which could be of arbitrary length - even if it's not supposed to be! -
as a value of some other type, by adding them as a registered field,
first check to make sure the length of the field is appropriate for the
type and, if not, show a dissection error, rather than showing a
dissector-bug assertion when we call proto_tree_add_item().
This fixes a bunch of dissector-bug assertions that show up with
malformed BER-encoded packets.
Also, fix a typo, and expand a comment.
svn path=/trunk/; revision=35330
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
the data source does not need to be allocated if (!tree).
Rev 30158 took the if (!tree) check out indicating that the check was invalid.
So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().
svn path=/trunk/; revision=34717
http://seclists.org/bugtraq/2010/Sep/87 .
Unfortunately no one from the NCNIPC pen test team has contacted us or
provided a sample capture so the fix hasn't been verified.
svn path=/trunk/; revision=34111
back to and including my attempt to make it iterative. Move its guts
back into try_get_ber_length() and add a recursion level check.
This should fix CVE-2010-2284 and preserve existing behavior without
introducing any new regressions (such as bug 5000).
svn path=/trunk/; revision=33505
that out_tvb will always be set (the H.248 dissector does this, at
least). Make sure we do so. Do the same for
dissect_ber_constrained_octet_string().
svn path=/trunk/; revision=33354
GKeyFile (which is not available on Sparc Solaris) to a User Accessible
Table(UAT).
This also allows the user to manage the configuration from the Wireshark GUI
and select the associated syntax from a drop down list.
svn path=/trunk/; revision=33344
It allows the user to:
* Add names and/or syntaxes for OIDs that Wireshark doesn't natively understand
* Override the built-in OID names (e.g. change 'id-at-organization' to 'o')
* Use a special syntax, "ASN.1", that allows a value associated with an OID
to be dissected as "unknown ber". (This is a effectively a selective
version of the "Decode unexpected tags as BER encoded data" BER option.)
The configuration file is a glib key-value file, with the dotted OID used as
the group, and two keys defined, "name" and "syntax".
A configuration option is added to the BER preferences page. A single
configuration file may be specified, or a directory may be specified. If a
directory is specified, then the files with a ".oid" extension will be loaded.
An example configuration file:
[2.5.21.5]
name=attributeTypes
syntax=ASN.1
[2.5.21.6]
name=objectClasses
[2.5.21.7]
name=nameForms
[1.2.840.10040.4.3]
name=id-dsa-with-sha1
[2.5.4.6]
name=c
[2.5.4.10]
name=o
[2.5.4.11]
name=ou
[2.5.4.3]
name=cn
[1.3.32.0.2.0.4.66]
name=Unknown OID
syntax=PrintableString
[0.9.2342.19200300.100.1.10]
name=unknown dn
syntax=DistinguishedName
----
The list of known syntaxes is shown in the "Decode As ..." dialog when
examining a BER file.
svn path=/trunk/; revision=33300
Introduced some state to remember last dissected Tag/Length so that they can be recalled if an IMPLICIT tag is encountered and stripped. This allows its to be determined if the value has a constructed value - and so can be reassembled.
In this case, it is a IMPLICIT constructed OCTET STRING at the presentation layer.
Many thanks to Fred Gruman for identifying - and apologies for the delay in commiting.
svn path=/trunk/; revision=33048