s1ap.cnf:547:14: error: variable 'subtree' set but not used
Change-Id: I84a345709b1ef9688f3f1a4e876a75dd575c1c2e
Reviewed-on: https://code.wireshark.org/review/5299
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This improvement avoids use of deallocated memory (crash) if using a
deregistered field in display filter, color filter, custom column and
other cases when the field is used as "interesting field".
This functionality is currently used in http, imf and ldap preferences.
Also removed unused proto_registrar_n() as this does not work correctly
after deregistering fields.
Change-Id: I043e3bf7a98bd773c9801e712a012d1eab8a7f94
Reviewed-on: https://code.wireshark.org/review/5161
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
Remove deprecated APIs while at it.
Change-Id: I002ed4a696782caaeeb70a3e4ced4ae81f3d5372
Reviewed-on: https://code.wireshark.org/review/4983
Reviewed-by: Anders Broman <a.broman58@gmail.com>
message type an IE was sent in. Needed to dissect proprietarry data.
Change-Id: Ie75a2f6a544cb33e22c42457b0edd83e6456bfe5
Reviewed-on: https://code.wireshark.org/review/4910
Reviewed-by: Anders Broman <a.broman58@gmail.com>
for the private OID.
Change-Id: Ibb86d8523f1aee14ba1a843ec3ad4becc7729013
Reviewed-on: https://code.wireshark.org/review/4893
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I'm not sure why the check is only for alphabetical characters; if
that's correct, change this to use g_ascii_isalpha, and change
is_printable_ascii to is_ascii_alpha or something such as that.
Don't use ctype.h routines, as they are locale-dependent.
Change-Id: I61d0672350d35ad918e95d7e96ed5dd263102da9
Reviewed-on: https://code.wireshark.org/review/4805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I57a01eacaa02e45c23bb4827ae982c897fb308ee
Reviewed-on: https://code.wireshark.org/review/4592
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 10547
Change-Id: I4708fd9977e635c66ef1350ce5098520e4c2ce1e
Reviewed-on: https://code.wireshark.org/review/4579
Reviewed-by: Michael Mann <mmann78@netscape.net>
the mpeg-pes dissector replaced source or destination address with
decoding timestamp, presentation timestamp or pack data rate
these values don't belong into address columns and erase the IP
addresses when mpeg-pes is transmitted over IP
the timestamps etc can be displayed in a user-defined column if required
this patch is part of
Bug: 10505
Change-Id: I1bf561648f848eb18818862edd138724abfc8e88
Reviewed-on: https://code.wireshark.org/review/4472
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
- Create/use extended value-strings;
- Move proto-register...() to (near) the end of the file;
- Add editor modelines and adjust whitespace as needed.
Change-Id: I7ebe6dfd62b3fb190aa1cefc9b35d40f156f11ea
Reviewed-on: https://code.wireshark.org/review/4390
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I138859ce735a9ff6541d6852dec29a13c1034c36
Reviewed-on: https://code.wireshark.org/review/4114
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
If the user turns on the "show internal BER encapsulation tokens"
preference, show them the tokens inside SNMP variable bindings.
Change-Id: Ief9040f422cb214bbff8e4cfd45a2e05c7106480
Reviewed-on: https://code.wireshark.org/review/4105
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The captured length reflects the way the capture was done; it should not
affect actual lengths used in the dissection.
Don't fetch the version until we need it; that lets us dissect more of
the packet if the previous change caused us to throw an exception trying
to fetch the version from the correct location rather than not throwing
an exception by fetching it from an incorrect location that happens to
be within the captured data.
Change-Id: I9f63afd4ef51f46c19b3afd2a651a5bb768fecaf
Reviewed-on: https://code.wireshark.org/review/4101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
So wrap the entire function in USES_APPLE_DEPRECATED_API/USES_APPLE_RST.
Change-Id: I6ae3e8ecc40bc407e6f7156ccc5d9dd8c51d650d
Reviewed-on: https://code.wireshark.org/review/3885
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only turn them off in the vicinity of those nasty cross-platform APIs.
(This also checks in the generated Kerberos dissector, which we forgot
to do in the last checkin.)
Change-Id: I5dc9162ff64afe764e37866706590ed2ed965acb
Reviewed-on: https://code.wireshark.org/review/3882
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Apple would really rather that you use their Shiny Happy Frameworks
rather than those crufty old cross-platform APIs. We are a
cross-platform program, and will use platform-specific APIs only if
there's enough benefit to doing so - and, in this case, that means
"using the platform-specific APIs on OS X and the other APIs on other
platforms", so that's two code paths to maintain, so "enough benefit"
has to outweigh the issues with that.
Change-Id: I370ba469a6f5892143d72179d15c9fe22d664fdf
Reviewed-on: https://code.wireshark.org/review/3881
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in the Diameter dissector.
This new API adds a filter for the MSISDN as well as a subtree and filter for
the Country Code.
Change-Id: Ibcbf4b5f72178b7e4af63efa7496188d608a9de7
Reviewed-on: https://code.wireshark.org/review/3760
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change-Id: I7965332ee474d10c90dfb2ef63a66f610cd6fc71
Reviewed-on: https://code.wireshark.org/review/3655
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also put back initial text indentation
Change-Id: I6fe207086018a806a258b1de2888ac0b9310aac6
Reviewed-on: https://code.wireshark.org/review/3524
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This mostly involved adding expert info capabilities to many of the dissectors so that they could correctly flag error conditions.
Only remaining proto_tree_add_text calls are in H248.cnf, which has a convoluted way of using hf_ data to make its tree.
Change-Id: I6412150c2ec1977d7fa38f3f0ed416680bdfb141
Reviewed-on: https://code.wireshark.org/review/3500
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If it's checked into asn1 or a subdirectory thereof, put it into the
distribution. (If it's not useful, why is it in Git?)
Change-Id: I4dac8a0d19a770db1513729cf71069a37f1d83fc
Reviewed-on: https://code.wireshark.org/review/3276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Include CMakeLists.txt files and the gnm subdirectory, along with the
top-level Makefile.inc and Makefile.preinc files. Don't explicitly
include Custom.make, as automake does that automatically given that it's
included by asn1/Makefile.am.
Add some files to EXTRA_DIST lists.
Move some .asn files to EXTRA_DIST; they don't need to be in SRC_FILES,
as SRC_FILES always includes EXTRA_DIST, and they *do* need to be in
EXTRA_DIST so that they're in the distribution.
Change-Id: Id91df577260fa57028d40fe098be1d79c59398e6
Reviewed-on: https://code.wireshark.org/review/3273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Without it, dual-band DF-3C feature does not work
Change-Id: I95d4a7320b77c6093f5d51efdbb2b21af0deab11
Reviewed-on: https://code.wireshark.org/review/2942
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I753ca95e2e1b38bad2c09955317e648c525e40ef
Reviewed-on: https://code.wireshark.org/review/2509
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib3a1ddc4342a7a8648d6ed8bfcb35aa229c56a27
Reviewed-on: https://code.wireshark.org/review/2445
Reviewed-by: Michael Mann <mmann78@netscape.net>
As far as I can tell these calls were just missed in the first initial pass,
they're not in a weird scope.
Close review from somebody else please to verify that!
Change-Id: Ic3188879124dcb8fdf42e79d200d4f244200aa7b
Reviewed-on: https://code.wireshark.org/review/2266
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I24fe3cc4a3589dadc4528a77fe7ff13d06b1a983
Reviewed-on: https://code.wireshark.org/review/2245
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
in that we now properly indicate the checksum and provide the wrapped token to
the LDAP dissector to dissect.
There is still a problem in that the wrong parts of the SASL packet can be
indicated when users click on some parts.
I am committing it for review and because it is much better than the current
code.
Bug:9398
Change-Id: I552fc249db26835b79abfc8793438a95f221663a
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/1905
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
as remove redundant stuff from the spnego.cnf file.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change-Id: I90a962a39dc4da0f13055c9b3893c26044f1fc97
Reviewed-on: https://code.wireshark.org/review/1809
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifbfca88469a6bc479072c921deba280e667c7087
Reviewed-on: https://code.wireshark.org/review/1804
Reviewed-by: Michael Mann <mmann78@netscape.net>
../../asn1/atn-ulcs/packet-atn-ulcs-template.c(126) : fatal error C1083: Cannot
open include file: 'stdint.h': No such file or directory
Change-Id: Id3c3082fe91a79e44abbfd4e2b2f1fc7d5c183d4
Reviewed-on: https://code.wireshark.org/review/1814
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All caught by cppcheck. The two (semi)-interesting bugs are:
- in asn1/atn-cpdlc/packet-atn-cpdlc-template.c where the break statement should
have been inside the brace, causing potential control-flow weirdness with
exceptions
- in epan/dissectors/packet-ieee80211.c where the bounds check for tag_len did
not match the expert info given
Change-Id: Ie173fb8d917aabb9b4571435d671d6f16e1c7569
Reviewed-on: https://code.wireshark.org/review/1793
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid printf warnings when loading a capture with kerberos packets
when not having configured a keytab file.
Change-Id: I0950daa18c42f4687d29101fac74f6f6bd6071b1
Reviewed-on: https://code.wireshark.org/review/1300
Reviewed-by: Evan Huus <eapache@gmail.com>
Added RFC 3244 ChangePasswdData to the kerberos dissector.
This is the last dissector using the "old BER" functions.
Change-Id: I1d79047103c07c268d08e652745391f1ac37c82c
Reviewed-on: https://code.wireshark.org/review/1198
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For S1AP PDUs that contain a cause, show that cause in the Info column.
Change-Id: Icecb8da278c16e0d47395b17b54dee6ebd7be646
Reviewed-on: https://code.wireshark.org/review/1170
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I246aa28be28194576b4bd58714b2e6ac36f7a29a
Reviewed-on: https://code.wireshark.org/review/1121
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For various string types defined in X.680, use the appropriate encoding,
or ENC_ASCII|ENC_NA in some cases where we don't have an appropriate
encoding yet.
This most significantly fixes the handling of BMPString and
UniversalString, which are supersets of ASCII (Unicode Basic
Multilingual Plane and Unicode, respectively), but don't encode ASCII
characters as single octets. It also fixes UTF8String to, well,
properly recognize UTF-8.
This also lets us get rid of the special handling of SyntaxBMPString in
X.509sat (and, in fact, *requires* us to get rid of it, as, otherwise,
the string value appears twice).
Change-Id: I325c4e71a6110278eb23b86e0d986e6439cfc328
Reviewed-on: https://code.wireshark.org/review/994
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I coincidentally found a few files with errors, so I thought it might be time to run it on the whole directory again.
Change-Id: Ia32e54b3b1b94e5a418ed758ea79807c8bc7e798
Reviewed-on: https://code.wireshark.org/review/978
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
For details see comments in Bug 9920.
The executive summary:
Bug 9920 is a crash caused by a couple of issues:
1) The memory ownership model for the rtp_dyn_payload hashtable is split: SDP
creates the rtp_dyn_payload hashtable, but RTP can free it. Since there isn't
*one* pointer to the hashtable, RTP freeing it means SDP has a dangling
pointer.
2) Either the SDP dissector shouldn't be creating two separate, unique
hashtables for multiple media channels of the same addr:port, or RTP shouldn't
be free'ing the previous one.
Change-Id: I436e67de6882f84aa82dcbdfe60bf313fe4fd99c
Reviewed-on: https://code.wireshark.org/review/918
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
the usage of variables in the h248_package_t struct.
Change-Id: Ic5419ab5c20051e56963fe8ea1728d78f95538f0
Reviewed-on: https://code.wireshark.org/review/846
Reviewed-by: Anders Broman <a.broman58@gmail.com>
../../asn1/atn-ulcs/packet-atn-ulcs-template.c(126) : fatal error C1083: Cannot
open include file: 'stdint.h': No such file or directory
Change-Id: I8825a2f0b6440ec5a4bbfb49ea5c183dd8cbf03f
Reviewed-on: https://code.wireshark.org/review/705
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added the field information for Phase 1 for the Send Routing Info
For Sm message per request of ticket 9704. Code per the suggestion of
Anders Broman. Adding Phase 1 code to GSMMAP.asn.
Did not have any data to verify that the change worked.
Change-Id: Ic387e2e12e8893abb0f453f5010909ffbfd1808c
Reviewed-on: https://code.wireshark.org/review/147
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
That just breaks too many things.
This catches the examples of that found in bug 9878. There might be
others that my grepping didn't find.
We should also have the checkAPIs.pl script check for this, so this
isn't a full fix for bug 9878.
Change-Id: I3bf6f1fc0fe8654d0f54a995e72f1966ae012f5e
Reviewed-on: https://code.wireshark.org/review/623
Reviewed-by: Guy Harris <guy@alum.mit.edu>
../../asn1/h248/packet-h248-template.c:1222:31: warning: Value stored to 'prop' is never read
if (!prop->dissector) prop = &no_param;
Change-Id: I6d380fbb5fef9dc548385b0b470aea1cb3c34df1
Reviewed-on: https://code.wireshark.org/review/301
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
restore usage in cms and pkcs12. They never got a valid value in
actx->external.direct_reference because they use another actx in this case.
This will add back the global variable in x509af, but this is needed
until we manage to pass the value in another way.
See comments in bug 9573.
svn path=/trunk/; revision=54975
v1.1: Personal Information Exchange Syntax:
http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
"When password integrity mode is used to protect a PFX PDU, a password
and salt are used to derive a MAC key. As with password privacy mode,
the password is a Unicode string, and the salt is a byte string."
So, not having found any other references to salts as text strings, copy
it with tvb_memdup(), not tvb_get_string().
svn path=/trunk/; revision=54893
as a string if every byte in it is a printable ASCII character, it's
ASCII. Use tvb_get_string_enc() with an appropriate encoding.
svn path=/trunk/; revision=54889
Constify.
For routines that manipulate sequences of 8-bit bytes, have them take
guint8 pointers rather than void pointers.
Don't cast away constness.
svn path=/trunk/; revision=54795
dissector for Novell's PKIS certificate extensions
from me
clean up the $Id$ tags
remove packet-pkis(-template).h
remove ASN.1 definitions that cause compiler warnings
(OID, SecurityLabelType2)
move the dissector to the clean ASN.1 dissectors
support CMake build
change the name to novell_pkis
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9597
svn path=/trunk/; revision=54508
bytestring_to_ep_str (now deprecated). Use the new one in a few obvious places.
Also just print directly to the buffer when loading ethernet addresses for
resolution. The straight-to-buffer bytes_to_hexstr seems useful, maybe it
shouldn't be in a private header...
svn path=/trunk/; revision=54270
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
tvb_get_unicode_string(). If there's an indication that the encoding is
UCS-2, use that, otherwise use UTF-16. (For example, "BMP" stands for
"Basic Multilingual Plane", which is the part of Unicode that can be
encoded in 16 bits, hence UCS-2.)
In the description of the "Use Heuristics for UDP" preference for the
XML dissector, note that it's not just trying to recognize XML in UCS-2,
it's trying to recognize XML in *big-endian* UCS-2.
svn path=/trunk/; revision=54245
(Arguably it's the responsibility of the dissector passing this information to set the signature correctly so if there's an invalid signature, the bug is with the calling dissector and not with the one receiving the invalid signature.)
svn path=/trunk/; revision=53964
Note: We *might* want to do _something_ but that _something_ should be well-defined and consistent across all dissectors. Previously, some dissectors called proto_tree_add_text() to add some error message text to the tree, while others called DISSECTOR_ASSERT().
svn path=/trunk/; revision=53895
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
Now that "bytes consumed" can be determined, should tcp_dissect_pdus() take advantage of that?
Should tcp_dissect_pdus return length (bytes consumed)? There are many dissectors that just call tcp_dissect_pdus() then return tvb_length(tvb). Seems like that could all be rolled into one.
svn path=/trunk/; revision=53198
While it was an interesting exercise it just doesn't
work good enough to stay, i.e. it doesn't automatically
pick up changes but requires rerunning cmake instead.
svn path=/trunk/; revision=53149
The intention is to aid in the removal of pinfo->private_data use as well as static global variables in a dissector. For now, all calls to call_ber_oid_callback have the data parameter set to NULL.
svn path=/trunk/; revision=52994
- when the text parameter is constant col_add_str() and col_set_str() are equivalent but col_set_str() is faster.
- same for replace col_append_fstr and col_append_str
- remove col_clear() when it's redundant:
+ before a col_set/col_add if the dissector can't throw an exception.
- replace col_append() after a col_clear() with faster col_add... or col_set
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9344
svn path=/trunk/; revision=52948
convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
AndersBroman