proto_tree_set_text - the string was not the important part, the formatting was.
We were passing the string directly from tvb_get_ptr, but this meant that if the
packet didn't contain a null-terminator we would run off the end. Since the
string comes straight from the packet, just let _add_item handle the length
calculations etc efficiently, and set the display later.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9323
I'm a bit confused honestly why most of these are being set hidden after being
added and formatted, but at least there are no memory errors anymore.
svn path=/trunk/; revision=52979
convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 :
We can't solely rely on the port in the URI to determine whether we will be
recursively called by decode_tcp_ports(). Instead also check the conversation
entry too: if we find that we are the subdissector for this conversation
(which we might be--without the port being in our list of ports--if we
heuristically picked up the conversation or the user did Decode-As),
just bail out and dissect the payload as data.
svn path=/trunk/; revision=49623
least one fuzzed capture contains them, and using ep_strndup() to copy
the line means that the actual amount of memory allocated for the copy
will be less than the length of the line, and code that parses the line
assuming that there are value_len+1 bytes in the buffer (including the
terminating NUL), such as the current parsing code, will break.
We should really have code in Wireshark to handle counted strings, and
have those be what we extract from packets. (And we should handle
non-UTF-8/non-UTF-16 encodings, and octet sequences that aren't valid
strings for their encoding, and handle display of invalid strings and
non-printable characters, and....).
Use g_ascii_ versions of various isXXX() and to{upper,lower}(), so we
don't get surprised by the behavior of the user's locale.
svn path=/trunk/; revision=48490
traffic *without* claiming all that traffic for themselves; they might
want, instead, to register for a particular media type.
Not all traffic to or from port 3689 is DAAP - not even traffic between
two Apple machines doing media stuff (e.g., some FairPlay traffic
isn't). Register for the media type application/x-dmap-tagged, and just
say port 3689 is HTTP. This means we can get rid of the FPLY hack, as
that traffic is application/octet-stream. Update some comments.
Leave it up to the DAAP dissector to tag traffic as DAAP in the protocol
column.
svn path=/trunk/; revision=47376
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
- Now works for WebSocket packets not aligned with IP packets.
- Support subdissectors.
From me :
- Fix checkAPIs warning (about comments)
- Remove some whitespace
svn path=/trunk/; revision=45875
implicitly by the #define name and string they were defined to; not all
UATs neatly fit into any of the categories, so some of them were put
into categories that weren't obviously correct for them, and one - the
display filter macro UAT - wasn't put into any category at all (which
caused crashes when editing them, as the GUI code that handled UAT
changes from a dialog assumed the category field was non-null).
The category was, in practice, used only to decide, in the
aforementioned GUI code, whether the packet summary pane needed to be
updated or not. It also offered no option of "don't update the packet
summary pane *and* don't redissect anything", which is what would be
appropriate for the display filter macro UAT.
Replace the category with a set of fields indicating what the UAT
affects; we currently offer "dissection", which applies to most UATs
(any UAT in libwireshark presumably affects dissection at a minimum) and
"the set of named fields that exist". Changing any UAT that affects
dissection requires a redissection; changing any UAT that affects the
set of named fields that exist requires a redissection *and* rebuilding
the packet summary pane.
Perhaps we also need "filtering", so that if you change a display filter
macro, we re-filter, in case the display is currently filtered with a
display filter that uses a macro that changed.
svn path=/trunk/; revision=43603
Add WebSocket Protocol dissector (RFC6455)
* Support Base Framing Protocol
* Support of major opcode (Text, Binary, Close, Ping, Pong...)
* Support of unmask Payload (Client-to-Server Masking)
TODO
* Add fragmentation support
* Add WebSocket Extensions
svn path=/trunk/; revision=42163
Check the user-provided custom header string for invalid characters before
trying to register it in an hf; registering invalid characters in an hf will
lead to an assertion.
svn path=/trunk/; revision=41787
-- HTTP/1.1":
Any HTTP/1.1 message containing an entity-body SHOULD include a
Content-Type header field defining the media type of that body. If
and only if the media type is not given by a Content-Type field, the
recipient MAY attempt to guess the media type via inspection of its
content and/or the name extension(s) of the URL used to identify the
resource. If the media type remains unknown, the recipient SHOULD
treat it as type "application/octet-stream".
To quote section "4. Encoding of Transport Layer" of RFC 2565, "Internet
Printing Protocol/1.0: Encoding and Transport":
HTTP/1.1 [RFC2068] is the transport layer for this protocol.
...
Note: even though port 631 is the IPP default, port 80 remains the
default for an HTTP URI. Thus a URI for a printer using port 631
MUST contain an explicit port, e.g. "http://forest:631/pinetree". An
HTTP URI for IPP with no explicit port implicitly reference port 80,
which is consistent with the rules for HTTP/1.1. Each HTTP operation
MUST use the POST method where the request-URI is the object target
of the operation, and where the "Content-Type" of the message-body in
each request and response MUST be "application/ipp". The message-body
MUST contain the operation layer and MUST have the syntax described
in section 3.2 "Syntax of Encoding". A client implementation MUST
adhere to the rules for a client described for HTTP1.1 [RFC2068]. A
printer (server) implementation MUST adhere the rules for an origin
server described for HTTP1.1 [RFC2068].
So, when choosing a subdissector for HTTP request bodies, search based
on the media type first, and only if we *don't* find a dissector for the
media type, do other stuff such as heuristics or choosing a subdissector
based on the port number.
This fixes a number of problems; in particular, it fixes bug 6765
"non-IPP packets to or from port 631 are dissected as IPP" without
requiring the IPP dissector to attempt to determine whether an entity
body looks like IPP. It also ensures that the default dissector for
HTTP entity bodies, the "media" dissector, will get the media type
passed to it in pinfo->match_string.
Don't use "!str*cmp()" while we're at it - it's valid C, but the "!" can
make it look as if it's checking for something not being the case when,
in fact, you're checking for equality rather than inequality. (The
str*cmp() routines don't return Boolean results.)
svn path=/trunk/; revision=41025
[Actually 1 g_malloc() + N tvb_memcpy() instead of
~ N g_malloc()/g_free() + N*(N+1)/2 tvb_memcpy() where N = number of chunks].
svn path=/trunk/; revision=40242
Guy Harris