This reverts commit 9445403f95.
cf_select_packet frees the buffer backing the dissection result
(cf->edt) which results in use-after-frees when callers try to access
the contents. See for example this call trace:
* PacketList::selectionChanged
* cf_select_packet(cap_file_, row)
* frameSelected(row) -> ByteViewTab::selectedFrameChanged
* addTab(source_name, get_data_source_tvb(source))
get_data_source_tvb returns the buffer that backs the dissection and
must remain valid even after dissection has completed. If this is not
done, then a possibly expensive redissection must be done in order to
populate the byte view. The temporary memory savings are not worth it.
Bug: 15683
Change-Id: Ia5ec2c7736cdebbac3c5bf46a4e2470c9236262d
Reviewed-on: https://code.wireshark.org/review/32758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before this change Wireshark would assume there is no USB devices that
use "device" recepient (RQT_SETUP_RECIPIENT_DEVICE) in Setup stage of
USB CONTROL messages. But there are plenty of such, examples are:
FrescoLogic's FL2000 USB Display controller, Razer USB peripherals;
there are open projects that investigate protocols for them in order to
implement OSS drivers and SW stacks.
Allow dissection of USB "device" Setup CONTROL messages by treating them
in the same way as "other" or "reserved" with assumption that at least
IntefaceClass is set to UNKNWON (0xffff) which is true for at least
beforementioned FL2000 and Razer HW implementations.
Change-Id: I44f4f8cdccd973194aeda2c39c59529d531c31b2
Reviewed-on: https://code.wireshark.org/review/32626
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reported by Helge Magnus Keck
Change-Id: If0aae0879d52a2516642d162395795c05c28b9b9
Reviewed-on: https://code.wireshark.org/review/32736
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reported by Helge Magnus Keck
Change-Id: Ia96521920b3108f2d5867c9392fd93210ac99d37
Reviewed-on: https://code.wireshark.org/review/32735
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most code that reads from a capture_file already has its own wtap_rec
and Buffer; change the remaining ones to do so as well.
Change-Id: I9b7c136642bbb375848c37ebe23c9cdeffe830c3
Reviewed-on: https://code.wireshark.org/review/32732
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When adding generated IID and OID bytes to the tree, use a zero offset
and length like we do elsewhere in the dissector.
Bug: 15617
Change-Id: Id900f2aeeef7926706b417622d452ffa72949e8a
Reviewed-on: https://code.wireshark.org/review/32698
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
That's just noise, especially if the signal is SIGINT.
Change-Id: I97df2396d60280e5978f637ec3bb8f93966674b8
Reviewed-on: https://code.wireshark.org/review/32718
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Catch signals/ctrl events when we're reading a capture, and stop reading
if we get one of those. When we close a print stream, restore the color
as appropriate.
Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72
Ping-Bug: 15659
Reviewed-on: https://code.wireshark.org/review/32716
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add defines for AKMS and use instead of magic values in code.
Change-Id: Ib40b88836d58b0e16dae9a2eacfdee67344bc6d8
Reviewed-on: https://code.wireshark.org/review/32712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put the pass 1 of a two-pass read, pass 2 of a two-pass read, and only
pass of a one-pass read into separate routines, returning success/read
error/write error status codes.
This makes the processing a bit cleaner, and makes it easier to have the
file-reading code catch signals/control events.
Change-Id: I58cd9e4b86f219f3afa2dc61b57f41978fc2f853
Reviewed-on: https://code.wireshark.org/review/32711
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
FT over IEEE 802.1X (SHA384) is also an FT AKMS so treat it
as such when dissecting the RSN IE. While at it replace the big
if statement with a function.
Bug: 15616
Change-Id: I9abe45a5c70bc062a9d6d8fb97226a3d0cde42b3
Reviewed-on: https://code.wireshark.org/review/32692
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The answer to the question "do we need to add hardened runtime
entitlements or exceptions?" in osx-app.sh is "yes". Update a comment
accordingly.
Change-Id: Icc6f9ed31838aa6342f405a244e726586e9c0c4d
Reviewed-on: https://code.wireshark.org/review/32703
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This adds the entitlement to everything we sign. I cannot test a more
granular approach without access to an Apple issued codesigning cert/key
pair.
Bug: 15667
Change-Id: I9fe962a06b681d33853b0944765987e21d21be2d
Reviewed-on: https://code.wireshark.org/review/32700
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reorganize the lists of accessors, with a top-level heading for the byte
order and subheadings for each size.
Also document ENC_HOST_ENDIAN.
Change-Id: I10131e399f6c90624a387c89340f77ea769ab33f
Reviewed-on: https://code.wireshark.org/review/32701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Require the POD package. Some platforms ship POD translators as a
separate package instead of shipping them with Perl.
Bug: 15513
Change-Id: Ie277f9296d06063581512bc4c2df1d3158117f2c
Reviewed-on: https://code.wireshark.org/review/32685
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The 'sign' bit was treated like a regular bit because of direct casting to a wider int type
Change-Id: Id0f095fa9bda97ecbdfc32f3610271eeea86fc2e
Reviewed-on: https://code.wireshark.org/review/32688
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PTK key derivation algorithm for WPA1 uses SHA1 not MD5.
MD5 is used for MIC only.
To avoid regression also add a decrypt test for WPA1 with
GTK rekeying.
Change-Id: Iabcf40c2f74d5dbc1d72cba0718c77020d97f61f
Fixes: v3.1.0rc0-342-g9cf77ec5e1 ("ieee80211: Support decrypting WPA3-Personal / SAE captures")
Reviewed-on: https://code.wireshark.org/review/32691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Updates some information elements according to
https://www.iana.org/assignments/ipfix/ipfix.xhtml
Adds support for RFC8549
Change-Id: Ic4129df7cfeccd86a7bfb40cbc7181559b85fe50
Reviewed-on: https://code.wireshark.org/review/32690
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For Windows:
Don't use ws_isatty() - which is a wrapper around _isatty() - to
determine whether the output is to a Windows console or not; it returns
a non-zero value for *any* character device, not just a console.
Instead, use a console API; if it succeeds, it's a console, otherwise it
isn't.
If we're writing to a console, and the
ENABLE_VIRTUAL_TERMINAL_PROCESSING flag is set, or it isn't set but we
can set it, assume the console supports the escape sequences that
request 24-bit color, and use them.
For UN*X:
We can isatty() to determine if the output is to a terminal, as it
doesn't check for character special files, it specifically checks for
terminals (which, in practice, means "device that supports one of the
ioctls to get terminal modes" in most if not all cases; that covers
serial lines, pseudo-ttys, and perhaps some other devices).
Only use the 24-bit color escape sequences if the COLORTERM environment
variable is set to "truecolor" or "24bit".
Bug: 15659
Change-Id: I673667b86bd6b2ab48c06e00ed16b537d6723453
Reviewed-on: https://code.wireshark.org/review/32689
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Disable the following warnings:
../epan/oids_test.c:33:68: warning: initialization of a flexible array member [-Wpedantic]
../epan/oids_test.c:34:57: warning: initialization of a flexible array member [-Wpedantic]
../epan/oids_test.c:38:9: warning: initialization of a flexible array member [-Wpedantic]
../epan/oids_test.c:40:60: warning: initialization of a flexible array member [-Wpedantic]
../epan/oids_test.c:41:54: warning: initialization of a flexible array member [-Wpedantic]
../epan/oids_test.c:45:8: warning: initialization of a flexible array member [-Wpedantic]
../epan/oids_test.c:46:84: warning: initialization of a flexible array member [-Wpedantic]
Change-Id: I6af0d3182162a15ea6e072029a86a32c0c27c575
Reviewed-on: https://code.wireshark.org/review/32686
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Highlight the row in packet list and proto tree when mouse hovers
above the row. This mimics the behaviour on Windows.
Change-Id: I28461f9d7740269bad39893597232fe775f77a86
Reviewed-on: https://code.wireshark.org/review/32619
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The border around inactive+selected packet list items from aaba30a3
was removed in 00776f83 and 53dfec9b. Add this back again.
Use solid color in flat_style_format, no need for a gradient between
the same color.
Remove the empty default_style_format, it does not add anything.
Ping-Bug: 12010
Change-Id: I97df7147b196c73e9f6ec4b9c370ddb6bd54488a
Reviewed-on: https://code.wireshark.org/review/32676
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu