If init_progfile_dir() fails, it returns a g_mallocated string with an
error message. After printing the error message, free the string.
(cherry picked from commit c22b857942)
Close the directory handle we've opened before returning a failure
indication if pbw_load_proto_file() or load_all_files_in_dir() reports a
failure.
(cherry picked from commit f0abd29e48)
Free the path we've constructed before returning a failure indication if
pbw_load_proto_file() or load_all_files_in_dir() reports a failure.
Also, explicitly compare pbw_load_proto_file()'s return value against 0,
to make it a little clearer that it's *not* a Boolean, it's a return
code (with 0 meaning success and different non-zero values meaning
failure; if it matters *which* failure it is, we should probably have
otherwise we should just make it a Boolean).
(cherry picked from commit f1ffe7d421)
0af60377b4 added an heuristic to detect (unencrypted) padding data;
it is based on the fact that all coalesced QUIC packets must have the
same CID.
Unfortunately it doesn't work when the CID length is 0.
Treat decryption error of SH packets as a non fatal error, report them
as possible padding data misdetectd as coalesced packets and try
decrypting next traffic.
Close#17383
(cherry picked from commit 389a899a18)
When enumerating port-to-name entries, the callback to
wmem_map_foreach() gets passed:
- a key, which is the port number for the entry;
- a value, which is a pointer to a structure containing pointers to port
names for various transport protocols;
- a user data pointer.
That's sufficient (if you work around some C++ annoyances) to append a
row to a PortsModel, if the user data pointer is a pointer to the
PortsModel.
The existing code, instead, appended to a QStringList of lines (in
effect, undoing the effort of the code that read the services file and
filled in the wmem_map, re-generating a set of lines) in the callback,
and then iterated over all the lines, splitting them with blanks and
appending rows.
Looking at that made my eyeballs bleed so badly that I decided not to
spend any time figuring out why it wasn't working.
So I just make the callback just append rows, avoiding all the
string-pushing.
Fixes#17395.
(cherry picked from commit 6e95a0aa47)
Backport part of d7bdd77a4c, which adds a -t option to
tools/fuzz-test.sh which lets you specify a maximum fuzz time.
Copy over the current (as of 7c6df3848f) fuzz jobs from the master
branch.
Copy over various updates from the master branch including:
- Setting a git clone depth.
- Running manually in forks.
- Rule reuse.
- Using "extends" instead of YAML anchors.
We don't set rec.rec_header.packet_header.pack_flags, so don't set
WTAP_HAS_PACK_FLAGS in the presence flags. (Copy-and-pasteo?)
(cherry picked from commit faf2e62db8)
Make sure we have enough bytes for Length and Type fields before we read
from tvb.
Using existing msg_len for the checks.
Closes: wireshark/wireshark#17355
(cherry picked from commit fd14396972)
As noted in be2b0fc810, we need to set CMAKE_AUTO* before searching for
Qt packages when using 3.20.0 and later. However, this fails if we're
using CMake 3.9.6 or earlier. Set CMAKE_AUTO* where needed depending on
our CMake version.
Ping #17314.
(cherry picked from commit a80ea46ff7)
Conflicts:
ui/qt/CMakeLists.txt
For QT >5.11, stringWidth() uses horizontalAdvance, which gives different
(longer) widths than the old boundingRect().width() method.
Other locations use the boundRect().width() method directly, resulting
in underestimating line widths and clipping the last characters in
the byte view window.
Fix by forcing all width calculations to use stringWidth().
Closes#17087.
(cherry picked from commit 95f3d1b075)
Conflicts:
ui/qt/widgets/byte_view_text.cpp
commit 19b3376a24
("LDAP bogus malformed errors: decoding encrypted data")
introduced 2 problems:
- guint decr_len = tvb_reported_length(decr_tvb); was
always called with decr_tvb==NULL
- dissect_ldap_payload() was not called if sasl_tree is NULL,
it needs to be called even if the tree pointer are NULL
in order to have the COL_INFO setup correctly.
I guess this should also be backported to stable branches
(together with 2e6d3b571b
"LDAP: SASL Buffer doesn't include Length field")
https://gitlab.com/wireshark/wireshark/-/issues/17347
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1d623fd541)
SASL Buffer starts after the SASL Buffer Length field. Therefore
we should only mark the bytes without the Length field.
Sample capture can be found in wireshark/wireshark#15128
(cherry picked from commit 2e6d3b571b)
If the proto tree is more than 8 levels deep, the subtree_lvl array
length is extended, by allocating a new area and copying everything into
that new area. However the old array length wasn't calculated correctly,
so only part of the subtree_lvl array was copied, causing a crash after
two ptvcursor_pop_subtree() calls.
(cherry picked from commit fa483ac191)
Ensure that if using tshark -q -t e -z conv,tcp the reported
start time is relative to the epoch time and not relative to
the time of the first packet in the capture file.
Thanks to Theresa Enghardt for reporting the issue and to
Peter Lei for initialy looking into it.
(cherry picked from commit f099bd179a)
Drop in the comment from libpcap about version 1.2 (I wrote that
comment, and generously double-license it under the BSD license and the
GPL :-)).
Redo the version test as
if (!({version is one we handle}))
to match the way it's done in libpcap.
(cherry picked from commit 7de6b0822a)
- parse the number of system call arguments in a way that works for both V1 and V2 event blocks
- returned the correct error string when unable to read the nparams entry from a sysdig event block V2
(cherry picked from commit 7894b1d0ea)
Update the pcap-ng reader and sysdig event dissector to support the second version of the sysdig event block, which was introduced after Wireshark's original implementation
(cherry picked from commit fbe8d3a00f)
When tshark enables synchronous resolution of IP addresses to names,
forces calls to maxmind_db_lookup_ipv4()/_ipv6() to block-wait for the
maxmind response.
Proposed fix for #14691.
(backported from commit c0abaa06f7)
COContainerContent dissects PDInterfaceMrpDataAdjust and
PDInterfaceMrpDataAdjust dissects remaining COContainerContent
because of offset problem. Offset problem is fixed.
(cherry picked from commit ccec04ede0591a5e83d2664c26ed5cb4481a6809)
(cherry picked from commit ecbe04e0bbc6634eaa6c54968870fee61760107c)
Both subset_find_guint8() and subset_pbrk_guint8() pass the parent
tvbuff to tvb_find_guint8()/tvb_ws_mempbrk_pattern_guint8(), along with
the offset in that tvbuff.
That means that the offset they get back is relative to that tvbuff, so
it must be adjusted to be relative to the tvbuff *they* were handed.
For subsets of frame and "real data" tvbuffs, there's a single lump of
data containing the content of the subset tvbuff, so they go through the
"fast path" and get the offset correct, bypassing the broken code;
that's the vast majority of calls to those routines.
For subsets of *composite* tvbuffs, however, they don't go through the
"fast path", and this bug shows up.
This causes both crashes and misdissection of HTTP if the link-layer is
PPP with Van Jacobson compression, as the decompression uses composite
tvbuffs.
Fixes#17254 and its many soon-to-be-duplicates.
(cherry picked from commit 2ba52cdc0e)
The length specified in a TvbRange is the *actual packet length*, not
the *sliced-to* length, so use tvb_new_subset_length() to cut it short.
This fixes the fix for #15655, and addresses at least some of the issues
in #17255.
(cherry picked from commit cda18f951e)
Enable CMAKE_AUTOMOC, CMAKE_AUTOUIC, and CMAKE_AUTORCC before searching
for Qt packages. This is apparently required for CMake 3.20.0 and later.
Fixes#17314.
(cherry picked from commit be2b0fc810)
Conflicts:
ui/qt/CMakeLists.txt
* Since c3342930 we don't free anymore the entries in the files hashtables.
The cleanest solution is probably to convert these hashtables into two
wmem_map_t structures and let the wmem core handling any cleanup.
* b0f5b2c174 added supported for chained compression; the uncompressed
tvb must be freed
(cherry picked from commit e677a909e1)
IXFR and AXFR queries can have multiple DNS responses. As all responses
belong to one transaction, they have the same transaction ID.
We shouldn't handle them as retransmits.
Fix: wireshark/wireshark#17293
(cherry picked from commit 07fb47111e)
That's necessary in order to make sure that the required -D flags show
up when building code from all subdirectories.
(cherry picked from commit 3f556a6e76)
The existing stuff doesn't appear to work (I tried it on 32-bit Ubuntu
18.04, and it did *not* add any flags to the compilation, as it appeared
not to conclude that they were necessary, even though they were).
Pull in the stuff from libpcap, which *does* appear to work. (it does
so in my 32-bit Ubuntu testing).
This should fix#17301.
While we're at it, fix cppcheck.sh so that it doesn't attempt to run
cppcheck on files that have been deleted.
(cherry picked from commit 0cc59d38ab)
Here's a grab bag of trivial cleanup to the documentation. This change:
- Cleans up some comments in the asciidoctor macros which are no longer
accurate (and do not appear in the build products anyway).
- Fixes a missing space in the text "Wireshark Q&A" in the release notes.
- Allows the "docbook" backend to produce hyperlinks too... That seems to be
necessary if we want to start using our custom link macros in WSDG, which
seems like a reasonable thing to do. And fixes up a wrong variable name in
the handling of the case where we are not able to produce a hyperlink.
(cherry picked from commit 4c513fb4ab)
Guy Harris