The string value is stored in the conversation, so use file-scoped
memory instead of g_strdup. Convert to union to save space.
Bug: 15440
Change-Id: Ie2dabfc67ac1db1cc8f864601b8395dcdec7caf8
Fixes: v2.9.0rc0-2719-g8bd0616621 ("SDP: Show callid from all call legs with the same RTP cpnversation.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11845
Reviewed-on: https://code.wireshark.org/review/31704
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN:
Direct leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x564bccf83549 in malloc (run/tshark+0x1b0549)
#1 0x7f8dd1d488d1 in g_malloc glib/glib/gmem.c:99:13
#2 0x7f8dd1d29094 in g_slice_alloc glib/glib/gslice.c:1024:11
#3 0x7f8dd1d64cde in g_hash_table_new_full glib/glib/ghash.c:717:16
#4 0x7f8dde889de6 in smb2_get_session epan/dissectors/packet-smb2.c:1135:15
#5 0x7f8dde89258e in dissect_smb2_session_setup_response epan/dissectors/packet-smb2.c:3356:16
#6 0x7f8dde8867cd in dissect_smb2_command epan/dissectors/packet-smb2.c:9189:12
#7 0x7f8dde87fb6e in dissect_smb2 epan/dissectors/packet-smb2.c:9543:27
Change-Id: I33586e8d27263a8e546efb2ee3a3054eb9a66893
Reviewed-on: https://code.wireshark.org/review/31702
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Add more Motion attributes
2. Pull out some copy-paste code into functions
3. Add some units to existing data
Change-Id: I82f112e2f8595eb904076ee758b2e7e034354243
Reviewed-on: https://code.wireshark.org/review/31680
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sscanf can consume less than 19 characters (e.g. given time format
1-1-1T1:1:1), be sure to reject such input. Fix some dead store warning
while at it.
Change-Id: I6148599048f1e89ea7aafdbdd6450574a97b22fd
Fixes: v2.9.1rc0-372-gd38f6025b0 ("nettrace: Handle beginTime with fractions of seconds.")
Reviewed-on: https://code.wireshark.org/review/31699
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include directories are no longer globally included, be explicit with
the required include directories or else function checks will fail.
Change-Id: I72d88f94854fcfe6529554f84e49d1dba696e9df
Fixes: v2.9.1rc0-436-ga3991874eb ("CMake: Replace PACKAGELIST magic")
Reviewed-on: https://code.wireshark.org/review/31693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
TS 32.298 reference TS 29.274 for decoding of CSGId,
which describes the CSGId as a unsigned int.
Change-Id: I79e7ae2ac2e997ba64e10a7351a04b421da1fc86
Reviewed-on: https://code.wireshark.org/review/31692
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the ZCL cluster id is in the range 0xFC00 .. 0xFFFF the cluster is a manufacturer specific cluster.
The information shown was 'Unknown' and should be 'Manufacturer Specific'.
Change-Id: Id3ae90aea65c6049c38df2029871fdcfc41ce565
Reviewed-on: https://code.wireshark.org/review/31668
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename ACK Block to ACK Range, merge the ACK(0x03) frame with the
ACK(0x02) frame by special casing the ECN Blocks addition. Update field
names and descriptions to match the current spec.
Bug: 13881
Change-Id: I9fb9d1f19d82bbd8323396627b773fd548a12a4c
Reviewed-on: https://code.wireshark.org/review/31688
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ping-Bug: 15416
Change-Id: I24593bdc9f2399085926724176b1a0a8197d7e1a
Reviewed-on: https://code.wireshark.org/review/31662
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the flag descriptors for options inside a set_with_meta and
del_with_meta message, whilst also adding a new flag, IS_EXPIRATION,
for only del_with_meta.
Change-Id: I2f97c5aecb618e90783a39ce026ae0feba110dfd
Reviewed-on: https://code.wireshark.org/review/31675
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'Src port' (mint.header.srcport) has a conflicting entry in its value_string: 133 is at indices 63 (trouble/dgram) and 64 (trouble/stream)
Change-Id: Ic0033e2fad7cc8338aafec6f4a32df0fbe4c3d9d
Reviewed-on: https://code.wireshark.org/review/31630
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* implement preauth hashing
keep hash state in conversation object
- preauth_hash_con for connection hash state
- preauth_hash_ses for session preauth hash state
- preauth_hash_current points to either one of the above depending
on where we are in the connection state
- store final session preauth hash in session object
store per-packet hash in the saved packet data
object (smb2_saved_info_t) and display it as generated field.
since request and responses share the same pointer, make a hash buffer
for each (preauth_hash_req, preauth_hash_res).
* implement 3.1.1 key derivation
use session preauth hash to generate the keys
* sample
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3.1.1_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:690000ac1c280000,b25a135fc3dc14269f20d7cbc8716b6b -r smb311-aes-128-ccm-filt.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option merged in Linux 4.13 kernel.
Change-Id: Iee41ef9e2dd93795a0c7953fdd1f5256fe477dd2
Reviewed-on: https://code.wireshark.org/review/31659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This will enable four tests in case_wireshark_capture on Linux, two of
them require --capture-interface to be specified.
To enable headless mode, QT_QPA_PLATFORM=minimal is set. Unfortunately
this option causes a null pointer dereference crash on macOS and it also
fails on Windows (cause not investigated). So limit it to Linux for now.
Change-Id: Id05364571b2c9da38434e611d92642a1177700df
Reviewed-on: https://code.wireshark.org/review/31664
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
* factor out duplicated code to lookup and create sessions
* we now create (potentially dummy) session object all the time, no
need for null checks.
* stash session key in session object in preparation of SMB3.1.1
decryption
Change-Id: I5499c6363abc1356fd35f22b1b8bc363dd5ec347
Reviewed-on: https://code.wireshark.org/review/31658
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
ui is required by randpkt_core, move it to its deps.
Bug: 15401
Change-Id: Ia8cfaddd220a22c1cf03ec6bf8f83f068f8d94ba
Reviewed-on: https://code.wireshark.org/review/31670
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
in preparation for SMB3.1.1 decryption we need to know the dialect
when generating the keys.
Change-Id: I68a75bfe6f85b1941a201f8f261de16dbba3dc37
Reviewed-on: https://code.wireshark.org/review/31657
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
factor out duplicated code in decrypted and plain packet to display
generated session informations.
Change-Id: Id6d1d862da753cb5dc4111ec61d1c55c6f6fd760
Reviewed-on: https://code.wireshark.org/review/31656
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
If there was no secrets type specified, say so. Otherwise, if the
secrets type wasn't valid, report the correct string as the invalid
secrets type.
Change-Id: I3cd7d419ce3577fc176a256069456c5b49e81608
Reviewed-on: https://code.wireshark.org/review/31667
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Include the current word in the filter completion list to give the
user a more complete picture of what constitutes a valid single-token
protocol name.
Bug: 15431
Change-Id: I77cfc78f19623d9aefd4441a67ed3ae72068034e
Reviewed-on: https://code.wireshark.org/review/31654
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of using "$ORIGIN/../lib" just use "$ORIGIN".
Also be explicit in configuring the relative RPATH. We don't want
to assume a default relative path, in case more targets are addded,
out of caution.
Change-Id: I3b7f5e8de7be8bb30aca3b433212113d876c4163
Reviewed-on: https://code.wireshark.org/review/31647
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
From the updates to text2pcap take the updates to the code comments and
apply them here as well. This also applies to the User Guide help texts.
Change-Id: I4e73fb1372ea0c1866c6d0fee7c14bc645fbe1b1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31636
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Building only a subset of programs is not a very common situation, it is
more likely that some feature was accidentally disabled. For that
reason, fail tests by default unless a program is explicitly permitted
to be missing.
The '-v' test is now dropped from the Travis tests, the sole reason of
adding it was to see which tests got (accidentally) skipped.
Change-Id: I725f4508541d8ed980e17d69fb7aee1ad2875d73
Reviewed-on: https://code.wireshark.org/review/31660
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I37a0cd4bb6ee419873ab05a131279c36c68a8c13
Reviewed-on: https://code.wireshark.org/review/31653
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mention some changes to aid developers and distributors.
Change-Id: Ifd33796fd3b4883275c034021d25ae9b35eef1a5
Reviewed-on: https://code.wireshark.org/review/31651
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Depending on the build location, the full source and/or build directory
is currently visible in error messages (for example, DISSECTOR_ASSERT).
Remove these to help with reproducible builds and have shorter messages.
A similar option (-fdebug-prefix-map) is also needed, but it affects
external debugging tools and is therefore better left to distributors
(Debian and Arch Linux do this for example).
Bug: 15163
Change-Id: Icd8559bef2035f295aefbfc57ba6a342bfe76a41
Reviewed-on: https://code.wireshark.org/review/31645
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>