When copying hexdumps, the newline might be missing which would result
in a capture file missing one byte in its packet. Adjust the grammar to
recognize the two trailing hexadecimal characters as a "byte".
This is safe because Flex picks the rule that matches the longest input
string. So given "01 ", it will always match all three characters. If
something like "01x" is given, then the "text" rule will be matched (as
before). Only if no more characters are available (such as at the end of
a file), then the rule will match two hexdigits.
Remove the unnecessary hexdigit rule while at it.
Change-Id: I21dc37d684d1c410ce720cb27706a6e54f87f94d
Reviewed-on: https://code.wireshark.org/review/30190
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manual documents several cases, be sure to check for them to avoid
further grammar changes from breaking expectations.
Change-Id: Ie38ecf624120a3a9297d02b4fd9b05511acf5ac9
Reviewed-on: https://code.wireshark.org/review/30189
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix an unfortunate typo that disabled all of the pcap tests. Patch the
correct capinfos output with the expected packets/datasize values and
fix the dns+icmp datasize case to match the original test.sh value.
Change-Id: I25aac4c8040c2000602753269f69f4bdc4a8a59b
Reviewed-on: https://code.wireshark.org/review/30167
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
More use of "UNIX-like" as the term for "macOS and Linux and *BSD and
Solaris and AIX and..." or, alternatively, for "not Windows".
Add Fedora as a Linux distribution for which packages are available.
Use "Windows" rather than "Win32" in more cases; "Win32" dates back to
the days when the big difference was between Boring Old 16-bit Windows
and modern shiny new 32-bit Windows, but the former is now dead and the
latter now supports both 32-bit and 64-bit machines and software. More
people have probably never heard "Win32" but are familiar with
"Windows".
*ALL* UNIX-like platforms support symlinks; Linux wasn't even the first
one, it just picked them up from the UN*Xes with which it was trying to
be compatible.
Change-Id: I254e74f0ed3c86b55d00f9e8d7b78d009b61fb5e
Reviewed-on: https://code.wireshark.org/review/30178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For completeness, make dissect_tds_error_token compatible with TDS 4.x as well
as TDS 7. It is mostly replaced by the ExtendedError token for TDS 5.0.
Change-Id: Ia01be7d417ec008f97e3310346329f07b7c79e74
Reviewed-on: https://code.wireshark.org/review/30166
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We use VS 2017, not VS 2015, for 2.6.x and development builds.
Microsoft's documentation is moving from msdn.microsoft.com to
docs.microsoft.com.
The way you download pre-2017 versions of VS has changed.
Update links to the Android, GNOME, KDE and macOS human interface
guidelines while we're at it.
Change-Id: I1a3973f76aa5b476cb906b8a8604b82d6131e9c5
Reviewed-on: https://code.wireshark.org/review/30168
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Switch from using WinMain in extcap to wmain.
Change-Id: I54fafad598f5ff74fe84a3ce3e993ac5a31188f7
Reviewed-on: https://code.wireshark.org/review/30094
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some tests used the default home directory which can have side-effects
(such as loading plugins, loading deprecated preferences). These could
cause tests to fail. Always use a sane environment to fix this.
Change getTsharkInfo to use this clean environment as well
(WIRESHARK_CONFIG_DIR does not exist with master-2.6 and would also not
propagate things like ASAN_OPTIONS=detect_leaks=0).
Change-Id: I1674f71972d35de91d191e0c29fdb59b8a0a56ce
Reviewed-on: https://code.wireshark.org/review/30165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As specified in 3GPP 38.321, in case of Long Truncated BSR CE, the UE
reports the BSR value for the LCG(s) with the logical channels having
data available for transmission following a decreasing order of the
highest priority logical channel (with or without data available for
transmission) in each of these LCG(s), and in case of equal priority,
in increasing order of LCGID.
SO we cannot make any assumption on the LCG being reported without
keeping track of the logical channel priorities currently active.
Change-Id: I148a13446e9dc035bb1bcd79cb15d8570bcefa57
Reviewed-on: https://code.wireshark.org/review/30151
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
- Groups in the SAE exchange are named
- The SAE message type is included explicitly (Commit or Confirm)
Bug: 15197
Change-Id: I8d95dd1603bbb8f46675ec66d60fd0b187787803
Reviewed-on: https://code.wireshark.org/review/30127
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 15201
Change-Id: Idc9964347c251fe7f9599b90abc760f26d85a5ba
Fixes: v2.9.0rc0-2173-g9fcb4af6b6 ("QUIC: gQUIC Q044 always use CHLO from gQUIC (with tag)")
Reviewed-on: https://code.wireshark.org/review/30160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Don't bother with versions prior to VS 2010; as of Wireshark 2.4, we
don't support them.
Show it as "Visual Studio (year)", followed by the toolchain version
(not to be confused with the compiler version - or with the Visual
Studio version!).
Do the same thing for the clang/C2 compiler; just append the clang
version stuff after that.
Indent the #if/#elif/#else/#endif to make it a little clearer how
they're nested.
Change-Id: Ib7a3af3251e6375d267b3b5da9f8e26a377ceeac
Reviewed-on: https://code.wireshark.org/review/30138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.
Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The function was documented for use with a NULL scope, but it actually
crashes since callbacks are not available for NULL scopes. git master
is unaffected, but the GTK+ protocol dialog in 2.4 and 2.6 do crash.
Bug: 14349
Change-Id: I54350e112192394797cf85eaac4f30194178d7c4
Fixes: v2.3.0rc0-2597-gb7d6cca4ae ("Add wmem_tree_destroy")
Reviewed-on: https://code.wireshark.org/review/30126
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of creating the pointers list early, defer it to the point when
a new list item is added. This avoids the need for a dummy element.
This happens to fix the memory leak in bug 14735 as well (verified with
both ASAN and valgrind).
Change-Id: I3b169dfc447bd7465d06c26e0bd9dfd4225b1307
Bug: 14735
Reviewed-on: https://code.wireshark.org/review/30115
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Observe that the "current_depth" and "len_ndr_pointer_list" just track
the length of the current singly linked list in order to insert (append)
or remove [the last] element (a linked list of lists and a linked list
of pointers respectively). Replace these callers by equivalents that do
not require explicit length tracking, internally they both have to do a
O(n) lookup anyway.
There used to be a case where "current_depth" could run out-of-sync, no
longer tracking the actual list length: when the callback (tnpd->fnct or
tnpd->callback) triggers an exception. I believe this was unintentional.
No functional change intended, but this should make further changes to
the data structures easier.
Change-Id: I3cb13aba22caa87dc7baba411cf34f47792f7bb7
Ping-Bug: 14735
Fixes: v2.5.0rc0-292-g6bd87bdd5d ("dcerpc: improve greatly the speed of processing of DCERPC packets")
Reviewed-on: https://code.wireshark.org/review/30114
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The tvb_offset method should return the offset of the buffer within the
backing tvb (ds_tvb). The currently returned non-zero offset is valid
for tvbuff_subset.c, but not for the composite TVB. The backing tvb is
the tvb itself, so the offset should be zero (or "counter" for
consistency with tvbuff_real.c and others).
This bug is observable with the capture from the bug. In tshark, the
data field in the PDML output has value "field length invalid!" and the
position attribute ("pos") is too large. With the -V option it even
crashes with a buffer overflow (read). In the GUI, the bytes tab shows
range 3199-19642 even if the data source is only 16444 bytes while the
selection should have been 0-16443.
Bug: 14466
Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679
Reviewed-on: https://code.wireshark.org/review/30124
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check to see if xz supports threads and enable them if that's the case.
Change-Id: I8a0e7100fec98e5b7d7ccd9a987f7782bf7c7512
Reviewed-on: https://code.wireshark.org/review/30137
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The identity in SIM/AKA/AKA' is IMSI (permanent identity) in some cases only.
Others contain a pseudonym or a fast reauthentication username. Dissect the
formers as flat usernames.
Bug: 15196
Change-Id: Ia4491431b6ff557a248271b743c1e37c4e6c0b24
Reviewed-on: https://code.wireshark.org/review/30129
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When the IPv6 (-6) option was specified together with either TCP (-T),
UDP (-u) or SCTP (-s/-S) option the generated packet was invalid because
an IPv4 option was implied an a wrong header was added.
Bug: 15194
Change-Id: I5a7b83d8aa3f3ad56f0c8110e598090945e60225
Reviewed-on: https://code.wireshark.org/review/30107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The purpose of this function is to check if a configuration file exists
and has at least one entry which is not a comment.
Use this when building the list of profiles where the user can copy
configuration from, to avoid listing profiles with empty files or files
with only comments.
Change-Id: If45f52025959818fb1213ffac488cd59441e9fce
Reviewed-on: https://code.wireshark.org/review/30113
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
dcerpc_hooks_init_protos is unused since v1.11.3-rc1-34-g01c8945438.
uuid_dissector_table was added in v2.1.0rc0-391-ge0e574d167 and was not
used outside the file, so mark it as static.
Change-Id: I6113fbaf1f2e2e6241b91b659711986d6e6ded66
Reviewed-on: https://code.wireshark.org/review/30116
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use a single template file for most of our program resources. Encode
our resource files as UTF-8. Add resources to extcap/*.exe.
Replace a regex with concatenation.
Change-Id: I0ed49086618127ca4fdef69272f849d8f16e4dab
Reviewed-on: https://code.wireshark.org/review/30088
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Packet 2478 in capture 15142 triggers a UAF crash since val_to_str is
packet-scoped and by the time tshark reads the column, it is destroyed.
Bug: 15142
Change-Id: If8df858c6a295fbac57c758577fb51b288e7f44a
Reviewed-on: https://code.wireshark.org/review/30104
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).
Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the pathLabel for Coloring Rules, Decode As, Display Filters
and Capture Filter. Put the absolute file path into the pathLabel
if the file exists. This aligns with UAT dialogs and frames.
Change-Id: I72bd06e31bab220de0a0ef8df99df9a4daed667c
Reviewed-on: https://code.wireshark.org/review/30089
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Valgrind found an invalid read in the capture from Bug 15173 which was
not detected by ASAN, probably because 'top' pointed to a valid stack
address. Try to catch such issues with an explicit invariant check.
Change-Id: I3e2d90f053209c133ea2edc9c7990a2fd39bd236
Ping-Bug: 15189
Reviewed-on: https://code.wireshark.org/review/30101
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As documented in epan/exceptions.h, return/goto should never be used in
a TRY/CATCH/FINALLY block as ENDTRY must be executed first. Additionally
clamp the exit code since values larger than 255 will wrap around. Use a
small value as shells typically use 128+signal for termination signals.
Verified against packet-t125.c and ftype-protocol.c while they suffered
from the return bug. Tested against packet-gssapi.c for lack of false
positives (goto with labels within the function) and against:
int main() {
TRY {
goto bar;
goto omg;
goto bar;
goto barrie;
barrie: ;
} ENDTRY;
bar: meh;
}
Change-Id: I44484add34e238e07a84fc2c74b69f50ba6dc3f3
Ping-Bug: 15189
Reviewed-on: https://code.wireshark.org/review/30097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Doing so corrupts the exceptions stack and causes crashes elsewhere.
Move the heuristics check after get_ber_identifier as dissect_t125
calls that check too.
Bug: 15189
Change-Id: I816fcd693141c5e9e2979348f58bf5a8112290da
Fixes: v2.9.0rc0-2122-gf710f21833 ("T125: Add a heuristic test case.")
Reviewed-on: https://code.wireshark.org/review/30096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Émilio Gonzalez <egg997@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
None of the current heuristics dissectors for "cotp" accept the packet,
so just skip calling subdissectors if the packet is empty.
Change-Id: Ie26f05d472b4d184d5229ceab8b143a88cc921fc
Reviewed-on: https://code.wireshark.org/review/30103
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Émilio Gonzalez <egg997@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TRY/CATCH are macros, before returning the ENDTRY block must be executed
or the weirdest crashes can occur.
Change-Id: Ic56871322f8567263e2b8a81cce5a3c7042301b7
Fixes: v2.1.0rc0-2939-g5493fe0167 ("Convert ftype-tvbuff.c to ftype-protocol.c")
Reviewed-on: https://code.wireshark.org/review/30095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When protobuf_dissect_unknown_field throws an exception,
steamdiscover_dissect_body_status will leak memory as
wmem_destroy_allocator is not called. Capture fuzz-2018-10-06-3104.pcap
from the linked bug leaks 64kiB memory in each frame 14 and 36.
Bug: 15171
Change-Id: I930d0738fde61799ab4ef2310f8ff11c1bcb032b
Fixes: v2.5.1rc0-130-g7ae954c7ac ("steam-ihs: Add dissector for the Steam IHS Discovery Protocol")
Reviewed-on: https://code.wireshark.org/review/30098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu