Commit Graph

87470 Commits

Author SHA1 Message Date
Gerald Combs 46dd9c31bb Windows: Update our GnuTLS packages
Use custom-built packages with MSYS2 dependencies and add an Arm64
package. This adds duplicate iconv and intl DLLs; hopefully that won't
be an issue.
2023-05-20 19:05:01 -07:00
John Thacker 53f4f1b13d pgsql: Implement GSS-API session encryption
Implement GSS-API session encryption for PostgreSQL, with a
dissector that is called if it has been negotiated. Note
that the Kerberos decryption preference has to be set to attempt
decryption (and it won't work without loading secrets.)

Fix #19082
2023-05-20 19:10:07 -04:00
John Thacker 2155b387a8 gssapi: Remove dependency on dcerpc header
Forward declare incomplete types for the dcerpc dissector structs
used as a pointers by gssapi functions, so that dissectors that
include packet-gssapi.h no longer have to include packet-dcerpc.h
(unless actually using something from that header).
2023-05-20 18:00:13 -04:00
John Thacker 32e1750343 epan: Reference count fd_heads in reassembled_table
Sometimes the same key gets reused in a fragment reassembled_table.
In some cases this means we should be using additional key information,
like layer number, though fragment_add_seq_next can trigger this
fairly easily (and it even appears intentional with
reassemble_octet_string in packet-ber.c).

The same reassembled data is entered with multiple keys in the
reassembled table for multiple frames. In order to ensure that
data is deleted when no key refers to it anymore, but also allow
new entries to replace old keys, use reference counting.  It is
simpler than the current approach of freeing all the data at
the end when the table is destroyed, and avoids leaking data.

This is about 95% of the leaks in #19034
2023-05-20 00:29:17 +00:00
Guy Harris cb190d6839 netscaler: add more checks to make sure the record is within the page.
Whie we're at it, restructure some other checks to test-before-casting -
it's OK to test afterwards, but testing before makes it follow the
pattern used elsewhere.

Fixes #19081.
2023-05-19 16:32:53 -07:00
Timo Warns 2eb71f3e6e GNSS: make sbas_crc24q() static
make sbas_crc24q() static to limit its visibility to packet-sbas_l1.c
2023-05-19 22:13:22 +00:00
John Thacker cc2fe84bd0 TCP: Don't reassemble out of order if the segments list doesn't exist
If the OOO TCP preference is set, but the tcp analysis struct doesn't
have the OOO segments, because the preference wasn't set when it
was created, don't try to reassemble out of order.

This is an indication of dissecting in an inconsistent state, with
changed preferences but old conversation data created with the old
preference settings. Hopefully it's just a temporary dissection
from a GUI refresh.

Related to #19079
2023-05-19 17:18:24 -04:00
Gerald Combs 035f9531f3 Windows: Update our libgcrypt packages
Switch to automatically built packages and add back libgpg-error.
2023-05-19 20:11:21 +00:00
Lukas Stermann fb5e69e0be Diameter: Fix dissection of SM-RP-UI AVP 2023-05-19 19:31:57 +00:00
Gerald Combs 28fdce547c RTPS: Fixup our g_strlcpy dest_sizes
Use the proper dest_size in various g_strlcpy calls.

Fixes #19085
2023-05-19 15:58:19 +00:00
Martin Mathieson 8c834f528a Fix some more item lengths vs calls 2023-05-19 13:17:55 +00:00
John Thacker a4d6a12093 mysql: Use frame data current state
Use the current state for the given frame, not the state of
the connection, which is the most recent state from the sequential
pass through the file, not necessarily the current state for a frame
when doing random access on a later pass.
2023-05-19 12:42:06 +00:00
John Thacker 6f888c18a9 FiveCo Legacy: Fix leak
A tvbuffer from real data is not automatically freed unless made
into a child of another tvb (and in that case it would likely be
freed at the end of a packet.) Store only the real data, which is
allocated at file scope, in the file scoped table. Create a tvb
on demand in packets that need it, making it a child of the main
tvb so it gets freed.

Switch the hash table to an auto reset wmem map, eliminating the
need for an init routine.
2023-05-19 11:56:39 +00:00
Guy Harris 472fdc1645 blf: don't ws_debug the value of *data_offset on an error.
*data_offset has whatever value happens to be there, and it's not
guaranteed to have been set to any useful value, especially when the
first packet is being read.
2023-05-19 02:38:14 -07:00
Guy Harris 9eee508103 blf: plug another leak-on-error.
If inflate() fails, call inflateEnd() on the stream we initialized, to
free up any dynamically-allocated data structures attached to it.
2023-05-19 01:52:25 -07:00
Guy Harris e6a2976af6 blf: plug some leaks on read errors.
If we've allocated a buffer of compressed data or a buffer into which
we're uncompressing that data, and we get an error, free those buffers.

If we've allocated a buffer of compressed data, and we *don't* get an
error reading or uncompressing that data, free it once we're finished
uncompressing it.
2023-05-19 00:54:43 -07:00
Guy Harris f10a66999b blf: fix a case where an error wasn't being reported.
If blf_pull_logcontainer_into_memory() gets a short read when reading co
pressed data, report it as Yet Another Internal Error, so it doesn't get
treated as an EOF by callers.

Before the recent fixes, blf_pull_logcontainer_into_memory() just
returned either "success" or "failure", and the latter was always turned
into an internal error; the recent fixes let
blf_pull_logcontainer_into_memory() return more information about the
error, including returning whatever the error was from
wtap_read_bytes_or_eof(), which could be WTAP_ERR_SHORT_READ, which, as
per the above, got treated a an EOF.

This all needs much reworking, with the help of something approximating
a detailed description of the file format.
2023-05-18 23:57:43 -07:00
Guy Harris 8780332817 blf: don't assume that app text is null-terminated in the file.
When reading the text from an app text message, allocate a buffer one
byte larger than the size of the message, and set that byte to '\0'
after reading the message text, to ensure that the text is
null-terminated and can be safely handed to routines that process C
strings.

Fixes #19084.
2023-05-19 01:31:55 +00:00
John Thacker 1c45a899f8 MS-MMS: Use format_text_string()
The length of a string transcoded from UTF-16 to UTF-8 can be
shorter (or longer) than the original length in bytes in the packet.
Use the new string length, not the original length.

Use format_text_string, which is a convenience function that
calls strlen.

Fix #19086
2023-05-19 00:46:56 +00:00
Gerald Combs c76ec1eeeb GitLab CI: Fix our pre-commit check
Use $CI_COMMIT_SHA instead of HEAD.
2023-05-19 00:07:14 +00:00
Gerald Combs a7106f6e96 UI: Allow Arm64 updates on Windows 2023-05-18 23:57:59 +00:00
John Thacker 563307ff6b dumpcap: Don't write fake IDBs for pcapng interfaces
When we have multiple capture sources, for each one that is a pcapng
source and supplies its own IDBs, don't create a fake IDB with invalid
linktype WTAP_ENCAP_UNKNOWN and write it to the output file.

Instead, use the IDBs from the source, remapping them as necessary.
For non-pcapng sources, store the output IDB interface ID and write
EPBs using that, since now the input interface ID and the output
interface ID are not necessarily the same, if some of the other
sources are not pcapng.

Update the capture tests that use multiple FIFO sources, because now we
don't add two extra IDBs, one for each FIFO. Instead there are
3 * 11 == 33 total IDBs.

This prevents some various incompatibilites in Wireshark and other
tools when a file has interfaces of more than one link type, and also
has IDBs with an illegal WTAP_ENCAP_UNKNOWN link type.

Fix #19080
2023-05-18 23:42:34 +00:00
Guy Harris db5135826d vms: fix the search for the packet length field.
The packet length field is of the form

    Total Length = DDD = ^xXXX

where "DDD" is the length in decimal and "XXX" is the length in
hexadecimal.

Search for "length ". not just "Length", as we skip past "Length ", not
just "Length", so if we assume we found "Length " but only found
"Length", we'd skip past the end of the string.

While we're at it, fail if we don't find a length field, rather than
just blithely acting as if the packet length were zero.

Fixes #19083.
2023-05-18 22:41:49 +00:00
Gerald Combs 6653a0e6ef Revert "GitLab CI: Update the GitLab macOS runner info"
Temporarily switch back to the old runners until
https://gitlab.com/gitlab-org/gitlab/-/issues/412138 is cleared up.

This reverts commit 9a37a12a67.

[skip ci]
2023-05-18 15:40:44 -07:00
Gerald Combs da01f878e1 Windows: Upgrade WinSparkle to 0.8.0
Upgrade to an OpenSSL-less build of 0.8.0 and add Arm64 support.
2023-05-18 16:13:02 +00:00
Martin Mathieson 0a28e4e8aa Fix some check_typed_item_calls.py length warnings. 2023-05-18 13:45:36 +00:00
John Thacker 7c971034c3 SIP: Fix values for sip.msg_hdr and sip.msg_body
sip.msg_hdr is a FT_STRING, so adding the entire rest of the packet
and changing the length later isn't ideal. If there's a message body,
then the value of the field will also contain the body, since changing
the length of an item later doesn't change the value, just the bytes
the item covers. This means that tshark -T fields, -T pdml, -T json,
the context menu Copy->Value, a custom column, etc. all have the wrong
value.

In addition, if the message body has null characters, which is quite
possible with various media types (e.g., SMS over SIP), a spurious
_ws.string.trailing_stray_characters Expert Info item will be added
(with no obvious cause to a user.)

Also change sip.msg_body from a FT_NONE to a FT_BYTES with
BASE_NO_DISPLAY_VALUE so that the value reflects the message body
as well without affecting the lack of display label in the tree.
(Unlike the message header, the body is not guaranteed to be any
particular encoding or a string at all. For forcing interpretation
of the body as a string, the "Display Raw Text" preference of SIP
is already available.)

Fix #15136
2023-05-18 12:11:51 +00:00
Guy Harris 9ef9fbeddf dumpcap(1): update some old "pcap as default format" text.
Speak of dumpcap writing a "capture file" rather than a "pcap file".

Use .pcapng rather than .pcap as the extension in sample capture file
names.

In the description of the -i option, explicitly mention the -P option as
being overridden if more than one -i option is specified.
2023-05-18 11:45:02 +00:00
John Thacker ef0b1fe80a dumpcap: Update optional log to file
Update the (by default #ifdef'd out) capture child log to file
handling in dumpcap for the API changes in
commit 5ceb916430
2023-05-18 11:44:38 +00:00
John Thacker 2fd5e8724a TDS: Handle clients that send null version in prelogin packets
Issue #19073 has a capture where the client sends a null version
in its prelogin packet. Just ignore that.

Also for now, always use at least TDS version 7.0 if we have a
prelogin packet.
2023-05-18 10:13:00 +00:00
Jarrad Raumati e484b51779 PTPv2: Expanded IEEE 1588 clockAccuracy values
Additional clockAccuracy values from IEEE 1588-2019 supported. Closes #19072.
2023-05-18 07:14:11 +00:00
Gerald Combs 908af7f538 GitLab CI: Remove remaining 'when:always'es
They're not needed in our case.
2023-05-18 02:25:04 +00:00
John Thacker 05e404e8cb epan: Add STRING_CASE_[IN]SENSITIVE for dissector tables
The last parameter of register_dissector_table() indicates the
base for integer tables, indicates case sensitivity for string
tables, and is ignored for other tables (FT_NONE, FT_GUID).

It can be a little difficult to remember what the code is doing
when reading it, and which of 0 and 1 is sensitive and which is
insensitive (0 is sensitive, the default).

Add STRING_CASE_SENSITIVE and STRING_CASE_INSENSITIVE.
Check in tools/fix-encoding-args.pl for STRING-like tables that use
BASE_NONE, TRUE, or FALSE, and convert them to the new values.
2023-05-18 01:00:59 +00:00
Gerald Combs cd9f8da44b blf: Include errno.h
This should hopefully fix the build failures on older Linux
distributions.
2023-05-17 18:46:40 +00:00
Martin Mathieson 72e5bf7f74 check_typed_item_calls: check length against item for all calls 2023-05-17 17:58:40 +00:00
Gerald Combs 4e57e6f72e GitLab CI: Start removing when:always
We use "when: always" in a lot of places where we should probably just
use the default "when: on_success".
2023-05-17 10:26:44 -07:00
Gerald Combs 9a37a12a67 GitLab CI: Update the GitLab macOS runner info
The runner tag and VM image names for GitLab's macOS runners recently
changed. Update our config to match

https://docs.gitlab.com/ee/ci/runners/saas/macos/environment.html
2023-05-17 09:17:24 -07:00
John Thacker 7e9a0810ad SIP: Don't double count removed bindings
The Expires header field suggests an expiration interval for all
Contact header field values that do not contain the "expires"
parameter (RFC 3261, section 10.2.1.1) Contacts that contain an
"expires" parameter of 0 still have a expires parameter, and should
not be counted in the number of contacts without one.

This avoids double-counting removed bindings.

Fix #15690
2023-05-17 07:58:20 -04:00
Pascal Quantin 6fe5896174 UDS: fix some data identifier items length
Fixes #19078
2023-05-17 11:42:48 +02:00
John Thacker 8b3d214f41 epan: Update a comment
FT_UINT_STRING hasn't been FT_NSTRING_UINT8 since
commit 7c0421b146
2023-05-16 22:19:58 -04:00
Guy Harris c899be35a9 blf: add some sanity checks.
Have blf_pull_logcontainer_into_memory() return a libwiretap error code
and additional information string, including various values being
inconsistent.

(If any of those correspond to identifiable file problems, they should
be reported with WTAP_ERR_BAD_FILE and with a description more relevant
to somebody writing code to write those files.)

Fixes #19063.
2023-05-16 18:09:41 -07:00
John Thacker 8cab0daed1 Qt: Redissect packets when applying a time shift
Packet fields like tcp.time_relative, smb2.time, and SRT tables depend
on file-scoped data from other frames often computed in the first pass.
Thus redissection is necessary after applying a time shift.

Fix #18999
2023-05-16 18:30:33 -04:00
Timo Warns 27550c4d6a GNSS: add dissectors for SBAS L1 navigation messages
Add dissectors for navigation messages of the Satellite-based
Augmentation System (on L1 frequency). Includes dissectors for message
types MT1, MT2 - MT6, and MT25.
2023-05-16 19:34:12 +00:00
Guy Harris 0181fafb21 candump: check for a too-long frame length.
If the frame length is longer than the maximum, report an error in the
file.

Fixes #19062, preventing the overflow on a buffer on the stack (assuming
your compiler doesn't call a bounds-checknig version of memcpy() if the
size of the target space is known).
2023-05-16 12:05:07 -07:00
Martin Mathieson e972aebae0 5CO-RAP: try to address coverity defects 2023-05-16 18:25:41 +00:00
Gerald Combs 0694144dd5 GitLab CI: Try to keep the Documentation job from blocking
As https://docs.gitlab.com/ee/ci/yaml/index.html#allow_failure says:

"The default value for allow_failure is:

- true for manual jobs.
- false for jobs that use when: manual inside rules.
- false in all other cases."

Set "allow_failure: true" for the Documentation job.

[skip ci]
2023-05-16 11:18:39 -07:00
Martin Mathieson 60c46b74aa 5CO-RAP: Comment on or address some minor issues 2023-05-16 12:50:44 +00:00
David Perry c002bbb818 Compact view of multi-line packet comments 2023-05-16 12:40:39 +00:00
Martin Mathieson 69766b0c57 DRDA: Fix a value_string conflict (COMMIT WORK) 2023-05-16 10:49:24 +01:00
Jaap Keuter eea848bf5e sshdump: Trying to get closer to setting intended rem. capture filter
Closes #18874
2023-05-16 09:17:40 +00:00