osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Catch attempts to write multiple encapsulation types if unsupported. 

If, in the process of opening the input file, we determine that it has
packets of more than one link-layer type, we can catch attempts to write
that file to a file of a format that doesn't support more than one
link-layer type at the time we try to open the output file.

If, however, we don't discover that the file has more than one
link-layer type until we've already created the output file - for
example, if we have a pcapng file with a new IDB, with a different
link-layer type from previous IDBs, after packet blocks for the earlier
interfces - we can't catch that until we try to write the packet.

Currently, that causes the packet's data to be written out as is, so the
output file claims it's of the file's link-layer type, causing programs
reading the file to misdissect the packet.

Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt
instead, and have a nicer error message for
WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write.

Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6
Reviewed-on: https://code.wireshark.org/review/30617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2018-11-13 19:38:12 -08:00
parent 25bbbd7c5c
commit 3aec5e1a28
14 changed files with 149 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ui/alert_box.c
View File

@ -350,6 +350,17 @@ cfile_write_failure_alert_box(const char *in_filename, const char *out_filename,
wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
simple_error_message_box(
"Frame %u%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
framenum, in_file_string,
wtap_file_type_subtype_string(file_type_subtype));
case WTAP_ERR_PACKET_TOO_LARGE:
/*
* This is a problem with the particular frame we're writing and

11
ui/failure_message.c
View File

@ -325,6 +325,17 @@ cfile_write_failure_message(const char *progname, const char *in_filename,
wtap_file_type_subtype_short_string(file_type_subtype));
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
cmdarg_err("Frame%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
in_frame_string,
wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_PACKET_TOO_LARGE:
/*
* This is a problem with the particular frame we're writing

9
wiretap/5views.c
View File

@ -348,6 +348,15 @@ static gboolean _5views_dump(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* Don't write out something bigger than we can read. */
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;

19
wiretap/btsnoop.c
View File

@ -310,6 +310,15 @@ static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/*
* Don't write out anything bigger than we can read.
* (This will also fail on a caplen of 0, as it should.)
@ -355,6 +364,16 @@ static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* Don't write out anything bigger than we can read. */
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;

9
wiretap/k12.c
View File

@ -1274,6 +1274,15 @@ static gboolean k12_dump(wtap_dumper *wdh, const wtap_rec *rec,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
if (k12->num_of_records == 0) {
k12_t* file_data = (k12_t*)pseudo_header->k12.stuff;
/* XXX: We'll assume that any fwrite errors in k12_dump_src_setting will */

9
wiretap/lanalyzer.c
View File

@ -638,6 +638,15 @@ static gboolean lanalyzer_dump(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
if (wdh->bytes_dumped + thisSize > LA_ProFileLimit) {
/* printf(" LA_ProFileLimit reached\n"); */
*err = EFBIG;

9
wiretap/libpcap.c
View File

@ -966,6 +966,15 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/*
* Don't write anything we're not willing to read.
* (The cast is to prevent an overflow.)

9
wiretap/logcat.c
View File

@ -316,6 +316,15 @@ static gboolean logcat_binary_dump(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
caplen = rec->rec_header.packet_header.caplen;
/* Skip EXPORTED_PDU*/

9
wiretap/logcat_text.c
View File

@ -449,6 +449,15 @@ static gboolean logcat_text_dump_text(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
switch (wdh->encap) {
case WTAP_ENCAP_WIRESHARK_UPPER_PDU:
{

9
wiretap/network_instruments.c
View File

@ -708,6 +708,15 @@ static gboolean observer_dump(wtap_dumper *wdh, const wtap_rec *rec,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* The captured size field is 16 bits, so there's a hard limit of
65535. */
if (rec->rec_header.packet_header.caplen > 65535) {

18
wiretap/netxray.c
View File

@ -1733,6 +1733,15 @@ netxray_dump_1_1(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* The captured length field is 16 bits, so there's a hard
limit of 65535. */
if (rec->rec_header.packet_header.caplen > 65535) {
@ -1912,6 +1921,15 @@ netxray_dump_2_0(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* Don't write anything we're not willing to read. */
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;

9
wiretap/ngsniffer.c
View File

@ -2026,6 +2026,15 @@ ngsniffer_dump(wtap_dumper *wdh, const wtap_rec *rec,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* The captured length field is 16 bits, so there's a hard
limit of 65535. */
if (rec->rec_header.packet_header.caplen > 65535) {

9
wiretap/snoop.c
View File

@ -818,6 +818,15 @@ static gboolean snoop_dump(wtap_dumper *wdh,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
if (wdh->encap == WTAP_ENCAP_ATM_PDUS)
atm_hdrsize = sizeof (struct snoop_atm_hdr);
else

9
wiretap/visual.c
View File

@ -639,6 +639,15 @@ static gboolean visual_dump(wtap_dumper *wdh, const wtap_rec *rec,
return FALSE;
}
/*
* Make sure this packet doesn't have a link-layer type that
* differs from the one for the file.
*/
if (wdh->encap != rec->rec_header.packet_header.pkt_encap) {
*err = WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
return FALSE;
}
/* Don't write anything we're not willing to read. */
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;