AMD and UMD PDUs can be larger than 255 bytes, so the
offset should not be stored in a guint8. Otherwise,
the offset overflows and the last 256 bytes of the PDU
are added as an extra "fragment."
epan/dissectors/packet-usb-ccid.c filter= usbccid.dwFeatures.stopIccClk - mask has odd number of digits 0x100 expected max for FT_BOOLEAN is 8
epan/dissectors/packet-usb-ccid.c filter= usbccid.dwFeatures.nadValNot0accept - mask has odd number of digits 0x200 expected max for FT_BOOLEAN is 8
epan/dissectors/packet-usb-ccid.c filter= usbccid.dwFeatures.autoIfsd - mask has odd number of digits 0x400 expected max for FT_BOOLEAN is 8
display_extension_block is supposed to return the current offset,
not the number of bytes remaining. The number of bytes remaining
can be less than the current offset and cause an infinite loop.
In the case of an error, set lastheader and return the current
offset in order to break out of the main processing loop.
Fix#18711.
Instead of creating a temp file, unlinking it, and creating a fifo with
the same name, add create_tempdir() so that we can create a temporary
directory and create a fifo inside that.
This should avoid a race condition in Carbon Black Cloud antivirus,
which if the timing is right, will stat the initial temporary *file*,
miss the fact that it's been replaced with a *fifo*, and open and steal
data^W^W read from it, leaving dumpcap to contend with the truncated
remains.
Adding the unexpected magic number to cap_pipe_open_live()'s error
message helped to debug this. Leave it in since it's handy to have in
that case.
Ping #15587
Simply open and close the fifo as part of cleanup. Doing so lets dumpcap
know that the capture has finished if extcap did not open the pipe. This
is only needed on *NIX systems, because there was no hang on Windows.
Fixes#18715
3GPP TS 25.427 and TS 25.435 both say that the Payload CRC IE
may only be present if the frame contains payload for E-DCH
frames, even where the setup of the transport bearer indicated
that the CRC would be present otherwise. So if there's no payload
and the CRC is missing, treat that as missing-but-expected rather
than marking the packet as malformed.
Take the opportunity to switch to proto_tree_add_checksum, which
handles all the various cases. Ping #8859
Set the direction based on request type in a similar manner as it done
for other URB types, i.e. set source to host on URB submit. Correctly
set bus number based on locationID upper 8 bits.
Fixes#16768
Validate UTF-8 encoding for pcapng string options. To
avoid two unnecessary memory allocations for invalid strings and
make the code cleaner a new wtap_block_add_string_option_owned()
function is used.
Add UTF-8 debug check for wiretap API.
Fixes#18703.
IEEE 802.11-2020, Section 12.4.7.6 says that an SAE Confirm message,
with a status code not equal to SUCCESS, shall indicate that a peer
rejects a previously sent SAE Confirm message. In this case, the Confirm
message may not carry a Send-Confirm field or a Confirm field, as
hostapd does. So we simply ignore possible fields following Status code.
Signed-off-by: Chien Wong <m@xv97.com>
Use tvb_find_guint8 and tvb_ws_mepbrk to find the
token boundaries for www-form-urlencoded. Use tvb_memcpy
to copy groups of bytes that don't have special characters
like + or %.
This is considerably more optimized (e.g. find_guint8 uses
memchr) than the naive loop, and speeds up the relevant part
by up to 10x.
Also handle cases where value is empty and there is no =
by splitting on &, instead of looking for the next =.
Together with bd1f2cc996, fix#13779.
This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
As the QString::toLocal8Bit() documentation says,
"On Unix systems this is equivalen to toUtf8(), on Windows the systems
current code page is being used."
This is problematic for the Packet Comments dialog, since the comments
need to be UTF-8 as per the pcapng specification. Use toUtf8() instead
there and in the Import Text dialog.
Remove the toLocal8Bit() calls from the Extcap Options dialog since they
weren'nt needed.
Blind attempt at fixing #18698.
Formerly only the class specific dissectors could be registered for
bulk, control and interrupt endpoints. While this is sufficient for
major classes, there are some classes that only use one or two of
possible class/subclass/protocol triple values. Allow registering
specific triples so appropriate dissector can be automatically selected
based on CONFIGURATION DESCRIPTOR data.
Register DFU Run-Time and DFU Mode triples so user no longer needs to
manually set Decode As for USB DFU.
The expected test output is with the headers decompressed, which
we can't do without Nghttp2. (It outputs the compressed headers
if we don't have it, so we could test for that instead.)
Fix#18707
Add fragment_add_check_with_fallback() and use it in USBLL dissector
instead of fragment_add_check() to avoid last fragment retransmissions
from being treated as separate transfers. With this change, the last
fragment retransmissions are correctly grouped together with the rest
of the transfer.
Only skip single fragment reassembly if retransmission is not possible
at the protocol level, i.e. for SETUP DATA0 (when it is not merged with
OUT data) and for isochronous transfers. The reassembly must not be
skipped for other transfers (especially for full-speed bulk) because
otherwise it wouldn't be possible to group retransmissions together with
the first data packet.
Do not use DATA0/DATA1 tracking for isochronous transfers. Isochronous
data cannot be retransmitted because there are no handshakes (there is
no ACK nor NAK after isochronous data packets).
Add support for DTLS Connection ID when using Block Ciphers
with the deprecated extention type (53) from
draft-ietf-tls-dtls-connection-id-07.
Closes#18705
The loopback and unspecified addresses are repeated. Keep
only the "special purpose" field, in accordance with the
IANA registry (and unlike RFC 4291) to remove the redundancy.
Add the "Unique Local Unicast" range to address space field,
also from the IANA registry.
Unique-Local and Link-Local are still repeated in both fields.
Oh well...
Add a safeguard to limit the maximum number of iterations.
Do not allocate a new buffer for every loop iterations in a loop that
depends on the result of the decompression routine.
Either allocate the buffer once or free after use. Defensive programming
is more important than speed in this case.