Disallow registration of some block type values for plugins.

Don't allow overriding of the block types we support in libwiretap - it won't work anyway, as we check for those types first, and only look for plugins for types we don't support. Don't allow registering for any of the reserved types; if you aren't going to use a local type, you have to get your type registered. We *do* allow registering plugins for types that are registered but that we don't support natively. Change-Id: I2046d297b0503d3a77c83166b07ca226c0b18e82 Reviewed-on: https://code.wireshark.org/review/25583 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-02-03 16:41:13 -08:00 · 2018-02-03 16:41:13 -08:00 · 0c781eeef7
parent 3d574a4b2b
commit 0c781eeef7
2 changed files with 72 additions and 10 deletions
--- a/wiretap/pcapng.c
+++ b/wiretap/pcapng.c
@ -249,6 +249,60 @@ register_pcapng_block_type_handler(guint block_type, block_reader reader,
 {
    block_handler *handler;

+    /*
+     * Is this a known block type?
+     */
+    switch (block_type) {
+
+    case BLOCK_TYPE_SHB:
+    case BLOCK_TYPE_IDB:
+    case BLOCK_TYPE_PB:
+    case BLOCK_TYPE_SPB:
+    case BLOCK_TYPE_NRB:
+    case BLOCK_TYPE_ISB:
+    case BLOCK_TYPE_EPB:
+    case BLOCK_TYPE_SYSDIG_EVENT:
+        /*
+         * Yes; we already handle it, and don't allow a replacement to
+         * be registeted (if there's a bug in our code, or there's
+         * something we don't handle in that block, submit a change
+         * to the main Wireshark source).
+         */
+        g_warning("Attempt to register plugin for block type 0x%08x not allowed",
+            block_type);
+        return;
+
+    case BLOCK_TYPE_IRIG_TS:
+    case BLOCK_TYPE_ARINC_429:
+    case BLOCK_TYPE_SYSDIG_EVF:
+        /*
+         * Yes, and we don't already handle it.  Allow a plugin to
+         * handle it.
+         *
+         * (But why not submit the plugin source to Wireshark?)
+         */
+        break;
+
+    default:
+        /*
+         * No; is it a local block type?
+         */
+         if (!(block_type & 0x80000000)) {
+             /*
+              * No; don't allow a plugin to be registered for it, as
+              * the block type needs to be registered before it's used.
+              */
+            g_warning("Attempt to register plugin for reserved block type 0x%08x not allowed",
+                      block_type);
+            return;
+         }
+
+         /*
+          * Yes; allow the registration.
+          */
+         break;
+    }
+
    if (block_handlers == NULL) {
        /*
         * Create the table of block handlers.
--- a/wiretap/pcapng_module.h
+++ b/wiretap/pcapng_module.h
@ -9,17 +9,26 @@
 #ifndef __PCAP_MODULE_H__
 #define __PCAP_MODULE_H__

-/* Block type codes in the file */
-#define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */
-#define BLOCK_TYPE_PB  0x00000002 /* Packet Block (obsolete) */
-#define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */
-#define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */
-#define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */
-#define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */
+/*
+ * These are the officially registered block types, from the pcapng
+ * specification.
+ *
+ * XXX - Dear Sysdig People: please add your blocks to the spec!
+ */
+#define BLOCK_TYPE_SHB          0x0A0D0D0A /* Section Header Block */
+#define BLOCK_TYPE_IDB          0x00000001 /* Interface Description Block */
+#define BLOCK_TYPE_PB           0x00000002 /* Packet Block (obsolete) */
+#define BLOCK_TYPE_SPB          0x00000003 /* Simple Packet Block */
+#define BLOCK_TYPE_NRB          0x00000004 /* Name Resolution Block */
+#define BLOCK_TYPE_ISB          0x00000005 /* Interface Statistics Block */
+#define BLOCK_TYPE_EPB          0x00000006 /* Enhanced Packet Block */
+#define BLOCK_TYPE_IRIG_TS      0x00000007 /* IRIG Timestamp Block */
+#define BLOCK_TYPE_ARINC_429    0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */
 #define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */
 #define BLOCK_TYPE_SYSDIG_EVF   0x00000208 /* Sysdig Event Block with flags */
-#define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */
-/* TODO: the following are not yet well defined in the draft spec:
+
+/* TODO: the following are not yet well defined in the draft spec,
+ * and do not yet have block type values assigned to them:
 * Compression Block
 * Encryption Block
 * Fixed Length Block
@ -57,4 +66,3 @@ void register_pcapng_option_handler(guint block_type, guint option_code,
                                    option_handler_fn hfunc);

 #endif /* __PCAP_MODULE_H__ */
-