3f1089ee28
Reviewed-on: https://code.wireshark.org/review/25594
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Found during fuzz test that the get_mq_pdu_len can return
a 0 length pdu. Fix to at least return tvb_reported_length_remaining
Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
Reviewed-on: https://code.wireshark.org/review/25574
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - to get it in host byte order, fetch it with
pntoh32(), which fetches a 32-bit value that's in network byte order,
and isn't necessarily aligned on any particular boundary, and returns it
in host byte order.
Change-Id: Ic512ab4b1e0f2815d9f0af0e33714f456a08a45d
Reviewed-on: https://code.wireshark.org/review/25589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are events, there are reports, and there are "here's metadata that
doesn't correspond to something that happened at this point in the
capture"; IDBs and NRBs are the third type.
Change-Id: I89e4f9bf51dc1be5766e8df61c6337ed3e484577
Reviewed-on: https://code.wireshark.org/review/25587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This removes any knowledge of plugin types from
cmake/modules/WiresharkPlugin.cmake, so that it doesn't have to be
changed if we add a new plugin type. Revert to the second argument to
add_plugin_library() and install_plugin() being the subfolder.
Change-Id: I668ab90b28c73a8b12ca8e3e906b8de2f9395ca5
Reviewed-on: https://code.wireshark.org/review/25585
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way we don't have to change the script if we add new plugin
subdirectories.
Change-Id: Ic788807c723306e461b7c1f8721b48a46d4fff96
Reviewed-on: https://code.wireshark.org/review/25584
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't allow overriding of the block types we support in libwiretap - it
won't work anyway, as we check for those types first, and only look for
plugins for types we don't support.
Don't allow registering for any of the reserved types; if you aren't
going to use a local type, you have to get your type registered.
We *do* allow registering plugins for types that are registered but that
we don't support natively.
Change-Id: I2046d297b0503d3a77c83166b07ca226c0b18e82
Reviewed-on: https://code.wireshark.org/review/25583
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And also indicate that perhaps the right solution was just to close the
CID as a false positive, as Coverity doesn't have a deep enough
understanding of libnl to know that the loop isn't guaranteed to be
infinite.
Change-Id: Ieb0651c803a5939fb54f2bc68bdf8c5485dafaf2
Reviewed-on: https://code.wireshark.org/review/25582
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - copy it with memcpy() and use the result of the
copy.
For IPv6 addresses, cast the data pointer to a pointer to a *const*
ws_in6_addr, so we don't throw away constness.
Change-Id: I0e00263f594d7778c3bd9b98e4336cb201c1f3d5
Reviewed-on: https://code.wireshark.org/review/25580
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the second argument to add_plugin_library() and install_plugin() be
a plugin type - currently, either "epan" or "wiretap" - and, based on
its value, set the subfolder and required libraries in
add_plugin_library() and the subfolder in install_plugin(). If it's not
one of the known values, fail.
Change-Id: I556863772c59330d2854fbb4673f544f8359dcd2
Reviewed-on: https://code.wireshark.org/review/25579
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We now have "epan" and "wiretap" subdirectories of the plugin directory,
with the first containing libwireshark plugins and the second containing
libwiretap plugins. Look for plugins in those directories, rather than
in the top-level plugin directory.
Bug: 14389
Change-Id: Ia3bd4d27e82215207e7a7dcfc8f91042bbc61737
Reviewed-on: https://code.wireshark.org/review/25577
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dmp_long_id_hash_table is wmem_map autoreset on file scope.
Don't put there g_strdup() data.
Valgrind log:
==15134== 8 bytes in 2 blocks are definitely lost in loss record 3,988 of 49,961
==15134== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15134== by 0xA94E405: g_malloc (gmem.c:97)
==15134== by 0xA966C4E: g_strdup (gstrfuncs.c:356)
==15134== by 0x6CFC301: dissect_mts_identifier (packet-dmp.c:2684)
==15134== by 0x6D01A8F: dissect_dmp_envelope (packet-dmp.c:2935)
==15134== by 0x6D01A8F: dissect_dmp (packet-dmp.c:3909)
Found by oss-fuzz.
Change-Id: I7c3896a9b64c25035fbe8b4ef6130cd693a515db
Reviewed-on: https://code.wireshark.org/review/25575
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
See Volume 9, version 1.2, sections "6-2.7.1.1" and "7-1.1"
1. Pass Connection Point from FwdOpen to Motion dissector, since that is now needed to parse I/O payload.
2. Move Run/Idle Header function to CIP dissector, since it's a CIP feature, not ENIP.
3. Add a protocol so that Format Revision 3 can be dissected without the Forward Open in the capture.
4. Minor: Highlight more bytes in some EPATH parsing.
5. Minor: Renaming some things to match spec wording.
Change-Id: I93626a6492be2675206d38c04fa1c7ce534c04ca
Reviewed-on: https://code.wireshark.org/review/25570
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
QStrings are implictly shared as described at
http://doc.qt.io/qt-5/implicit-sharing.html. This is normally useful,
but RecentFileStatus is passed a QString before it does its work in a
separate thread.
Make a deep copy of the filename in order to ensure local ownership and
to avoid having to fool around with a QMutex (which might not be
recognized by ThreadSanitizer[1] or Helgrind[2]).
Remove getFilename since it was unused.
[1] https://github.com/google/sanitizers/issues/460
[2] http://valgrind.org/docs/manual/hg-manual.html
Change-Id: I5b5c329505ed8c02d30043a2a6d1ded625924b9f
Reviewed-on: https://code.wireshark.org/review/25572
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Valgrind report:
==642== 14 bytes in 1 blocks are definitely lost in loss record 5,705 of 49,814
==642== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==642== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==642== by 0x6D523F4: dissect_object_mapping (packet-epl.c:4216)
==642== by 0x6D56394: dissect_epl_sdo_command (packet-epl.c:3862)
==642== by 0x6D56394: dissect_epl_asnd_sdo (packet-epl.c:3572)
==642== by 0x6D59BC5: dissect_epl_asnd (packet-epl.c:3053)
==642== by 0x6D59BC5: dissect_eplpdu.part.21 (packet-epl.c:2627)
Found by oss-fuzz/5907.
Change-Id: I6f4d2cea761581260af396c848ab1fded5641b44
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5907
Reviewed-on: https://code.wireshark.org/review/25573
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Avoid turning off actionGoAutoScroll when going to the first packet
when starting a new capture.
Bug: 14257
Change-Id: I676139696cf4917b779c5fd390d7a22fb373a6b5
Reviewed-on: https://code.wireshark.org/review/25568
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
We've added more fields, increment the pre-allocation amount.
Change-Id: Ia5f1aab7a2fa120049162d17a63f99bf21a3fe37
Reviewed-on: https://code.wireshark.org/review/25566
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When debugging with at least Xcode the AUTHORS file is missing,
so ensure we don't divide by zero when this happens.
Change-Id: Idd7cdf8137998c872f80108662fbb8a133110af2
Reviewed-on: https://code.wireshark.org/review/25567
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6b05399395bcc35e59b73b4030ba4a05711a7b1a
Reviewed-on: https://code.wireshark.org/review/25565
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added support for IMS, TM, TMC2 Struct
Improve display some Flags in ID Struct
Fix display for FCNO Struct
Fix error in get_mq_pdu_len
Code reformat (VS2017)
Moved DEFINE to header file
More struct display fixed
Fix for IMS Msg len display
Change-Id: I80bfd25a5079598fc44124dc2c7b850640a38b00
Reviewed-on: https://code.wireshark.org/review/25295
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjust splash screen message used for registering dissectors when
finished fast from "Registering dissectors Registration finished"
to "Registering dissectors finished".
Change-Id: Id81cf08bb02bea0baa3ac0575b487e271641e27d
Reviewed-on: https://code.wireshark.org/review/25546
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As stated in the #if 0ed out comments, It's not valid for a
soupbintcp subdissector to call conversation_set_dissector(), so
it shouldn't call try_conversation_dissector. Just remove the
call entirely so it doesn't look like the removal is temporary.
Change-Id: I68d9b72360b52002692c369d7b202a8a215c0a96
Reviewed-on: https://code.wireshark.org/review/25555
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
On a "fast" computer this is needed to find any action which is
taking long time during startup. Without this the splash screen
may show a random action message happening before the slow action.
Also optimize splashUpdate() when nothing to update.
Change-Id: I0946353dbcf12e78323361f2cb4410c6c5605d76
Reviewed-on: https://code.wireshark.org/review/25552
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Valgrind log:
==6102== Thread 1:
==6102== 32 bytes in 1 blocks are definitely lost in loss record 24,851 of 49,782
==6102== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6102== by 0xB17B7F7: __vasprintf_chk (vasprintf_chk.c:80)
==6102== by 0xA98C2AB: vasprintf (stdio2.h:210)
==6102== by 0xA98C2AB: g_vasprintf (gprintf.c:316)
==6102== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==6102== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==6102== by 0x6A66B8C: color_filters_read_globals (color_filters.c:704)
==6102== by 0x6A66FBE: color_filters_get (color_filters.c:317)
==6102== by 0x402313: fuzz_init (fuzzshark.c:237)
==6102== by 0x40252D: LLVMFuzzerInitialize (fuzzshark.c:322)
==6102== by 0x401E33: main (StandaloneFuzzTargetMain.c:125)
Change-Id: Ibc18edff6097eca736328810c903a151ddee22bc
Reviewed-on: https://code.wireshark.org/review/25553
Tested-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
The CAN-ETH protocol explicitly states that the CAN identifiers are
transmitted in little-endian order, and the dissector now decodes it as
little-endian rather than host-endian.
Change-Id: I92c44b809caace31726e0d355363355eb32efa3e
Reviewed-on: https://code.wireshark.org/review/25549
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add UrlLinkDelegate::setColCheck, which lets you render strings as URLs
or plain text according to a regex. Use it to show Lua scripts as URLs
in the about box.
Open links on double clicks and add column checks.
Change-Id: Iaf5cd8a46a0b66a7d45079ba045ed2bbcb0ed005
Reviewed-on: https://code.wireshark.org/review/25542
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Always show the Plugins tab. We probably have plugins via extcap even if
Lua and dissector plugins are disabled. Tell the user if we don't find
any plugins.
Change-Id: I7ab1fb302298232a847193754b53688620855959
Reviewed-on: https://code.wireshark.org/review/25543
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
47e1798762 broke byte view highlighting when selecting a proto tree
item. Switch back to emitting fieldSelected from selectionChanged. Force
a new selection in selectedFieldChanged, which does what we were trying
to do in 47e1798762.
Clear our marked byte offset in the byte view when we mark a field. Emit
byteSelected whenever we click the mouse.
Don't highlight anything when a tree item is deselected. Deselect a tree
item if we click on something that's not a byte in the byte view.
Change-Id: Ibf419ccb005d69f733b2fe12ce674e1fe504bb96
Reviewed-on: https://code.wireshark.org/review/25541
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>